VPN Connection Logging
What are the capabilities for logging of mobile VPN connections? Can connects and disconnects be logged (with IP address)? I haven't found a place to configure that.
T55 (v12.3.1).
Thanks
0
Sign In to comment.
Answers
In FSM Traffic Monitor -> right click -> Event Notifications, you can select
user log on and off log records, and set them to Notify
The following are from the Log Catalog:
2500-0000 SSLVPN Login
2500-0001 SSLVPN Log off
5B01-0005 L2TP Delete user session
3E00-0002 User Login succeeded
3E00-0004 User Logout
Unfortunately you will also get "Management user status@Firebox-DB from"
accesses an user authentications logged with the above log record IDs set to Notify and .
Thanks for the help - is this one of those things that can only be done from the FSM? I find the webUI easier to use so rarely open the System Manager. Also, even though we're using SSLVPN, I don't see events 2500*. As you mention, the 3E00-002 includes management logins so not an ideal solution without the 2500- events.
AFAIK, only via FSM
Hello Bruce,
in my Event Notifications window those 2 ids are missing.
Instead 3E00-0002 and 0004 are present but those are logging every ad login to user pc, creating a lot of email spam.
I'd like to only log SSL VPN user logged out assigned virtual ip, is it possibile?
M270 v12.7.2 here.
Hi @Francesco
In order to get those checkboxes to show up, those logs need to have gone by in Traffic Monitor before you right click -> event notifications. If you're not seeing them, try logging in and out of SSLVPN then right clicking in FSM.
Hi james, the event of ssl vpn user disconnecting is shown as 3E00-0004 not 2500-0001
FWStatus, Firewall user - from - logged out, pri=6, proc_id=sessiond, msg_id=3E00-0004