01-20-2014 10:01 AM
Hello all,
I have couple of IKE/IPSEC VPN client connexions enabled over an ASA 5515 and I would like to log VPN activity (user login name, connection time and duration, ...) like information I can see going to "Monitoring >> VPN >> VPN Statistics >> Sessions.
Thanks for you help
Regards,
Solved! Go to Solution.
01-30-2014 07:26 AM
You need a reporting process for thie syslog data input. Personally, I use SPLUNK, but whatever you have, you'll need to look for syslog messages with
"%ASA-4-722051" OR "%ASA-4-113019"
(I'm using ASA 8.4.7). Messages with those identifiers indicate a login/logout.
01-20-2014 09:22 PM
You can use the syslog feature to log.
Sent from Cisco Technical Support iPad App
01-30-2014 05:57 AM
Hi Jeff,
Thanks for your answer and sorry to come back so late ...
Could you please tell me more about the process :s ?
Syslog is enabled, a syslog sever catching trap from the ASA. But I don't know what else to do :s
Thanks in advance
01-30-2014 07:26 AM
You need a reporting process for thie syslog data input. Personally, I use SPLUNK, but whatever you have, you'll need to look for syslog messages with
"%ASA-4-722051" OR "%ASA-4-113019"
(I'm using ASA 8.4.7). Messages with those identifiers indicate a login/logout.
01-30-2014 09:08 AM
Thanks Jeff.
I use Syslog Wacther.
I have looked for "%ASA-4-722051" or "%ASA-4-113019" but I will get 113019 and it reffers to a disconnection ... :/
I will check around for the global list of identifiers ... and let you know
01-30-2014 10:02 AM
All right I found a workaround :
I looked for any messages with my username in it.
It gave me the global connection activity from the AAA user authentification 113012 to the disconnection 113019.
Thanks for you help Jeff.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: