Submit a ticketCall us

Putting Your Logs Where They Belong with the New SolarWinds Log Manager for Orion

The new SolarWinds® Log Manager for Orion® finally puts your log data right where it belongs, in the heart of your Orion console. Gain insight into the performance of your infrastructure by monitoring your logs in a unified console allowing you to see a wealth of information about the health and performance of your network and servers.

Reserve a Seat for Wednesday May 23rd 11am CDT | Reserve a Seat for Tuesday May 22nd 10:30am GMT | Reserve a Seat for Tuesday May 22nd 1pm SGT / 3pm AEST

Home > Success Center > Log & Event Manager (LEM) > Monitor Cisco VPN Logon / Logoff Activity using LEM

Monitor Cisco VPN Logon / Logoff Activity using LEM

Table of contents
Created by Craig O’ Neill, last modified by Jason Dee on May 21, 2018

Views: 3,392 Votes: 0 Revisions: 8

Updated January 17, 2018

Overview

This article provides information on how to monitor WebVPN/AnyConnect logon and logoff activity through a Cisco ASA firewall.

Environment

  • LEM all versions
  • Cisco IOS/ASA device

Detail

For a list of all Cisco IOS/ASA Syslog events, please see: http://www.cisco.com/c/en/us/td/docs...s/logsevp.html

According to the document above, the Event ID a WebVPN/AnyConnect logon is ASA-6-716001 and a WebVPN/AnyConnect logoff would be ASA-6-716002.

 

You can search for these by creating one of the following queries in nDepth:

 

SystemStatus.ProviderSID = *716001

 

SystemStatus.ProviderSID = *716002

 

It is also possible that there are VPN-related logon/logoff events that use other Event IDs, such as ASA-4-113004. Please refer to the above Cisco reference page for more information on their Syslog events.

 

 

 

 

Last modified

Tags

Classifications

Public