SSLVPN - View log to see user activity
Hey all,
I am running the TZ-670 Firewall, with default settings in terms of the logs…..
I know the system can only record logs for a few days before over-writing, but how do i actually view the logs ?
I am trying to see if a user has done a SSLVPN connection each day for past few days ( to see if that user is playing Candy Crush all day, or actually logging in to do some work)…
I can see on the log settings, that the Audit ID is 1080 for "successful SSLVPN login" , but when i click into "Monitor / Logs / Auditing Logs" , i dont see any recorded event for ID: 1080
Best Answer
-
CORRECT ANSWER
MarkD
Cybersecurity Overlord ✭✭✭
The event logs can be filtered and or searched
This one is based on a search for "user"
I would say if you have the default logging level, those logs will be overwritten pretty quickly - hours not days.
You can also backoff the event logs to a syslog server for long term storage
0
Answers
Cheers
Different view in the TZ670 , but same thing..
i didnt realise i need to set the "Logging level" to "inform" , so it records events , and then i can see if users are SSL VPN login and actually doing any work :) :)
cheeeeeeeeeeeeeeers
Hello, I have a similar question. I'm trying to view the last user login for SSLVPN to find inactive users. I can only see the Sys logs for the current day. So does changing the logging level to "inform" ensure that it will stay in the logs for longer? I'm using a TZ 370 if that makes a difference.
The internal log storage is limited, you could setup a syslog server (something like Kiwi syslog) on another machine and send the logs for further analysis.