Cisco Anyconnect vpn access logging

In order to get detailed access logs for AnyConnect for that kind of period, you're going to haver to send accounting data to an external server. If you're already authenticating with a RADIUS server, you can add an accounting entry to your AnyConnect context and have all the data you require for as long as needed. Let me know which platform (ASA or ISR) you're using if you need help with the syntax for setting this up.

its an asa

thanks

phil

Assuming that you're already using RADIUS to authenticate against an external server (which is required if you're wanting to use RADIUS accounting) and that you're using the default RADIUS AAA group, you can add accounting capability by adding the following to the ASA's configuration:

aaa accounting enable console RADIUS

If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.

If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)

we have 2 Microsoft Internet Authentication Service servers acting as the radius servers.

will the above command apply?

also,

if users have issues connecting, how can i log that data?

If the IAS services are set up using the RADIUS group, definitely.

This only logs connection/disconnection times, data transfer, &c.  If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.

There's a free and open-source one available here: http://syslog-win32.sourceforge.net/

ok great!  and how do i configure the asa to talk to the syslog server.

also i was considering using the kiwi syslog server

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx

is that any good compared to your recommendation?

thanks

phil

very helpful , fast responses!! thanks