All Apps and Add-ons

How to build a dashboard to monitor Cisco ASA VPN connections in real-time?



New to Splunk.

I use the Cisco security suite and its up and working. I would like a dashboard that lists active VPN tunnels in real-time, with the ip associated to the client.
In the search, I can find connections opening and closing in real time, i just don't know how to build a dashboard where this information would be well formatted.
Anyone able to provide some info on how to do it please ?



There are probably some techniques to make this doable, using transactions and so on. But, I think I will make an alternate suggestion. Use RADIUS accounting as an intermediary. On your ASA device, you can enable RADIUS accounting and send accounting records to a RADIUS server that can then put them into a file or into a MySQL DB.

Once you have the accounting records, they include things that make doing this much easier like unique "session ID" identifiers so that transactions are no longer necessary. If you put the RADIUS accounting into a MySQL DB, then that data is easily turned into a DB-Lookup in splunk and will always show the "current logged in" users quite easily.

0 Karma


Adding the log entries for connection / disconnection:

<182>Feb 12 2015 05:00:39: %ASA-6-713228: Group = VPN-NOMADES, Username = xxxxxx, IP = yyy.yyy.yyy.yyy, Assigned private IP address to remote user

<180>Feb 12 2015 05:01:01: %ASA-4-113019: Group = VPN-NOMADES, Username = xxxxxx, IP = yyy.yyy.yyy.yyy, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:10m:52s, Bytes xmt: 2054971, Bytes rcv: 352098, Reason: Lost Service

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...