This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-05-19 11:27 AM

Juniper SSL VPN Report

Hi,

 

I am trying to create a Failed Login by username report in tabular form. I am using table "VPN Security" and choose the following within that table, username, DeviceAddress, DeviceHostname, count(Username) which works fine. Now i want to add a column in the report that shows the source address of each user, the syslog message itself has this address at the beginning of the "message" but i am not sure how to extract that for my report.

 

Any help would be much appreciated.

 

Regards,

 

Si

0 Likes
Reply
2 Replies
RSAAdmin
Beginner
Beginner
‎2010-12-26 08:08 AM

Hi,

you need the Local Address Column
0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2011-09-12 11:47 AM

Hi,

 

First I would like to know if you are using Content 2.0 or the old event source update. If it is old one, then usually Juniper VPN source address (client address) is captured in "Foreign Address" column. If you want to confirm the same, run a query in "Analysis" tab under table "VPN Security". Here you can find the source address of the clients.

 

If you are using Content 2.0, then the source address will be captured in "Source Address" column. I have faced problems with the way the address was captured (It depends which version of VPN are you using) and the table should be "VPN".

 

Goto Overview->SystemConfiguration->Messages->ManageMessagestoParse-> <Find your device>... This would let you know under which table your logs are getting stored for any device.

0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.