-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Monitoring SSLVPN User Logins
11/02/2023 
60 People found this article helpful
177,337 Views
Description
Sometimes Network Administrators have a need to monitor Users logging in using SSLVPN. This can be accomplished by selecting the right logging event, as described below & then configuring log automation to send the event logs to an email using instructions available at the article:How to configure log automation to e-mail log categories to different e-mail addresses | SonicWall
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
1. Navigate to Device| Log | Settings. Under the Users Category, select the Group Authentication Access.
2. Look for the “Successful SSLVPN User Login” with the Event ID 1080.
3. Hover your mouse over the above Event. Click on the Configure Pencil icon that shows up. Select Event Priority to Inform or Alert based on your need. Enable Display Event in Log Monitor. Put in an email address under Send Alerts to E-mail Address if you choose the Priority as Alert.
4. To track the User logging out, enable the Event User Logout with the Event ID 263.
Follow instructions in step 3 to enable logging for the above the above event.
How to test:
Under Log Monitor, the SSLVPN user logging in & logging out will show up. If configured as an Alert, the same will be sent to your configured email address.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
1. Navigate to Manage | Log Settings | Base setup. Under the Users Category, select the Group Authentication Access.
2. Look for the Event Successful SSLVPN User Login with the Event ID 1080.
3. Click on the Configure Pencil icon on the far right, for the above event. In the window that opens, Select Event Priority to Alert based on your need. Enable Display Event in Log Monitor. Put in an email address under Send Alerts to E-mail Address if you choose the Priority as Alert.
4 To track the User logging out, look for the Event “User Logout” with the Event ID 263.
Follow instructions in step 3 to enable logging for the above the above event.
How to test:
Under Log Monitor, the SSLVPN user logging in & logging out will show up. If configured as an “Alert”, the same will be sent to your configured email address.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
YES
NO