×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to configure Logging for remote access vpn

Unanswered Question
Apr 16th, 2012
User Badges:

Hi,


i have cisco ASA5520 and i have a remote access vpn .I want to configure logging for this remote access vpn.


i want the time user connected .how log it is connected .If any error while connecting ?



Please reply ASAP.


Regards,

Prashant

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jouni Forss Tue, 04/17/2012 - 02:47
User Badges:
  • Super Bronze, 10000 points or more

Hi,


To my knowledge for information about users connection times / bandwith usage / etc you will need a separate software to get that information.


If not that, you will have to send the ASAs logs to a syslog server and collect and filter the data from there with some method.


I've considered configuring a some of ours ASAs only used for VPN to only send VPN related log messages (to make the syslog easier to read through and faster to filter through) but I havent still gotten into doing that. I would also have to determine if I can configure separate logging rules for different destination servers.


- Jouni

prashantrecon Tue, 04/17/2012 - 03:19
User Badges:

Hi

we do have syslog server but it takes to much of time to observe the logs.And we donot have any separate asa to configure for vpn only.


Please let us know the softaware for that info

Jouni Forss Tue, 04/17/2012 - 03:23
User Badges:
  • Super Bronze, 10000 points or more

Hi,


The programs/software mentioned to me when I asked our Cisco contact was Cisco Security Manager 4.1 and a third party software called Extraxi


I'd imagine using either software to their full extent will cost you.


Though I still imagine you would have other options. As I said, I havent setup any similiar setup in my own work yet.


- Jouni

mvsheik123 Tue, 04/17/2012 - 04:26
User Badges:
  • Gold, 750 points or more

Hi Prashant,


Assuming syslog server getting all the necessary log information from ASA and if you have a SQL server that can pull data from syslog server, you can have your dba a write a script that creats a table with all the VPN related information from syslog. The table will be populated with only related messages from ASA IP- so rest will not be included.

We did the similar implementation recently -as our management wants to know who, what time and how long remote users connected via vpn & citrix (for security reasons). We do not pull error messages into table -as we mainly need login & logout time etc. Few of the message IDs you may want to log...


%PIX|ASA-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server

> %PIX|ASA-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server

> %PIX|ASA-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server

> %PIX|ASA-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server


Check with ASA IOS version doc for proper message Ids.


This way you do not need to spend fortune except your DBA's time .


hth

MS

Actions

This Discussion