Get all Login/Logoff events (113039 = Login, 113019 = Disconnect/Logoff)cat asa_logs.csv | grep -E '113039'\|'113019'
2020-06-19T16:22:23,SENSOR01.asa5505.myorg.local,%ASA-6-113039: Group User IP <78.78.78.78> AnyConnect parent session started.
2020-06-19T17:57:55,SENSOR01.asa5505.myorg.local,”%ASA-4-113019: Group = SSLVPN, Username = jsmith, IP = 78.78.78.78, Session disconnected. Session Type: SSL, Duration: 1h:35m:32s, Bytes xmt: 9406450, Bytes rcv: 5267050, Reason: User Requested”
2020-06-19T18:00:02,SENSOR01.asa5505.myorg.local,%ASA-6-113039: Group User IP <78.78.78.78> AnyConnect parent session started.
2020-06-19T18:00:31,SENSOR01.asa5505.myorg.local,”%ASA-4-113019: Group = SSLVPN, Username = jsmith, IP = 78.78.78.78, Session disconnected. Session Type: SSL, Duration: 0h:00m:29s, Bytes xmt: 178622, Bytes rcv: 180776, Reason: User Requested”
2020-06-22T13:40:26,SENSOR01.asa5505.myorg.local,%ASA-6-113039: Group User IP <78.78.78.78> AnyConnect parent session started.
2020-06-22T20:59:01,SENSOR01.asa5505.myorg.local,”%ASA-4-113019: Group = SSLVPN, Username = jsmith, IP = 78.78.78.78, Session disconnected. Session Type: SSL, Duration: 7h:18m:37s, Bytes xmt: 102232957, Bytes rcv: 30057099, Reason: User Requested”
Exclude all Internal IP Address Ranges:cat asa_logs.csv | grep -v "10(.[0-9]{1,3}){3}|192.168(.[0-9]{1,3})|172.(1[6-9]|2[0-9]|3[01]).[0-9]{1,3}.[0-9]{1,3}|127.0.0.1"
2020-06-25T21:38:35,SENSOR01.asa5505.myorg.local,%ASA-6-302016: Teardown UDP connection 133046757 for outside:192.168.129.8/49174(LOCAL\jsmith) to inside:192.168.123.6/53 duration 0:00:00 bytes 192 (jsmith)
2020-06-25T21:38:35,SENSOR01.asa5505.myorg.local,%ASA-6-302016: Teardown UDP connection 133046763 for outside:192.168.129.8/49174(LOCAL\jsmith) to inside:192.168.123.7/53 duration 0:00:00 bytes 192 (jsmith)
2020-06-25T21:38:49,SENSOR01.asa5505.myorg.local,%ASA-6-302015: Built inbound UDP connection 133046985 for outside:192.168.129.8/53383 (192.168.129.8/53383)(LOCAL\jsmith) to inside:192.168.123.6/53 (192.168.123.6/53) (jsmith)
2020-06-25T21:38:49,SENSOR01.asa5505.myorg.local,%ASA-6-302015: Built inbound UDP connection 133046986 for outside:192.168.129.8/53383 (192.168.129.8/53383)(LOCAL\jsmith) to inside:192.168.123.7/53 (192.168.123.7/53) (jsmith)
2020-06-25T21:38:50,SENSOR01.asa5505.myorg.local,%ASA-6-302016: Teardown UDP connection 133046985 for outside:192.168.129.8/53383(LOCAL\jsmith) to inside:192.168.123.6/53 duration 0:00:00 bytes 230 (jsmith)
2020-06-25T21:38:50,SENSOR01.asa5505.myorg.local,%ASA-6-302016: Teardown UDP connection 133046986 for outside:192.168.129.8/53383(LOCAL\jsmith) to inside:192.168.123.7/53 duration 0:00:00 bytes 230 (jsmith)
Exclude specific public IP addresses| grep -v 8.4.6.11
2020-06-19T16:22:23,SENSOR01.asa5505.myorg.local,%ASA-6-113003: AAA group policy for user jsmith is being set to GroupPolicy1
2020-06-19T16:22:23,SENSOR01.asa5505.myorg.local,%ASA-6-113011: AAA retrieved user specific group policy (GroupPolicy1) for user = jsmith
2020-06-19T16:22:23,SENSOR01.asa5505.myorg.local,%ASA-6-113009: AAA retrieved default group policy (NOACCESS) for user = jsmith
2020-06-19T16:22:23,SENSOR01.asa5505.myorg.local,%ASA-6-113008: AAA transaction status ACCEPT : user = jsmith
2020-06-19T18:00:02,SENSOR01.asa5505.myorg.local,%ASA-6-113003: AAA group policy for user jsmith is being set to GroupPolicy1
2020-06-19T18:00:02,SENSOR01.asa5505.myorg.local,%ASA-6-113011: AAA retrieved user specific group policy (GroupPolicy1) for user = jsmith
2020-06-19T18:00:02,SENSOR01.asa5505.myorg.local,%ASA-6-113009: AAA retrieved default group policy (NOACCESS) for user = jsmith
2020-06-19T18:00:02,SENSOR01.asa5505.myorg.local,%ASA-6-113008: AAA transaction status ACCEPT : user = jsmith