Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Concentrator 3000 Logging

Our enterprise uses a VPN Concentrator 3000 for our VPN access.

Is there a way to view a log history of what user connected to VPN and what IP address they were assigned?  It would be for 2 days ago which was over the weekend.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: VPN Concentrator 3000 Logging

For gathering that type of information you need to configure an external management server , syslog server and send that info to that server.


You can for example  download any freeware  syslog server like kiwi  from  http://www.kiwisyslog.com , then configure concentrator to send logs to the server.


here is how to work VPN 3k  and syslogs  etc..

http://www.cisco.com/en/US/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/Events.html


For a more fancy graphical information reporting  you can also  use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html

there are also 3rd party sofwware out there that  can gather that type of information such as firewall analyzer from manage engine - can also gather logs from Cisco VPN concentrators - vpn connections etc..
http://www.manageengine.com/products/firewall/distributed-monitoring/index.html


Regards


3 REPLIES

Re: VPN Concentrator 3000 Logging

For gathering that type of information you need to configure an external management server , syslog server and send that info to that server.


You can for example  download any freeware  syslog server like kiwi  from  http://www.kiwisyslog.com , then configure concentrator to send logs to the server.


here is how to work VPN 3k  and syslogs  etc..

http://www.cisco.com/en/US/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/Events.html


For a more fancy graphical information reporting  you can also  use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html

there are also 3rd party sofwware out there that  can gather that type of information such as firewall analyzer from manage engine - can also gather logs from Cisco VPN concentrators - vpn connections etc..
http://www.manageengine.com/products/firewall/distributed-monitoring/index.html


Regards


New Member

Re: VPN Concentrator 3000 Logging

Thanks so much for the information.

We currently do not have a syslog server setup.

Will look at your recommendations.

Thanks.

New Member

Re: VPN Concentrator 3000 Logging

I have setup a Kiwi Syslog Server.

I have added The Server IP, Port 514, and Facility 7 on VPN Concentrator Syslog Setup Page.

Under Events > General I have setup Events to Syslog for Severities 1 - 5.

Would these be the correct Syslog Settings on the VPN 3000 to be able to track user logins, alerts, etc?

I am not sure exactly what the Facility level and Severities should be set to.

610
Views
5
Helpful
3
Replies