Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Log & Event Manager (LEM) > Monitor Cisco VPN Logon / Logoff Activity using LEM

Monitor Cisco VPN Logon / Logoff Activity using LEM

Table of contents
Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 138 Votes: 0 Revisions: 4

Overview

This article provides information on how to monitor Logon and Logoff activity through a Cisco ASA firewall.

Environment

All versions of LEM

Detail

For a list of all  Cisco syslogs please see: http://www.cisco.com/c/en/us/td/docs...s/logsevp.html

According to the document above, theProviderSID for Logon is ASA-6-113004

 

Search in nDepth

ndepth Search = AnyAlert.ProviderSID = *113004*

 

LEM translates the following syslog as aUserLogon...

%ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user

 

LEM translates the following as aUserLogoff

%ASA-6-113013: AAA unable to complete the request Error: reason = reason: user = user

 

Last modified
20:17, 22 Jun 2016

Tags

Classifications

Public