Logging Radius logins to ASA?

itdaddy · July 2011

Hey guys. we have a vpn asa 5505 setup at work.
I want the asa to log logins of anyone vpning in.
We have it use RADIUS server (active directory) so can
logins be logged to the asa? and then of course have the logs
sent to our syslog server and their. I can filter vpn logins by certain
charter strings like username if logged that way? so
can you guys point me in the right direction or does it do it natively?

thank you

mikearama · July 2011

I read through that a couple times, daddy... still not quite getting it. You want the Radius server, which can be setup to log logins (successful, unsuccessful, or both), to not only capture the attempts, but then forward the log back to the ASA?

That won't work... the ASA is not a syslog / snmp server. It creates traps... it doesn't receive them.

I think you're going to have to query the Radius server for login attempts. Run your searches there.

I use cisco ACS, which creates daily log files for Passed Authentications, Failed Attempts, Logged-in Users, etc. What are you using for Radius? Windows ISA? or something like FreeRadius or tekRadius?

itdaddy · July 2011

mikarama

yeah it is kind of confusing. Okay we have our vpn 5505 set up for radius authentication. I thought some how the asa 5505 logged logins but I guess that kind of was dumb questions since the authentication is through the radius server and is logged probably on that source. I wasn't t thinking clearly. But I think the asa does log login attempts doesn't it? I can check our CINXI syslog server to see if it is logging attempts. I really like our syslog server you can set filters up to trap certain string values say the users name or key words and it sends me emails based off of this.
Thanks I willl look into setting up an ACS server. Do you know how much
cisco charges for the ACS software?

Logging Radius logins to ASA?

Comments