Cisco
Login
Search
Software Secure Access
Activity Manage

Reports Remote Access Log Report View the Remote Access Log Report View the Remote Access Log Report

Last updated: Aug 07, 2025

View the Remote Access Log Report

  1. Navigate to Monitor > Reports > Remote Access Logs.
  2. Choose a time frame of remote access events.
  3. Use the search bar to find remote access events by identity or endpoint device OS version. Identity includes the columns User and Device Name.

     
    If you have configured rules to traffic originating from IP addresses in network segments that include Security Group Tags, then you can search for connection events by SGT. When present, SGTs will be appended to the User column value. For more information, see Integrate ISE with Secure Access and Integrate Catalyst SD-WAN with Secure Access.
  4. Refine your search using the following filters to help identify security issues that require attention.

    • AAA

    • Addr Assignment Fail

    • Access Allowed

    • Administrator Reset

    • Authentication Check

    • Authorization Check

    • Cert Auth Check

    • Certificate Expired

    • Client Type Not Supported

    • Connection Lost

    • Connection Preempted

    • DDNS Update Failed

    • Geocompliance Check

    • Geocompliance Service Unavailable

    • IKE Delete

    • IKEV2 Check

    • IPSec Error

    • Max Time Exceeded

    • Port Error

    • Posture Check

    • Posture Check Failed

    • SA Expired

    • Static IP Addr Assignment Fail

    • TLS Check

    • Unknown Disconnection Reason

    • Unknown Failed Reason

    • User Requested

    • Identities lets you filter by connection events with Security Group Tags (SGT) you have configured rules to traffic originating from IP addresses in network segments that include SGTs. When present, SGTs will be appended to the User column value. For more information, see Integrate ISE with Secure Access and Integrate Catalyst SD-WAN with Secure Access.


     
    Each filter is dynamic, except for Identities, and will only display filter option values that are present in the connection data. If no option values are present in the data for a filter, that filter remains hidden.
  5. The table includes the following categories:

    • User—The name of the user in Secure Access.

    • Device Name—The name of the device in Secure Access.

    • Connection Event—The identity used to determine which policy applied to this activity

    • Event Details— The category of activity or action committed.

    • Public IPv4 Address— The public-facing IPv4 address configured in the VPN profile.

    • Internal IPv4 Address— The internal IPv4 address configured in the VPN profile.

    • Internal IPv6 Address—The internal IPv6 address configured for the VPN profile.

    • VPN Profile— The name of the VPN profile associated with the event.

    • Session Type— The type of network security protocols detected in the event.

    • OS Type and Versions— The OS type and software version of the machine associated with the event.

    • Secure Client Version— The version of the Secure Client version.

    • Session Duration— Duration of the session, if terminated.

    • Region— The region configured in the VPN profile that is associated with the event.

    • Event Time— The day, year, and timestamp of the event.

Previous topic View the Remote Access Log Report Next topic View Event Details