VPN Connected and Disconnected Times Report
Hello, I'm testing out Firewall Analyzer with a PIX 506E, I have set up some custom alerts that sends me an email when a user
Connects to the VPN (matchin conditions MSG * PIX-6-603104)
Email subject: ($USER Connected to VPN)
and when they
Disconnect (matching conditions MSG * %PIX-6-603105: PPTP Tunnel deleted) from the VPN.
Email subject: ($SRC Disconnected from VPN)
Now this works very well and does exactly what I want, however it is a bit cumbersome because when I need to do a report on when a vendor signs in and out of the VPN and they do it several times a day throughout the week. I have to go through my email and match the username with the source IP that disconnected. Because the Pix MSG for deleting a tunnel does not contain the username
I have 2 solutions that I can think of to resolve this cumbersome mess:
1- Add a Variable for the Email Subject that contains the Tunnel ID
msg : %PIX-6-603104: PPTP Tunnel created, tunnel_id is 10916, remote_peer_ip is xxx.xxx.xxx.xxx, ppp_virtual_interface_id is 412, client_dynamic_ip is xx.xx.xx.xx, username is johndoe
2- Create a summary report that can match tunnel_id's from Message %PIX-6-603104: PPTP Tunnel created and
%PIX-6-603105: PPTP Tunnel deleted that contains Source IP, Username, Time In & Time Out.
If there is another way to do this that I am not thinking of please let me know.
Thanks!
Connects to the VPN (matchin conditions MSG * PIX-6-603104)
Email subject: ($USER Connected to VPN)
and when they
Disconnect (matching conditions MSG * %PIX-6-603105: PPTP Tunnel deleted) from the VPN.
Email subject: ($SRC Disconnected from VPN)
Now this works very well and does exactly what I want, however it is a bit cumbersome because when I need to do a report on when a vendor signs in and out of the VPN and they do it several times a day throughout the week. I have to go through my email and match the username with the source IP that disconnected. Because the Pix MSG for deleting a tunnel does not contain the username
I have 2 solutions that I can think of to resolve this cumbersome mess:
1- Add a Variable for the Email Subject that contains the Tunnel ID
msg : %PIX-6-603104: PPTP Tunnel created, tunnel_id is 10916, remote_peer_ip is xxx.xxx.xxx.xxx, ppp_virtual_interface_id is 412, client_dynamic_ip is xx.xx.xx.xx, username is johndoe
2- Create a summary report that can match tunnel_id's from Message %PIX-6-603104: PPTP Tunnel created and
%PIX-6-603105: PPTP Tunnel deleted that contains Source IP, Username, Time In & Time Out.
If there is another way to do this that I am not thinking of please let me know.
Thanks!