I'm trying to create a table of VPN connection statistics where the easiest way to see the data is to look at the time the VPN tunnel is closed (_time) and the duration field from our ASA.
2016-06-08T13:31:27-04:00 firewall01 : %ASA-4-113019: Group = user_group, Username = jmaple, IP = 10.10.18.1, Session disconnected. Session Type: SSL, Duration: 7h:12m:31s, Bytes xmt: 418441224, Bytes rcv: 86574259, Reason: User Requested
What I want to do it extract the duration and subtract it from _time to produce a "Start Time" for when the connection started without having to look for a corresponding start event. The calculation would be done by calculating the difference at the time of the search. I'm still trying to get familiar with the ways of producing this kind of thing but everything I've tried so far hasn't worked.
↧