Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.


Home > Success Center > Log & Event Manager (LEM) > Monitor Cisco VPN Logon / Logoff Activity using LEM

Monitor Cisco VPN Logon / Logoff Activity using LEM

Table of contents
Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 138 Votes: 0 Revisions: 4


This article provides information on how to monitor Logon and Logoff activity through a Cisco ASA firewall.


All versions of LEM


For a list of all  Cisco syslogs please see:

According to the document above, theProviderSID for Logon is ASA-6-113004


Search in nDepth

ndepth Search = AnyAlert.ProviderSID = *113004*


LEM translates the following syslog as aUserLogon...

%ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user


LEM translates the following as aUserLogoff

%ASA-6-113013: AAA unable to complete the request Error: reason = reason: user = user


Last modified
20:17, 22 Jun 2016