Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Logging VPN Authentication Attempts

Hello,

I've got a client who wants to log and be emailed about each successful/failed Cisco Easy VPN Login attempt.

Can anyone point me in the right direction of doing this?

I assume it will need to be done with something like syslog but just not sure where to start looking.

Cheers

Peter Sheridan

Everyone's tags (3)
5 REPLIES

Re: Logging VPN Authentication Attempts

Hi Peter,

You'll need the 'crypto logging session' and 'crypto logging ezvpn' commands enabled aside from the normal syslog config or setup.

Sent from Cisco Technical Support iPhone App

New Member

Re: Logging VPN Authentication Attempts

Thanks John.

After that happens, I assume something will need to be configured on the syslog server to email a user based on certain results?

Re: Logging VPN Authentication Attempts

Yes, if your syslog server supports such customized feature.

Sent from Cisco Technical Support iPhone App

New Member

Re: Logging VPN Authentication Attempts

No Worries - Leave it with me and i'll post back my results

New Member

I know this post is a year

I know this post is a year old but I have recently had to revisit this so thought I would post back my results.

What I found was that the commands 'crypto logging session' and 'crypto logging ezvpn', were not working. My understanding is that my AnyConnect system is using SSL VPN, not IPSEC, hence that is why it was not working.

I did a bit of googling and couldn't find any logging options for SSL VPN/Anyconnect. There were plenty of debug options though.

After turning on debugging for aaa using the following command, 'debug webvpn aaa', the messages below were generated.

WV-AAA: AAA authentication request sent for user: "demo"
WV-AAA: AAA Authentication Passed!
WV-AAA: AAA authentication request sent for user: "demo"
WV-AAA: AAA Authentication Failed!

This worked great, but since it was using the debug option, I would loose the logging after a reload.

Then I came across these commands

login on-failure log
login on-success log

These are more of a global option, that log not just success/failures for Webvpn but also things like SSH, Telnet sessions etc.

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: demo] [Source: UNKNOWN] [localport: 22] [Reason: Login Authentication Failed]
%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: demo] [Source: 1.1.1.1] [localport: 443]
%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: demo] [Source: 1.1.1.1] [localport: 443] [Reason: Login Authentication Failed]

Perfect! A summary of the config is below. It may not be the best way to do it, but it works for me.

!
login on-failure log
login on-success log
!         
logging trap debugging
logging 192.168.100.10
!

service timestamps debug datetime localtime
service timestamps log datetime localtime

634
Views
0
Helpful
5
Replies