04-16-2012 11:31 PM - edited 03-11-2019 03:54 PM
Hi,
i have cisco ASA5520 and i have a remote access vpn .I want to configure logging for this remote access vpn.
i want the time user connected .how log it is connected .If any error while connecting ?
Please reply ASAP.
Regards,
Prashant
04-17-2012 02:47 AM
Hi,
To my knowledge for information about users connection times / bandwith usage / etc you will need a separate software to get that information.
If not that, you will have to send the ASAs logs to a syslog server and collect and filter the data from there with some method.
I've considered configuring a some of ours ASAs only used for VPN to only send VPN related log messages (to make the syslog easier to read through and faster to filter through) but I havent still gotten into doing that. I would also have to determine if I can configure separate logging rules for different destination servers.
- Jouni
04-17-2012 03:19 AM
Hi
we do have syslog server but it takes to much of time to observe the logs.And we donot have any separate asa to configure for vpn only.
Please let us know the softaware for that info
04-17-2012 03:23 AM
Hi,
The programs/software mentioned to me when I asked our Cisco contact was Cisco Security Manager 4.1 and a third party software called Extraxi
I'd imagine using either software to their full extent will cost you.
Though I still imagine you would have other options. As I said, I havent setup any similiar setup in my own work yet.
- Jouni
04-17-2012 04:26 AM
Hi Prashant,
Assuming syslog server getting all the necessary log information from ASA and if you have a SQL server that can pull data from syslog server, you can have your dba a write a script that creats a table with all the VPN related information from syslog. The table will be populated with only related messages from ASA IP- so rest will not be included.
We did the similar implementation recently -as our management wants to know who, what time and how long remote users connected via vpn & citrix (for security reasons). We do not pull error messages into table -as we mainly need login & logout time etc. Few of the message IDs you may want to log...
%PIX|ASA-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server
> %PIX|ASA-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server
> %PIX|ASA-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server
> %PIX|ASA-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server
Check with ASA IOS version doc for proper message Ids.
This way you do not need to spend fortune except your DBA's time .
hth
MS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: