Guides
Secure Access Help Center

View the Remote Access Log Report

The Remote Access Log report lists users' connection events that are related to remote access, tracked over distinct time periods.

Table of Contents

Prerequisites

  • A minimum user role of Read-only. For more information, see Manage Accounts.

View the Remote Access Log Report

  1. Navigate to Monitor > Reports > Remote Access Logs.
  2. Choose a time frame of remote access events.
  3. Use the search bar to find remote access events by identity (user or device name) or endpoint device OS version.
  4. Refine your search using the following filters to help identify security issues that require attention.
  • Connection Event lets you filter by the outcome of a VPN connection event. Possible values are: Connected, Disconnected, Failed, Warning, and Unknown. Note: A Warning outcome only results when a DDNS update has failed (see Event Details below).
  • Machine Tunnel lets you filter by VPN connections made by a machine tunnel. For more information about the Secure Access machine tunnel, see Manage Machine Tunnels.
  • OS Types and Versions lets you filter by any client OS values that are in the current Remote Access Log data set.
  • Secure Client Versions lets you filter by any Cisco Secure Client values that are in the current Remote Access Log data set.
  • Event Details lets you filter by the combination of any reasons for connection failure or disconnection that are in the current Remote Access Log data set. Possible values:
    • Addr Assignment Fail
    • Access Allowed
    • Administrator Reset
    • Authentication Check
    • Authorization Check
    • Cert Auth Check
    • Certificate Expired
    • Client Type Not Supported
    • Connection Lost
    • Connection Preempted
    • DDNS Update Failed
    • Geocompliance Check
    • Geocompliance Service Unavailable
    • IKE Delete
    • IKEV2 Check
    • IPSec Error
    • Max Time Exceeded
    • Port Error
    • Posture Check
    • Posture Check Failed
    • SA Expired
    • Static IP Addr Assignment Fail
    • TLS Check
    • Unknown Disconnection Reason
    • Unknown Failed Reason
    • User Requested
  • Identities lets you filter by connection events with Security Group Tags (SGT) you have configured rules to traffic originating from IP addresses in network segments that include SGTs. When present, SGTs will be appended to the User column value. For more information, see Integrate ISE with Secure Access and Integrate Catalyst SD-WAN with Secure Access.

Note: Each filter is dynamic, except for Identities, and will only display filter option values that are present in the connection data. If no option values are present in the data for a filter, that filter will remain hidden.

View Event Details

There are two options to view details of an event.

  1. Option 1: Click the View Details icon (the blue ellipsis at the right end of each row).
  1. Option 2: Hover over an Event Details field in any row, then click Read More below the ASA syslog message ID.

Result: The Event Details drawer displays detailed information about an individual event.


Remote Access Log Report < View the Remote Access Log Report > Activity Search Report

Updated 10 days ago