Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
825
Views
4
Helpful
4
Replies

How to configure Logging for remote access vpn

prashantrecon
Level 1
Level 1

‎04-16-2012 11:31 PM - edited ‎03-11-2019 03:54 PM

Hi,

i have cisco ASA5520 and i have a remote access vpn .I want to configure logging for this remote access vpn.

i want the time user connected .how log it is connected .If any error while connecting ?

Please reply ASAP.

Regards,

Prashant

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎04-17-2012 02:47 AM

Hi,

To my knowledge for information about users connection times / bandwith usage / etc you will need a separate software to get that information.

If not that, you will have to send the ASAs logs to a syslog server and collect and filter the data from there with some method.

I've considered configuring a some of ours ASAs only used for VPN to only send VPN related log messages (to make the syslog easier to read through and faster to filter through) but I havent still gotten into doing that. I would also have to determine if I can configure separate logging rules for different destination servers.

- Jouni

0 Helpful

prashantrecon
Level 1
Level 1
In response to Jouni Forss

‎04-17-2012 03:19 AM

Hi

we do have syslog server but it takes to much of time to observe the logs.And we donot have any separate asa to configure for vpn only.

Please let us know the softaware for that info

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to prashantrecon

‎04-17-2012 03:23 AM

Hi,

The programs/software mentioned to me when I asked our Cisco contact was Cisco Security Manager 4.1 and a third party software called Extraxi

I'd imagine using either software to their full extent will cost you.

Though I still imagine you would have other options. As I said, I havent setup any similiar setup in my own work yet.

- Jouni

mvsheik123
Level 7
Level 7
In response to Jouni Forss

‎04-17-2012 04:26 AM

Hi Prashant,

Assuming syslog server getting all the necessary log information from ASA and if you have a SQL server that can pull data from syslog server, you can have your dba a write a script that creats a table with all the VPN related information from syslog. The table will be populated with only related messages from ASA IP- so rest will not be included.

We did the similar implementation recently -as our management wants to know who, what time and how long remote users connected via vpn & citrix (for security reasons). We do not pull error messages into table -as we mainly need login & logout time etc. Few of the message IDs you may want to log...

%PIX|ASA-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server

> %PIX|ASA-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server

> %PIX|ASA-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server

> %PIX|ASA-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server

Check with ASA IOS version doc for proper message Ids.

This way you do not need to spend fortune except your DBA's time .

hth

MS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card