All Apps and Add-ons

How to build a dashboard to monitor Cisco ASA VPN connections in real-time?



New to Splunk.

I use the Cisco security suite and its up and working. I would like a dashboard that lists active VPN tunnels in real-time, with the ip associated to the client.
In the search, I can find connections opening and closing in real time, i just don't know how to build a dashboard where this information would be well formatted.
Anyone able to provide some info on how to do it please ?



There are probably some techniques to make this doable, using transactions and so on. But, I think I will make an alternate suggestion. Use RADIUS accounting as an intermediary. On your ASA device, you can enable RADIUS accounting and send accounting records to a RADIUS server that can then put them into a file or into a MySQL DB.

Once you have the accounting records, they include things that make doing this much easier like unique "session ID" identifiers so that transactions are no longer necessary. If you put the RADIUS accounting into a MySQL DB, then that data is easily turned into a DB-Lookup in splunk and will always show the "current logged in" users quite easily.

0 Karma


Adding the log entries for connection / disconnection:

<182>Feb 12 2015 05:00:39: %ASA-6-713228: Group = VPN-NOMADES, Username = xxxxxx, IP = yyy.yyy.yyy.yyy, Assigned private IP address to remote user

<180>Feb 12 2015 05:01:01: %ASA-4-113019: Group = VPN-NOMADES, Username = xxxxxx, IP = yyy.yyy.yyy.yyy, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:10m:52s, Bytes xmt: 2054971, Bytes rcv: 352098, Reason: Lost Service

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...