Solved: Re: Monitoring VPN activity

cbuschini · ‎01-20-2014

Hello all,

I have couple of IKE/IPSEC VPN client connexions enabled over an ASA 5515 and I would like to log VPN activity (user login name, connection time and duration, ...) like information I can see going to "Monitoring >> VPN >> VPN Statistics >> Sessions.

Thanks for you help

Regards,

Jeff Van Houten · ‎01-30-2014

You need a reporting process for thie syslog data input. Personally, I use SPLUNK, but whatever you have, you'll need to look for syslog messages with

"%ASA-4-722051" OR "%ASA-4-113019"

(I'm using ASA 8.4.7). Messages with those identifiers indicate a login/logout.

View solution in original post

Jeff Van Houten · ‎01-20-2014

You can use the syslog feature to log.

Sent from Cisco Technical Support iPad App

cbuschini · ‎01-30-2014

Hi Jeff,

Thanks for your answer and sorry to come back so late ...

Could you please tell me more about the process :s ?

Syslog is enabled, a syslog sever catching trap from the ASA. But I don't know what else to do :s

Thanks in advance

Jeff Van Houten · ‎01-30-2014

You need a reporting process for thie syslog data input. Personally, I use SPLUNK, but whatever you have, you'll need to look for syslog messages with

"%ASA-4-722051" OR "%ASA-4-113019"

(I'm using ASA 8.4.7). Messages with those identifiers indicate a login/logout.

cbuschini · ‎01-30-2014

Thanks Jeff.

I use Syslog Wacther.

I have looked for "%ASA-4-722051" or "%ASA-4-113019" but I will get 113019 and it reffers to a disconnection ... :/

I will check around for the global list of identifiers ... and let you know

cbuschini · ‎01-30-2014

All right I found a workaround :

I looked for any messages with my username in it.

It gave me the global connection activity from the AAA user authentification 113012 to the disconnection 113019.

Thanks for you help Jeff.