08-29-2008 06:28 AM - edited 02-21-2020 03:54 PM
I have been given the task of finding out when employees log on and off our VPN which terminates into a ASA5510. Is there some type of report or syslog level I need to enable?
08-29-2008 06:49 AM
You can configure the ASA to send syslogs, that indicate which users logon and which time from which IP address.
A good feature packed syslog server is "syslog-ng" which runs on Linux. If you want windows - then KiwiSyslog is good, plenty of features, but if you just want logging & search capabilites without buying it , it's ideal.
HTH>
08-29-2008 06:52 AM
Thanks for the quick reply, I will be using Kiwi syslog. Can you tell me how I can configure my ASA to log just log on's and log off's to a specific syslog? I know the ASA can be very chaty.
08-29-2008 07:01 AM
login username information can be found in:-
"debug" level, messages
7-715047,7-715075,7-715036,7-715046
TCP/UDP connection information per user can be found in:-
"info" level, messages
6-302013, 6-302014
Sadly both debug, and info levels do send high amount of traffic, but if you have bought KiwiSyslog - you can filter and save disk space!
HTH>
08-29-2008 07:04 AM
Sorry wrong info there - you can create a filter in the ASA to only send the specific logs you want....I was thinking about PIX!
08-29-2008 07:10 AM
So which filter would I create if I only wanted login's and Out's? Or how do I create that filter?
08-29-2008 07:18 AM
Never actually done it before, but looking at the command line something like:-
logging list test-log-filter message 715046
logging list test-log-filter message 715047
logging list test-log-filter message 715075
logging list test-log-filter message 715036
logging list test-log-filter level Debugging class auth
I think you will have to play with it, someother netpro's might have done this before....or you could see if there is a way to do it from the asdm?
HTH>
09-02-2008 06:44 AM
I'd be interested in knowing a solution to this too if anyone else has any ideas?
(Have tried the suggestion above but it doesn't seem to be doing it for me although hopefully its along the right lines and maybe just some further tweaking is required?)
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide