Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Monitoring IPSec Remote Access Users

Hi all,

please can any one help me to know about monitoring Remote access users using ASDM. As I have observed in ASDM, it is possible to monitor users currently logged in, but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..

Thank you,

Nagabhushan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Gold

Re: Monitoring IPSec Remote Access Users

you really need to use your logs for that.

Re: Monitoring IPSec Remote Access Users

Nagabhushan, I do agree with Steven , you would need to use/implement logging.

it is possible to monitor users currently logged in

Yes you can

in ASDM goto

Home/Configuration/Monitor/VPN/Session

but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..

Since you don't have any permanent logging setup to send logs to a syslog server for that amount of time you have already lost that information from 30 days ago, you need to implement syslog .

Go over this link for monitoring, you can also filter syslog messages based on log ID number or logging severity levels

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

4 REPLIES
Gold

Re: Monitoring IPSec Remote Access Users

you really need to use your logs for that.

Re: Monitoring IPSec Remote Access Users

Nagabhushan, I do agree with Steven , you would need to use/implement logging.

it is possible to monitor users currently logged in

Yes you can

in ASDM goto

Home/Configuration/Monitor/VPN/Session

but what I want to monitor is users who were logged in since the firewall started (for example, 30 days)..

Since you don't have any permanent logging setup to send logs to a syslog server for that amount of time you have already lost that information from 30 days ago, you need to implement syslog .

Go over this link for monitoring, you can also filter syslog messages based on log ID number or logging severity levels

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

Silver

Re: Monitoring IPSec Remote Access Users

Syslog is the way to go. Just wanted to add something that will help on make syslog useful.

http://www.splunk.com

I use it for everything at home and work. There are free and enterprise versions.

Chad

Community Member

Re: Monitoring IPSec Remote Access Users

Thank you very much for your suggestion..

Nagabhushan

184
Views
4
Helpful
4
Replies
CreatePlease to create content