VPN Session logs

Viceroy

Hi There,

I would like to create a log to find out times and duration of SSL VPN sessions per user - how might I go about this?

My attempts thus far have not been fruitful...

Tia

Zyxel_Jerry

Hi @Viceroy

Welcome to Zyxel community

Go to Monitor > Log > View Log > select category SSL VPN

It will show related log of SSL VPN

USG_User

I'm also interested in, but would prefer a cleared list where only user log-ins and log-outs are listed, means without all of the rest SSL VPN related log entries.

Further this log is able to list maximum of 200 entries. I've got a lot of different SSL VPN users here. If i.e. 5 users are logging-in/out only once a day, the 200 entries are reached within 20 days (provided only the user login/outs are bening listed). But this doesn't help, if I have to discover who has been used the VPN in last month.

I've also tried to automatially export such a SSL VPN User list to an attached USB stick. But also in that case a lot of unintentionally data will be saved with.

warwickt

Hi Viceroy, to do this you will need to

1) route the logs to an external host then
2) on that host strip out (grep ) the L2TP session logs

its very simple to do

additional:
• syslogd
• newsyslog.conf
and syslog-ng

from the USG, use the UI Configuration/Logging/ setting and put in the info for the remote server
• optionally change the port 

remote server: [freebsd,linux,macos etc]
• tail /grep the logs as you see fit
• make sure you trim these logs (newsyslogd) as they get large after a few weeks with a typically busy router

Optionally: 
• set the USG router settings for that remote server  to only log specific log event (VPN IpSec/IKE and L2TP

theres info on this forum for this i recall 

we do this for all our installed zyxel usg routers 

hth


Warwick
Hong Kong