11-22-2010 06:15 AM
Our enterprise uses a VPN Concentrator 3000 for our VPN access.
Is there a way to view a log history of what user connected to VPN and what IP address they were assigned? It would be for 2 days ago which was over the weekend.
Thanks.
Solved! Go to Solution.
11-22-2010 11:22 AM
For gathering that type of information you need to configure an external management server , syslog server and send that info to that server.
You can for example download any freeware syslog server like kiwi from http://www.kiwisyslog.com , then configure concentrator to send logs to the server.
here is how to work VPN 3k and syslogs etc..
http://www.cisco.com/en/US/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/Events.html
For a more fancy graphical information reporting you can also use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html
there are also 3rd party sofwware out there that can gather that type of information such as firewall analyzer from manage engine - can also gather logs from Cisco VPN concentrators - vpn connections etc..
http://www.manageengine.com/products/firewall/distributed-monitoring/index.html
Regards
11-22-2010 11:22 AM
For gathering that type of information you need to configure an external management server , syslog server and send that info to that server.
You can for example download any freeware syslog server like kiwi from http://www.kiwisyslog.com , then configure concentrator to send logs to the server.
here is how to work VPN 3k and syslogs etc..
http://www.cisco.com/en/US/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/Events.html
For a more fancy graphical information reporting you can also use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html
there are also 3rd party sofwware out there that can gather that type of information such as firewall analyzer from manage engine - can also gather logs from Cisco VPN concentrators - vpn connections etc..
http://www.manageengine.com/products/firewall/distributed-monitoring/index.html
Regards
11-22-2010 02:31 PM
Thanks so much for the information.
We currently do not have a syslog server setup.
Will look at your recommendations.
Thanks.
04-04-2011 12:14 PM
I have setup a Kiwi Syslog Server.
I have added The Server IP, Port 514, and Facility 7 on VPN Concentrator Syslog Setup Page.
Under Events > General I have setup Events to Syslog for Severities 1 - 5.
Would these be the correct Syslog Settings on the VPN 3000 to be able to track user logins, alerts, etc?
I am not sure exactly what the Facility level and Severities should be set to.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide