[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 473
  • Last Modified:

Active VPN connections

Cisco ASA 5505
Microsoft 2008 NPS

VPN users authenticate to Cisco using AD and NPS.

Is there a tool out there that I can use to monitor connections? I want to log the VPN connections and length of time, possibly even amount of data transferred/received.

0
shankshank
Asked:
shankshank
1 Solution
 
kevinhsiehCommented:
The ASA can show you that information for active VPN sessions. Just login to the ASA using the GUI ASDM and go to monitoring VPN connections. For historical information you would need to have the ASA send syslog messages to a syslog server which can then store the raw log information and hopefully present it to you in a useful format. A basic syslog server is Kiwi <http://www.kiwisyslog.com> . You could have Kiwi email you every time a VPN connection closed, which would include session time, user, and bytes transferred, For something that shows you a useful report you would need a logging tool with a reporting feature such as LogLogin, LogRhythm, HP ArcSight, Dell SecureWorks, possibly Splunk, AlienVault, etc. Who knows, maybe someone has already written an open source tool to go through the syslog to pull out the information.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now