Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Monitor Cisco VPN Logon / Logoff Activity using LEM

Monitor Cisco VPN Logon / Logoff Activity using LEM

Table of contents
Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 325 Votes: 0 Revisions: 4


This article provides information on how to monitor Logon and Logoff activity through a Cisco ASA firewall.


All versions of LEM


For a list of all  Cisco syslogs please see:

According to the document above, theProviderSID for Logon is ASA-6-113004


Search in nDepth

ndepth Search = AnyAlert.ProviderSID = *113004*


LEM translates the following syslog as aUserLogon...

%ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user


LEM translates the following as aUserLogoff

%ASA-6-113013: AAA unable to complete the request Error: reason = reason: user = user


Last modified
20:17, 22 Jun 2016