userID to LeasePool IP Mapping
Hey all, I finally have my SSLVPN route domain working to force all my vpn traffic through our internal network. I am not translating any of the source addresses so each leased address in the lease pool for my vpn clients are visible on the network. My goal now is to configure syslog to point to some of our syslog collectors and associate the authenticated user with the leased address. So far, in reviewing the APM logs, I cannot find one log that contains both the leased address and the userID. I have two separate logs with the info, myuserID being my account and 192.168.9.8 being the leased IP in the pool.
Sep 2 13:12:08 JHHCF5-2 info apd: 01490007:6: a9dbfe8b: Session variable 'session.logon.last.username' set to 'myuserID'
Sep 2 13:12:28 JHHCF5-2 notice tmm3: 01490549:5: a9dbfe8b: Assigned PPP Dynamic IPv4: 192.168.9.8 Tunnel Type: VPN_TUNNELTYPE_DTLS NA Resource: /Common/jhhc_test_vpn_ap_na_res Client IP: 10.1.12.9
Has anyone done this? As an example I would like to integrate it with my palo alto URL filtering engine which can be configured to parse logs to associate userID with source IP.
Any help is appreciated!