The best you can do is check the logs.
May 11 13:42:08 cooper-apm-11-6-0 notice apd[23941]: 01490010:5: 069ff57c: Username 'test'
May 11 13:42:25 cooper-apm-11-6-0 notice tmm[29250]: 01490549:5: 069ff57c: Assigned PPP Dynamic IPv4: 10.1.1.101 Tunnel Type: VPN_TUNNELTYPE_TLS NA Resource: /Common/test_na_res Client IP: 10.0.0.1
May 11 13:42:25 cooper-apm-11-6-0 notice tmm[29250]: 01490505:5: 069ff57c: PPP tunnel 0x5700016e2e00 started.
May 11 13:42:42 cooper-apm-11-6-0 notice tmm[29250]: 01490505:5: 069ff57c: PPP tunnel 0x5700016e2e00 closed.
May 11 13:42:59 cooper-apm-11-6-0 notice tmm[29250]: 01490501:5: 069ff57c: Session deleted due to user logout request.
May 11 13:43:33 cooper-apm-11-6-0 notice tmm[29250]: 01490521:5: 069ff57c: Session statistics - bytes in: 21022, bytes out: 15642
For example for this username "test" you can see the lease pool IP address, the client IP address, the exact time the tunnel was opened and closed and you can also see the session statistics.
I would send the logs to a SIEM like Splunk and then write the correlation reports to gather the data in a way that makes since to you.
-Seth