VPN Session logs

Viceroy
Viceroy Posts: 1
First Anniversary
edited April 2021 in Security

Hi There,

I would like to create a log to find out times and duration of SSL VPN sessions per user - how might I go about this?

My attempts thus far have not been fruitful...

Tia

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,052  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Viceroy

    Welcome to Zyxel community

    Go to Monitor > Log > View Log > select category SSL VPN

    It will show related log of SSL VPN


  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    I'm also interested in, but would prefer a cleared list where only user log-ins and log-outs are listed, means without all of the rest SSL VPN related log entries.

    Further this log is able to list maximum of 200 entries. I've got a lot of different SSL VPN users here. If i.e. 5 users are logging-in/out only once a day, the 200 entries are reached within 20 days (provided only the user login/outs are bening listed). But this doesn't help, if I have to discover who has been used the VPN in last month.

    I've also tried to automatially export such a SSL VPN User list to an attached USB stick. But also in that case a lot of unintentionally data will be saved with.

  • warwickt
    warwickt Posts: 111  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Hi Viceroy, to do this you will need to

    1) route the logs to an external host then
    2) on that host strip out (grep ) the L2TP session logs

    its very simple to do

    additional:
    • syslogd
    • newsyslog.conf
    and syslog-ng

    from the USG, use the UI Configuration/Logging/ setting and put in the info for the remote server
    • optionally change the port 

    remote server: [freebsd,linux,macos etc]
    • tail /grep the logs as you see fit
    • make sure you trim these logs (newsyslogd) as they get large after a few weeks with a typically busy router

    Optionally: 
    • set the USG router settings for that remote server  to only log specific log event (VPN IpSec/IKE and L2TP

    theres info on this forum for this i recall 

    we do this for all our installed zyxel usg routers 

    hth


    Warwick
    Hong Kong

Security Highlight