cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
315
Views
0
Helpful
5
Replies

Audit logons on Cisco concentrator?

whiteford
Level 1
Level 1

How can I log/audit who accesses the the VPN Cisco Concentrator 3015 from their Cisco VPN clients?

5 Replies 5

grant.maynard
Level 4
Level 4

The best way is to use RADIUS Accounting, or the not-so-god way is to use syslog.

The sslog server is logging failed logons, what I don't know where this is configured or how I can successful logons?

you can turn on or off different messages at Configuration | System | Events | General.

I've just gone into there but there is nothing obvious on how the failed logons only are being configured or captured?

Change "Events to Log" to something more verbose, such 1-4 or 1-5, and look for the kind of messages you want. Possibly ones such as:

31915 07/19/2006 09:32:04.150 SEV=4 AUTH/22 RPT=35090

User [username] Group [groupname] connected, Session Type: IPSec

Note that this is a SEV 4. You maybe don't want to see all SEV4's, so use the Event List box to change the severity level, eg:

AUTH/22, SEV(3)

then set "Events to Log" or "Events to Syslog" etc back to 1-3.

Also see the User Guide at http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a00803ef265.html

If you can download from CCO then you can get the list of events (a zip file of html) from where the VPN300 images are.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: