Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Audit logons on Cisco concentrator?

How can I log/audit who accesses the the VPN Cisco Concentrator 3015 from their Cisco VPN clients?

5 REPLIES

Re: Audit logons on Cisco concentrator?

The best way is to use RADIUS Accounting, or the not-so-god way is to use syslog.

New Member

Re: Audit logons on Cisco concentrator?

The sslog server is logging failed logons, what I don't know where this is configured or how I can successful logons?

Re: Audit logons on Cisco concentrator?

you can turn on or off different messages at Configuration | System | Events | General.

New Member

Re: Audit logons on Cisco concentrator?

I've just gone into there but there is nothing obvious on how the failed logons only are being configured or captured?

Re: Audit logons on Cisco concentrator?

Change "Events to Log" to something more verbose, such 1-4 or 1-5, and look for the kind of messages you want. Possibly ones such as:

31915 07/19/2006 09:32:04.150 SEV=4 AUTH/22 RPT=35090

User [username] Group [groupname] connected, Session Type: IPSec

Note that this is a SEV 4. You maybe don't want to see all SEV4's, so use the Event List box to change the severity level, eg:

AUTH/22, SEV(3)

then set "Events to Log" or "Events to Syslog" etc back to 1-3.

Also see the User Guide at http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a00803ef265.html

If you can download from CCO then you can get the list of events (a zip file of html) from where the VPN300 images are.

136
Views
0
Helpful
5
Replies
CreatePlease to create content