This is perhaps a little crude, but try this:
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/myvpn?sess=" } {
log local0. "SSLVPN session started for [ACCESS::session data get session.logon.last.username], from IP [IP::client_addr]"
}
if { [HTTP::uri] equals "/vdesk/timeoutagent-i.php" } {
log local0. "SSLVPN session terminated for [ACCESS::session data get session.logon.last.username]"
}
}
It assumes you've captured the username during authentication, which should be stored in the session.logon.last.username session variable. It logs to the LTM log, which shows the time and date natively.
Logon should be solid, but logout will never be a guarantee if the user closes without logging out, reboots, or otherwise.