Cisco Anyconnect vpn access logging

We use the Cisco AnyConnect client for remote user access.  how do i enable vpn access logging that i can easily report on for up to 1 year.


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jody LemoineNetwork ArchitectCommented:
In order to get detailed access logs for AnyConnect for that kind of period, you're going to haver to send accounting data to an external server. If you're already authenticating with a RADIUS server, you can add an accounting entry to your AnyConnect context and have all the data you require for as long as needed. Let me know which platform (ASA or ISR) you're using if you need help with the syntax for setting this up.
philipfarnesAuthor Commented:
its an asa


Jody LemoineNetwork ArchitectCommented:
Assuming that you're already using RADIUS to authenticate against an external server (which is required if you're wanting to use RADIUS accounting) and that you're using the default RADIUS AAA group, you can add accounting capability by adding the following to the ASA's configuration:

aaa accounting enable console RADIUS

If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.

If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

philipfarnesAuthor Commented:
we have 2 Microsoft Internet Authentication Service servers acting as the radius servers.

will the above command apply?


if users have issues connecting, how can i log that data?
Jody LemoineNetwork ArchitectCommented:
If the IAS services are set up using the RADIUS group, definitely.

This only logs connection/disconnection times, data transfer, &c.  If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.

There's a free and open-source one available here:
philipfarnesAuthor Commented:
ok great!  and how do i configure the asa to talk to the syslog server.

also i was considering using the kiwi syslog server

is that any good compared to your recommendation?


Jody LemoineNetwork ArchitectCommented:
Configuring the ASA for syslog isn't complicated, but the configuration varies depending on what you want to do.  There's a very good configuration example that should help you out here:

They syslog servers are comparable.  The open-source one has a feature or two (message forwarding, for example) that you don't get with Kiwi unless you upgrade to the licensed product, but there's nothing wrong with Kiwi as Windows syslog servers go.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
philipfarnesAuthor Commented:
very helpful , fast responses!! thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.