How do i track user login session into PIX via local authentication with syslog. I was able to track authentication success syslog event whenever a user logs in via VPN, but when the user disconnects the VPN session, no corresponding syslog message was sent. Any ideas?
In article , Cen wrote: :How do i track user login session into PIX via local authentication with :syslog. I was able to track authentication success syslog event whenever a :user logs in via VPN, but when the user disconnects the VPN session, no :corresponding syslog message was sent. :Any ideas?
Unless the VPN client sends a clean "I am shutting down now" message [and I do not know if those exist in IPSec], then VPNs cannot tell the difference between the user disconnecting cleanly, the user losing the network connection, or the user simply not sending anything.
IPSec does have a "Delete all Security Associations with this identity" token, but that token is used in contexts other than logout.
If you need more accurate track of when the user BSOD'd, then you should probably turn on some kind of keep-alive.
upgrade the PIXOS to latest - here there are many new syslog especially for VPN. then configure the appropiate log-level to syslogd.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.