I'm a big fan of working things out for myself and doing the homework necessary but I can't seem to stumble onto the right search information to get started. Or it just can't be done.
I have a PIX506e handling VPN logins via a RADIUS server. I'd like to log all VPN logins with the username and host.domain.xxx name. I was thinking a syslog server would be best but what its logged to is secondary to getting the log.
Any help is greatly appreciated RC
In PIX 5 and PIX 6, you pretty much have to handle it at the server you have handling aaa authenticate -- but don't count on the authentication server being told when the user logs off.
Digging the information out of the PIX syslog messages is pretty mucky. It's been some time, and I only looked in passing, but if I recall tehre is no single unified message generate on the PIX: you have to deduce that some messages are associated some of the other ones, and the deduction can be wrong if you have multiple users from the same IP.
The VPN 30x0 supposedly have better logging, but I'm not convinced it is even possible to get the logout timing right: IPSec connections do not so much get logged out as expire from lack of use.
Its not so much the login/out I need as it is the username and full host name with domain. My RADIUS (Windows IAS) server will tell me the username and hostname but dumps it into the event log with everything else and won't give me the hostname plus domain.
I'll do some more digging, there must be a way and I don't give up easy. Only question is will it be within my software/hardware budget of 0.
Thanks RC
I suggest you have a look at IAS log viewer
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.