Skip to main content
Versa Networks

Secure Access Logs

Versa-logo-release-icon.png For supported software information, click here.

Secure access logs report information about connectivity, user registration, and global and user statistics. In addition, alarm logs can be parsed to find secure access user events such as IPSEC events, IKE connection and disconnect events, and authentication failures. This article describes secure access logs and alarm logs containing secure access event information.

Secure Access Connectivity Event Logs

For Releases 22.1.1 and later.

Secure Access Connectivity Event Log Message Format

2024-01-11T18:03:56+0000 secAccUserConnEventLog, applianceName=Bangalore-ECT-DC-Active, 
tenantName=Corp-Inline-Customer1, vsnId=0, applianceId=1, tenantId=1, 
userName=user123@versa-networks.com, deviceName=LAPTOP-123ABC, racTunnelIP=172.30.58.131, 
racIP=152.58.208.86, racAccessType=ipsec, racEventType=create, secAccRuleName=ALLOW_MANAGED_DEVICES, 
secAccRuleAction=allow, authProfile=unknown, vpnProfile=split-tunnel-RAS, 
rInst=Corp-Inline-Customer-1LAN-VR, uptime=0, failureReason=
2024-01-11T18:08:10+0000 secAccUserConnEventLog, applianceName=Bangalore-ECT-DC-Active, 
tenantName=Corp-Inline-Customer1, vsnId=0, applianceId=1, tenantId=1, 
userName=user123@versa-networks.com, deviceName=LAPTOP-123ABC, racTunnelIP=172.30.58.131, 
racIP=152.58.208.86, racAccessType=ipsec, racEventType=delete, secAccRuleName=, 
secAccRuleAction=, authProfile=unknown, vpnProfile=, rInst=, uptime=252, failureReason=
2024-01-11T18:06:13+0000 secAccUserConnEventLog, applianceName=Bangalore-ECT-DC-Active, 
tenantName=Corp-Inline-Customer1, vsnId=0, applianceId=1, tenantId=1, 
userName=user124@versa-networks.com, deviceName=, racTunnelIP=, racIP=49.37.168.80, 
racAccessType=unknown, racEventType=failure, secAccRuleName=, secAccRuleAction=, 
authProfile=SAML-Authentication-Profile, vpnProfile=, rInst=, uptime=0, failureReason=forbidden

Secure Access Connectivity Event Message Fields

Field

Description

applianceName

Name of the Versa Operating SystemTM (VOSTM) device. This is the name displayed in the output of the show system identification CLI command on the VOS device.

tenantName

Name of the organization (tenant).

applianceId

VOS device identifier. This field is not used.

tenantId

Tenant or organization identifier.

vsnId

Virtual service node identifier. This field is not used.

username

Remote access user name.

deviceName

(For Releases 22.1.3 and later.) Remote access device name.

racTunnelIP

Remote access tunnel IP address.

racIP

Remote access WAN IP address.

racAccessType

Remote access type: IPsec, DTLS, TLS, or trusted-network.

racEventType

Remote access event type: create, delete or failure.

secAccRuleName

For create requests, the secure access rule that matches the user’s access request.

authProfile

For create requests, the authentication profile used for the user’s request.

vpnProfile

For create requests, the VPN profile used for the user’s request.

rInst

For create requests, the routing instance used for the client’s request.

mdmDevType

(For Releases 22.1.4 and later.) Mobile device management (MDM) type: managed or unmanaged.

mdmComplState

(For Releases 22.1.4 and later.) For a managed device, indicates the MDM compliance state, such as: compliant, noncompliant, or conflict.

uptime

For delete requests, how long the connection was up.

failureReason

For failure events, the reason for the connectivity failure.

Secure Access Event Logs

This section provides examples of alarm logs that report secure access events. For a description of the fields in the alarm logs, see Alarm Logs.

Alarm Log Message Format for Alarm Type IPsec-IKE-Down with a Cleared Alarm

Alarm is cleared for the user user@versa-networks.com.

2021-01-21T19:20:14+0000 alarmLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, 
alarmType=ipsec-ike-down, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256822, 
applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=cleared, 
alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=cleared, alarmOwner=provider, alarmSeqNo=50322, 
alarmText="IKE connection with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is up", 
alarmKeyExt=, serialNum=HE-DC-Branch-1

Alarm Log Message Format for Alarm Type IPsec-Tunnel-Down with a Cleared Alarm

Alarm is cleared for the user user@versa-networks.com.

2021-01-21T19:20:14+0000 alarmLog, applianceName=HEDC-Branch-1, tenantName=Corp-Inline-Customer-1, 
alarmType=ipsec-tunneldown, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256822, 
applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=cleared, 
alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=cleared, alarmOwner=provider, alarmSeqNo=50323, 
alarmText="IPSEC tunnel with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is up", 
alarmKeyExt=, serialNum=HE-DC-Branch-1

Alarm Log Message Format for Alarm Type IPsec-Tunnel-Down with a New Alarm

Alarm is set alarm for the user user@versa-networks.com.

2021-01-21T19:20:44+0000 alarmLog, applianceName=HEDC-Branch-1, tenantName=Corp-Inline-Customer-1, 
alarmType=ipsec-tunneldown, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256852, 
applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=new, 
alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=major, alarmOwner=provider, alarmSeqNo=50327, 
alarmText="IPSEC tunnel with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is down", 
alarmKeyExt=, serialNum=HE-DC-Branch-1

Alarm Log Message Format for Alarm Type IPsec-IKE-Down with a New Alarm

Alarm is set for the user user@versa-networks.com.

2021-01-21T19:20:14+0000 alarmLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, 
alarmType=ipsec-ike-down, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256822, 
applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=new, alarmKind=root, 
alarmEventType=communicationsAlarm, alarmSeverity=cleared, alarmOwner=provider, alarmSeqNo=50322, 
alarmText="IKE connection with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is down", 
alarmKeyExt=, serialNum=HE-DC-Branch-1

Alarm Log Message Format for Alarm Type IPsec-IKE-Auth-Failure with a New Alarm

Alarm is set, but the user is not known. You can use the public IP address to track the source.

2021-01-21T19:13:16+0000 alarmLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, 
alarmType=ipsec-ike-auth-failure, alarmKey=12.179.178.188|9, generateTime=1611256404, applianceId=1, vsnId=0, 
tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=new, alarmKind=root, 
alarmEventType=communicationsAlarm, alarmSeverity=indeterminate, alarmOwner=provider, alarmSeqNo=50276, 
alarmText="IKE authentication with peer 12.179.178.188 (routing-instance Internet1-Transport-VR) failed", 
alarmKeyExt=, serialNum=HE-DC-Branch-1

Secure Access Global Statistics Logs

Secure Access Global Statistics Log Message Format

2021-01-21T16:54:52+0000 secAccGlobalStatsLog, applianceName=HE-DCBranch-1, 
tenantName=Corp-Inline-Customer-1, mstatsTimeBlock=1611248100, tenantId=1, applianceId=0, 
concurrentUsers=27, failedAttempts=14, successfulAttempts=0

Secure Access Global Statistics Message Fields

Field

Description

applianceName

Name of the VOS device. This is the name displayed in the output of the show system identification CLI command on the VOS device.

tenantName

Name of the organization (tenant).

applianceId

VOS device identifier. This field is not used.

tenantId

Tenant or organization identifier.

mstatsTimeBlock

Time since the log was generated, in UNIX epoch format.

concurrentUsers

Snapshot of the concurrent users on the gateway when the log was generated.

failedAttempts

Number of failed attempts in the last measurement interval.

successfulAttempts

Number of successful attempts in the last measurement interval.

Secure Access User Registration Logs

For Releases 21.2.1 and later.

Secure Access User Registration Log Message Format

2021-01-20T12:00:34+0000 secAccUserRegEventLog, applianceName=SJC-GW, tenantName=Versa-Networks, 
vsnId=0, applianceId=1, tenantId=3, userName=user123@versa-networks.com, latitude=22.2, 
longitude=33.3, os=Windows 10 Enterprise, osVersion=v-1909 b-18363.1316, secAccClientVersion=7.2.4

Secure Access User Registration Message Fields

Field

Description

applianceName

Name of the VOS device. This is the name displayed in the output of the show system identification CLI command on the VOS device.

tenantName

Name of the organization (tenant).

applianceId

VOS device identifier. This field is not used.

tenantId

Tenant or organization identifier.

vsnId

Virtual service node identifier. This field is not used.

username

Remote access username.

latitude

Location of the user by latitude during the registration process.

longitude

Location of the user by longitude during the registration process.

os

Operating system of the device from which the user is registering.

osVersion

Operating system version of the device from which the user is registering.

secAccClientVersion

Secure access client version running on the device from which the user is registering.

mdmDevType

(For Releases 22.1.4 and later.) Mobile device management (MDM) type: managed or unmanaged.

mdmComplState

(For Releases 22.1.4 and later.) For a managed device, indicates the MDM compliance state such as, compliant, noncompliant, and conflict.

Secure Access User Statistics Logs

Secure access user statistics logs provide per-user usage statistics, round-trip time, and location information. This log is sent every 5 minutes if there is user activity.

Secure Access User Statistics Log Message Format

2021-01-21T17:29:59+0000 secAccUserStatsLog, applianceName=SJC-GW, tenantName=Versa-Networks, 
mstatsTimeBlock=1611250200, tenantId=3, applianceId=0, mstatsTotSessDuration=300000, 
userName=user123@versa-networks.com, racIP=76.21.120.137, racRxBytes=575392, racTxBytes=919920, 
roundTripTime=340, latitude=53.00, longitude=42.00, isp=COMCAST-7922

Secure Access User Statistics Message Fields

Field

Description

applianceName

Name of the VOS device. This is the name displayed in the output of the show system identification CLI command on the VOS device.

tenantName

Name of the organization (tenant).

applianceId

VOS device identifier. This field is not used.

tenantId

Tenant or organization identifier.

mstatsTimeBlock

Time since the log was generated, in UNIX epoch format.

mstatsTotSessDuration

Measurement interval in milliseconds.

Username

Remote access username.

racIP

Remote access client public IP address.

racRxBytes

Bytes received in the last measurement interval (5 minutes) from the remote access user.

racTxBytes

Bytes sent in the last measurement interval (5 minutes) to the remote access user.

roundTripTime

(For Releases 21.2.1 and later.) Round-trip time from the remote access user’s device to the secure access gateway.

Latitude

(For Releases 21.2.1 and later.) Location of the user by latitude.

Longitude

(For Releases 21.2.1 and later.) Location of the user by longitude.

ISP

(For Releases 21.2.1 and later.) Internet service provider of the WAN link used to connect to the secure access gateway.

Supported Software Information

Releases 21.1.1 and later support all content described in this article, except:

  • Release 21.2.1 adds support for log type secAccUserRegEventLog.
  • Release 22.1.1 adds support for log type secAccUserConnEventLog.
  • Release 22.1.2 adds support for fields roundTripTime, Latitude, Longitude, and ISP for log type secAccUserStatsLog.
  • Release 22.1.3 adds support for field deviceName for log type secAccUserConnEventLog.
  • Release 22.1.4 (Service Release dated 2024-11-10 or later) adds support for fields mdmDevType and mdmComplState.
  • Was this article helpful?