Solved

looking at Cisco ASA vpn client usage

Posted on 2008-10-16
3
340 Views
Last Modified: 2008-10-17
I currently look at raw syslog data "catchall" files to see when my vpn users have logged on, it looks like this:
3 Oct 16 2008 17:33:05 Group = groupname, Username = user, IP = xx.x.xx.xx, PHASE 1 COMPLETED
It doesn't show however, when they log off.   How can I get a quick look at 3 different vpn users and their on, off activity?

Thanks,

Patty
0
Comment
Question by:PManiace
  • 2
3 Comments
 
LVL 11

Expert Comment

by:billwharton
Comment Utility
there isn't an easy way to do this. What you'll need to do is configure snmp traps and have a syslog server set up. Then call TAC and ask them exactly what MIB's apply to vpn user conect & disconnect. They'll provide that to you and once you configure it, then you'll see syslog messages every time user connects & disconnects. However, you'll still need to read through the syslog text file and search 'usernames' in it and get info that way. Not a really graceful method
0
 

Author Comment

by:PManiace
Comment Utility
Thanks.  Who is TAC?
0
 
LVL 11

Accepted Solution

by:
billwharton earned 250 total points
Comment Utility
TAC is the Cisco technical assistance center. Do you have any support contracts for this ASA device? If not, you should call a cisco partner in your area and get smartnet support. This is necessary as if your device fails or there is a major problem, cisco would not be able to help you without a contract
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now