philipfarnes
asked on
Cisco Anyconnect vpn access logging
We use the Cisco AnyConnect client for remote user access. how do i enable vpn access logging that i can easily report on for up to 1 year.
thanks
phil
thanks
phil
In order to get detailed access logs for AnyConnect for that kind of period, you're going to haver to send accounting data to an external server. If you're already authenticating with a RADIUS server, you can add an accounting entry to your AnyConnect context and have all the data you require for as long as needed. Let me know which platform (ASA or ISR) you're using if you need help with the syntax for setting this up.
ASKER
its an asa
thanks
phil
thanks
phil
Assuming that you're already using RADIUS to authenticate against an external server (which is required if you're wanting to use RADIUS accounting) and that you're using the default RADIUS AAA group, you can add accounting capability by adding the following to the ASA's configuration:
aaa accounting enable console RADIUS
If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.
If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)
aaa accounting enable console RADIUS
If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.
If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)
ASKER
we have 2 Microsoft Internet Authentication Service servers acting as the radius servers.
will the above command apply?
also,
if users have issues connecting, how can i log that data?
will the above command apply?
also,
if users have issues connecting, how can i log that data?
If the IAS services are set up using the RADIUS group, definitely.
This only logs connection/disconnection times, data transfer, &c. If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.
There's a free and open-source one available here: http://syslog-win32.sourceforge.net/
This only logs connection/disconnection times, data transfer, &c. If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.
There's a free and open-source one available here: http://syslog-win32.sourceforge.net/
ASKER
ok great! and how do i configure the asa to talk to the syslog server.
also i was considering using the kiwi syslog server
http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx
is that any good compared to your recommendation?
thanks
phil
also i was considering using the kiwi syslog server
http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx
is that any good compared to your recommendation?
thanks
phil
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
very helpful , fast responses!! thanks