Monitoring IPSec Remote Access Users

Answered Question
Nov 19th, 2008

Hi all,

please can any one help me to know about monitoring Remote access users using ASDM. As I have observed in ASDM, it is possible to monitor users currently logged in, but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..


Thank you,

Nagabhushan

Correct Answer by JORGE RODRIGUEZ about 8 years 3 months ago

Nagabhushan, I do agree with Steven , you would need to use/implement logging.


it is possible to monitor users currently logged in


Yes you can


in ASDM goto

Home/Configuration/Monitor/VPN/Session



but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..


Since you don't have any permanent logging setup to send logs to a syslog server for that amount of time you have already lost that information from 30 days ago, you need to implement syslog .


Go over this link for monitoring, you can also filter syslog messages based on log ID number or logging severity levels

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html


Correct Answer by srue about 8 years 3 months ago

you really need to use your logs for that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Loading.
Correct Answer
srue Wed, 11/19/2008 - 07:50

you really need to use your logs for that.

Correct Answer
JORGE RODRIGUEZ Wed, 11/19/2008 - 10:11

Nagabhushan, I do agree with Steven , you would need to use/implement logging.


it is possible to monitor users currently logged in


Yes you can


in ASDM goto

Home/Configuration/Monitor/VPN/Session



but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..


Since you don't have any permanent logging setup to send logs to a syslog server for that amount of time you have already lost that information from 30 days ago, you need to implement syslog .


Go over this link for monitoring, you can also filter syslog messages based on log ID number or logging severity levels

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html


cpembleton Wed, 11/19/2008 - 16:44

Syslog is the way to go. Just wanted to add something that will help on make syslog useful.


http://www.splunk.com


I use it for everything at home and work. There are free and enterprise versions.


Chad

Actions

This Discussion