07-18-2006 07:48 AM - edited 03-09-2019 03:37 PM
How can I log/audit who accesses the the VPN Cisco Concentrator 3015 from their Cisco VPN clients?
07-18-2006 11:49 PM
The best way is to use RADIUS Accounting, or the not-so-god way is to use syslog.
07-19-2006 12:05 AM
The sslog server is logging failed logons, what I don't know where this is configured or how I can successful logons?
07-19-2006 12:26 AM
you can turn on or off different messages at Configuration | System | Events | General.
07-19-2006 12:37 AM
I've just gone into there but there is nothing obvious on how the failed logons only are being configured or captured?
07-19-2006 01:20 AM
Change "Events to Log" to something more verbose, such 1-4 or 1-5, and look for the kind of messages you want. Possibly ones such as:
31915 07/19/2006 09:32:04.150 SEV=4 AUTH/22 RPT=35090
User [username] Group [groupname] connected, Session Type: IPSec
Note that this is a SEV 4. You maybe don't want to see all SEV4's, so use the Event List box to change the severity level, eg:
AUTH/22, SEV(3)
then set "Events to Log" or "Events to Syslog" etc back to 1-3.
Also see the User Guide at http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a00803ef265.html
If you can download from CCO then you can get the list of events (a zip file of html) from where the VPN300 images are.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: