Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > Monitor Cisco VPN Logon / Logoff Activity using LEM

Monitor Cisco VPN Logon / Logoff Activity using LEM

Table of contents
Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 664 Votes: 0 Revisions: 4

Overview

This article provides information on how to monitor Logon and Logoff activity through a Cisco ASA firewall.

Environment

All versions of LEM

Detail

For a list of all  Cisco syslogs please see: http://www.cisco.com/c/en/us/td/docs...s/logsevp.html

According to the document above, theProviderSID for Logon is ASA-6-113004

 

Search in nDepth

ndepth Search = AnyAlert.ProviderSID = *113004*

 

LEM translates the following syslog as aUserLogon...

%ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user

 

LEM translates the following as aUserLogoff

%ASA-6-113013: AAA unable to complete the request Error: reason = reason: user = user

 

Last modified
20:17, 22 Jun 2016

Tags

Classifications

Public