Tracking client VPN logins

Montana-Man
Here to help

Tracking client VPN logins

I would like to be able to track users logging into an MX appliance via the client vpn.  I would like to report on information like how many times a user logins into the appliance (past 30-45 days) how long they have been logged in, etc..  Can I do this?

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

If you are using a RADIUS server you should use its logs.

If you are using Active Directory you should use the security events logs on the AD controller.

 

You should also be able to go "Network-Wide/Event Log", make sure "Security Appliance" is selected, and search for "VPN Client Connected" events.  The username should appear there.

 

Sorry to bring up old news, but I don't suppose you know of a way to export a year at a time?

Grumples
Here to help

We've been doing this for years to fulfill a requirement by the HR Department.  Our MX is sending logs to a Syslog server.  The Syslogs contain unique wording for when a client is connected and disconnected from the VPN:

 

logtime message
2020-06-21 14:43:26 1592765006.928610814 MY_MX100 events client_vpn_connect user id 'employeeA' local ip 192.168.10.8 connected from 70.187.200.74
2020-06-21 15:16:16 1592766976.058749887 MY_MX100 events client_vpn_disconnect user id 'employeeA' local ip 192.168.10.8 connected from 70.187.200.74

 

If you can write a script or program to parse that out for you, you can get the username, the local IP, the remote IP and the timestamp.  We put all these VPN events into a SQL table to make reporting simple.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels