GlobalProtect User Report with Login and Log-out time

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect User Report with Login and Log-out time

L0 Member
How do I create a custom report that will query all users and list their GlobalProtect VPN login AND logout times?
1 accepted solution

Accepted Solutions

L7 Applicator

You can get the info from CLI, I don't think there is a built-in or custom report option that gives you that detail. 

 

Run:

show global-protect-gateway previous-user

You'll get an output like (some details obfuscated):

Tunnel Name          : GP-Gateway
        Domain-User Name           : \gwesson
        Computer                   : Greg's Phone
        Client                     : Apple iOS 11.2.6
        VPN Type                   : Device Level VPN
        Mobile ID                  : f106...1b63
        Client OS                  : iOS
        Private IP                 : 172.20.30.47
        Private IPv6               : ::
        Public IP (connected)      : 192.0.2.1
        Public IPv6                : ::
        ESP                        : exist
        SSL                        : none
        Login Time                 : Mar.04 14:52:44
        Logout/Expiration          : *Mar.04 14:53:05
        Reason                     : client logout

        Domain-User Name           : \gwesson
        Computer                   : Greg's Computer
        Client                     : Apple Mac OS X 10.13.3
        VPN Type                   : Device Level VPN
        Mobile ID                  : 
        Client OS                  : Mac
        Private IP                 : 172.20.30.48
        Private IPv6               : ::
        Public IP (connected)      : 192.0.2.2
        Public IPv6                : ::
        ESP                        : removed
        SSL                        : exist
        Login Time                 : Apr.11 17:51:36
        Logout/Expiration          : *Apr.11 20:52:32
        Reason                     : user session expired

You should be able to get the same data via XML API, or even something like an Expect script. You can also replace "previous-user" with "current-user" to see the users that have not logged out.

View solution in original post

3 REPLIES 3

L7 Applicator

You can get the info from CLI, I don't think there is a built-in or custom report option that gives you that detail. 

 

Run:

show global-protect-gateway previous-user

You'll get an output like (some details obfuscated):

Tunnel Name          : GP-Gateway
        Domain-User Name           : \gwesson
        Computer                   : Greg's Phone
        Client                     : Apple iOS 11.2.6
        VPN Type                   : Device Level VPN
        Mobile ID                  : f106...1b63
        Client OS                  : iOS
        Private IP                 : 172.20.30.47
        Private IPv6               : ::
        Public IP (connected)      : 192.0.2.1
        Public IPv6                : ::
        ESP                        : exist
        SSL                        : none
        Login Time                 : Mar.04 14:52:44
        Logout/Expiration          : *Mar.04 14:53:05
        Reason                     : client logout

        Domain-User Name           : \gwesson
        Computer                   : Greg's Computer
        Client                     : Apple Mac OS X 10.13.3
        VPN Type                   : Device Level VPN
        Mobile ID                  : 
        Client OS                  : Mac
        Private IP                 : 172.20.30.48
        Private IPv6               : ::
        Public IP (connected)      : 192.0.2.2
        Public IPv6                : ::
        ESP                        : removed
        SSL                        : exist
        Login Time                 : Apr.11 17:51:36
        Logout/Expiration          : *Apr.11 20:52:32
        Reason                     : user session expired

You should be able to get the same data via XML API, or even something like an Expect script. You can also replace "previous-user" with "current-user" to see the users that have not logged out.

@DEIPAGP,

As @gwesson already pointed out this isn't a simple custom report that can be built directly on the firewall. You would need to utilize the XML API (or CLI) to get the information that you are looking for. This would then need to be compiled by yourself into a more 'pretty' solution if it needs to go up the chain at all. 

It turns out these reports won't work as we had intended - the connection is not being closed when the user shuts down their computer, so the logout is inaccurate.  I appreciate the assistance though.

  • 1 accepted solution
  • 9280 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!