Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 496
  • Last Modified:

Cisco PIX 506e VPN logging

Dear Experts

We are using a Cisco PIX 506e firewall. I have set up a couple of VPN user accounts so that members of staff can VPN from home and carry out any work they need on the network.

Each user has a seperate VPN username/password and then they authenticate again with their standard Active Directory username and password.

Can someone tell me if information such as what time they have VPN'd in is logged anywhere?

At the moment, the current settings in the PDM are

PDM>Configuration>Logging

Logging Setup:

Enable logging is checked

PDM Logging:

Level: Informational
Buffer: 100

Syslog:
Facility: Local4(20)
Level: Disabled

What changes do I need to make to extract the information I need?

Many thanks in advance.
0
Dilan77
Asked:
Dilan77
  • 4
  • 2
1 Solution
 
prashsaxCommented:
You need to setup the syslog server and then enable the pix logging onto it.

You can install kiwi syslog server on any windows machine.

Then you have to spceify the IP address of the Syslog server. After this select the Logging level on pix, it could be informational, debugging etc. (Informational is more than enough)

Now, you pix will log each and every thing on the syslog server. Remember and select logging mode using UDP and not TCP. As TCP mode is guranteed mode and if it can't log on syslog , pix will not allow any packet to pass.
UDP is just for information.

You can check the syslog events to tell if someone has logged into your network using VPN.
0
 
Dilan77Author Commented:
Thanks prashsax, I've set up the Kiwi Syslog server.

I'm not too sure how to filter the entries for just the VPN connections though. Do I need to check out the text file that it exports the data to and carry out
a 'search' or is there a more straightforward way?

Thanks
Dilan
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
prashsaxCommented:
You are right, you need to search for the entries of VPN authentication in the entire log file.

Or you can use some of the commercial Log Analyzer tools to read the log file.

One such tool is FireGen. Download the shareware copy of FireGen and then see if that helps.
0
 
Dilan77Author Commented:
Excellent, thanks very much.
0
 
prashsaxCommented:
ThankQ.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now