Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1323
Views
5
Helpful
3
Replies

VPN Concentrator 3000 Logging

Go to solution
fasteddye
Level 1
Level 1

‎11-22-2010 06:15 AM

Our enterprise uses a VPN Concentrator 3000 for our VPN access.

Is there a way to view a log history of what user connected to VPN and what IP address they were assigned?  It would be for 2 days ago which was over the weekend.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎11-22-2010 11:22 AM

For gathering that type of information you need to configure an external management server , syslog server and send that info to that server.


You can for example  download any freeware  syslog server like kiwi  from  http://www.kiwisyslog.com , then configure concentrator to send logs to the server.


here is how to work VPN 3k  and syslogs  etc..

http://www.cisco.com/en/US/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/Events.html


For a more fancy graphical information reporting  you can also  use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html

there are also 3rd party sofwware out there that  can gather that type of information such as firewall analyzer from manage engine - can also gather logs from Cisco VPN concentrators - vpn connections etc..
http://www.manageengine.com/products/firewall/distributed-monitoring/index.html


Regards


Jorge Rodriguez

View solution in original post

3 Replies 3

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎11-22-2010 11:22 AM

For gathering that type of information you need to configure an external management server , syslog server and send that info to that server.


You can for example  download any freeware  syslog server like kiwi  from  http://www.kiwisyslog.com , then configure concentrator to send logs to the server.


here is how to work VPN 3k  and syslogs  etc..

http://www.cisco.com/en/US/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/Events.html


For a more fancy graphical information reporting  you can also  use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html

there are also 3rd party sofwware out there that  can gather that type of information such as firewall analyzer from manage engine - can also gather logs from Cisco VPN concentrators - vpn connections etc..
http://www.manageengine.com/products/firewall/distributed-monitoring/index.html


Regards


Jorge Rodriguez

Go to solution
fasteddye
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎11-22-2010 02:31 PM

Thanks so much for the information.

We currently do not have a syslog server setup.

Will look at your recommendations.

Thanks.

0 Helpful

Go to solution
fasteddye
Level 1
Level 1
In response to fasteddye

‎04-04-2011 12:14 PM

I have setup a Kiwi Syslog Server.

I have added The Server IP, Port 514, and Facility 7 on VPN Concentrator Syslog Setup Page.

Under Events > General I have setup Events to Syslog for Severities 1 - 5.

Would these be the correct Syslog Settings on the VPN 3000 to be able to track user logins, alerts, etc?

I am not sure exactly what the Facility level and Severities should be set to.

0 Helpful
Customers Also Viewed These Support Documents