All Apps and Add-ons

How to build a dashboard to monitor Cisco ASA VPN connections in real-time?



New to Splunk.

I use the Cisco security suite and its up and working. I would like a dashboard that lists active VPN tunnels in real-time, with the ip associated to the client.
In the search, I can find connections opening and closing in real time, i just don't know how to build a dashboard where this information would be well formatted.
Anyone able to provide some info on how to do it please ?



There are probably some techniques to make this doable, using transactions and so on. But, I think I will make an alternate suggestion. Use RADIUS accounting as an intermediary. On your ASA device, you can enable RADIUS accounting and send accounting records to a RADIUS server that can then put them into a file or into a MySQL DB.

Once you have the accounting records, they include things that make doing this much easier like unique "session ID" identifiers so that transactions are no longer necessary. If you put the RADIUS accounting into a MySQL DB, then that data is easily turned into a DB-Lookup in splunk and will always show the "current logged in" users quite easily.

0 Karma


Adding the log entries for connection / disconnection:

<182>Feb 12 2015 05:00:39: %ASA-6-713228: Group = VPN-NOMADES, Username = xxxxxx, IP = yyy.yyy.yyy.yyy, Assigned private IP address to remote user

<180>Feb 12 2015 05:01:01: %ASA-4-113019: Group = VPN-NOMADES, Username = xxxxxx, IP = yyy.yyy.yyy.yyy, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:10m:52s, Bytes xmt: 2054971, Bytes rcv: 352098, Reason: Lost Service

0 Karma
Get Updates on the Splunk Community!

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...

Announcing Our Splunk MVPs

We are excited to announce the first cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...