GlobalProtect User Report with Login and Log-out time

Reply
L0 Member

GlobalProtect User Report with Login and Log-out time

How do I create a custom report that will query all users and list their GlobalProtect VPN login AND logout times?
L7 Applicator

Re: GlobalProtect User Report with Login and Log-out time

You can get the info from CLI, I don't think there is a built-in or custom report option that gives you that detail. 

 

Run:

show global-protect-gateway previous-user

You'll get an output like (some details obfuscated):

Tunnel Name          : GP-Gateway
        Domain-User Name           : \gwesson
        Computer                   : Greg's Phone
        Client                     : Apple iOS 11.2.6
        VPN Type                   : Device Level VPN
        Mobile ID                  : f106...1b63
        Client OS                  : iOS
        Private IP                 : 172.20.30.47
        Private IPv6               : ::
        Public IP (connected)      : 192.0.2.1
        Public IPv6                : ::
        ESP                        : exist
        SSL                        : none
        Login Time                 : Mar.04 14:52:44
        Logout/Expiration          : *Mar.04 14:53:05
        Reason                     : client logout

        Domain-User Name           : \gwesson
        Computer                   : Greg's Computer
        Client                     : Apple Mac OS X 10.13.3
        VPN Type                   : Device Level VPN
        Mobile ID                  : 
        Client OS                  : Mac
        Private IP                 : 172.20.30.48
        Private IPv6               : ::
        Public IP (connected)      : 192.0.2.2
        Public IPv6                : ::
        ESP                        : removed
        SSL                        : exist
        Login Time                 : Apr.11 17:51:36
        Logout/Expiration          : *Apr.11 20:52:32
        Reason                     : user session expired

You should be able to get the same data via XML API, or even something like an Expect script. You can also replace "previous-user" with "current-user" to see the users that have not logged out.

Tags (1)
L7 Applicator

Re: GlobalProtect User Report with Login and Log-out time

@DEIPAGP,

As @gwesson already pointed out this isn't a simple custom report that can be built directly on the firewall. You would need to utilize the XML API (or CLI) to get the information that you are looking for. This would then need to be compiled by yourself into a more 'pretty' solution if it needs to go up the chain at all. 

L0 Member

Re: GlobalProtect User Report with Login and Log-out time

It turns out these reports won't work as we had intended - the connection is not being closed when the user shuts down their computer, so the logout is inaccurate.  I appreciate the assistance though.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!