Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

SSLVPN - View log to see user activity

snickollssnickolls Newbie ✭
in SSL VPN

Hey all,
I am running the TZ-670 Firewall, with default settings in terms of the logs…..

I know the system can only record logs for a few days before over-writing, but how do i actually view the logs ?
I am trying to see if a user has done a SSLVPN connection each day for past few days ( to see if that user is playing Candy Crush all day, or actually logging in to do some work)…
I can see on the log settings, that the Audit ID is 1080 for "successful SSLVPN login" , but when i click into "Monitor / Logs / Auditing Logs" , i dont see any recorded event for ID: 1080

Category: SSL VPN
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    MarkDMarkD Cybersecurity Overlord ✭✭✭
    Answer ✓

    The event logs can be filtered and or searched

    This one is based on a search for "user"

    image.png

    I would say if you have the default logging level, those logs will be overwritten pretty quickly - hours not days.

    You can also backoff the event logs to a syslog server for long term storage

Answers

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

  • snickollssnickolls Newbie ✭

    Cheers
    Different view in the TZ670 , but same thing..
    i didnt realise i need to set the "Logging level" to "inform" , so it records events , and then i can see if users are SSL VPN login and actually doing any work :) :)
    cheeeeeeeeeeeeeeers

Sign In or Register to comment.