Anyconnect VPN logging

Unanswered Question
Sep 24th, 2009

Is there a way to log when users login and out of the VPN? I know with ASDM you can see currently logged on users and other stats about the sessions in progress but I need to verify if someone says "I was logged in last night working" than in fact they were. We are doing AD authentication and the IAS server logs minimal data but the time stamps don't give times logged in. It will show user logging in and then logging off at the same time. Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jatin Katyal Thu, 09/24/2009 - 08:12


Since you are using IAS server you need to configure your IAS server to track accounting information (such as logon and logoff records) to maintain records for billing purposes.

Here is a MS article to configure the same on IAS:

On the ASA, this is what you need:

Go to the tunnel-group and add this command


If you want to see online users, you may run this command on the CLI:

Show vpn-sessiondb webvpn




fortunehitech1 Thu, 09/24/2009 - 10:30

Thanks. Question on the ASA command. Do I just go into config mode and type "tunnel-group accounting-server-group"? Or just replace that with the actual group name?

Jatin Katyal Thu, 09/24/2009 - 10:37


To specify the aaa-server group for sending accounting records, use the accounting-server-group

command in tunnel-group general-attributes configuration mode. for which your users are connecting and you want accounting start-stop records.

Like this:

hostname(config)# tunnel-group xyz general

hostname(config-general)# accounting-server-group aaa-server123





This Discussion