cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
448
Views
4
Helpful
4
Replies

Monitoring IPSec Remote Access Users

nagabhushana.k
Level 1
Level 1

Hi all,

please can any one help me to know about monitoring Remote access users using ASDM. As I have observed in ASDM, it is possible to monitor users currently logged in, but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..

Thank you,

Nagabhushan

2 Accepted Solutions

Accepted Solutions

srue
Level 7
Level 7

you really need to use your logs for that.

View solution in original post

Nagabhushan, I do agree with Steven , you would need to use/implement logging.

it is possible to monitor users currently logged in

Yes you can

in ASDM goto

Home/Configuration/Monitor/VPN/Session

but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..

Since you don't have any permanent logging setup to send logs to a syslog server for that amount of time you have already lost that information from 30 days ago, you need to implement syslog .

Go over this link for monitoring, you can also filter syslog messages based on log ID number or logging severity levels

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

Jorge Rodriguez

View solution in original post

4 Replies 4

srue
Level 7
Level 7

you really need to use your logs for that.

Nagabhushan, I do agree with Steven , you would need to use/implement logging.

it is possible to monitor users currently logged in

Yes you can

in ASDM goto

Home/Configuration/Monitor/VPN/Session

but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..

Since you don't have any permanent logging setup to send logs to a syslog server for that amount of time you have already lost that information from 30 days ago, you need to implement syslog .

Go over this link for monitoring, you can also filter syslog messages based on log ID number or logging severity levels

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

Jorge Rodriguez

Syslog is the way to go. Just wanted to add something that will help on make syslog useful.

http://www.splunk.com

I use it for everything at home and work. There are free and enterprise versions.

Chad

Thank you very much for your suggestion..

Nagabhushan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: