VPN Session logs

Viceroy
Viceroy Posts: 1  Freshman Member
Third Anniversary
edited April 2021 in Security

Hi There,

I would like to create a log to find out times and duration of SSL VPN sessions per user - how might I go about this?

My attempts thus far have not been fruitful...

Tia

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,298  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @Viceroy

    Welcome to Zyxel community

    Go to Monitor > Log > View Log > select category SSL VPN

    It will show related log of SSL VPN


  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    I'm also interested in, but would prefer a cleared list where only user log-ins and log-outs are listed, means without all of the rest SSL VPN related log entries.

    Further this log is able to list maximum of 200 entries. I've got a lot of different SSL VPN users here. If i.e. 5 users are logging-in/out only once a day, the 200 entries are reached within 20 days (provided only the user login/outs are bening listed). But this doesn't help, if I have to discover who has been used the VPN in last month.

    I've also tried to automatially export such a SSL VPN User list to an attached USB stick. But also in that case a lot of unintentionally data will be saved with.

  • warwickt
    warwickt Posts: 111  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Hi Viceroy, to do this you will need to

    1) route the logs to an external host then
    2) on that host strip out (grep ) the L2TP session logs

    its very simple to do

    additional:
    • syslogd
    • newsyslog.conf
    and syslog-ng

    from the USG, use the UI Configuration/Logging/ setting and put in the info for the remote server
    • optionally change the port 

    remote server: [freebsd,linux,macos etc]
    • tail /grep the logs as you see fit
    • make sure you trim these logs (newsyslogd) as they get large after a few weeks with a typically busy router

    Optionally: 
    • set the USG router settings for that remote server  to only log specific log event (VPN IpSec/IKE and L2TP

    theres info on this forum for this i recall 

    we do this for all our installed zyxel usg routers 

    hth


    Warwick
    Hong Kong

Security Highlight