Very new to Cisco products and syslog...
We have 2 devices ASA 5520 and VPN 3000 Concentrator sending data to syslog server.
I'm looking to gather information regarding authentication from these devices, but the format for syslog messages is different.
ASA 5520 Example:
2008-03-24,07:45:59,xxx.xxx.xxx.xxx,21,6,%ASA-6-113004: AAA user authentication Successful : server = xxx: user = testuser
2008-03-24,07:46:02,xxx.xxx.xxx.xxx,21,6,%ASA-6-113009: AAA retrieved default group policy (xxx) for user = testuser
2008-03-24,07:46:05,xxx.xxx.xxx.xxx,21,6,%ASA-6-113008: AAA transaction status ACCEPT : user = testuser
VPN 3000 Concentrator Example:
2008-03-24,03:03:07,xxx.xxx.xxx.xxx,23,5,1042195: 2008 Mar 24 01:58:42.650 CST -6:00 %AUTH-5-28: RPT=12964: 22.214.171.124: User [domain\testuser] Group [vpnremote-trusted] disconnected: Session Type: IPSec/UDP Duration: 0:28:15 Bytes xmt: 48160 Bytes rcv: 89152 Reason: Lost Service
I'm trying to get ASA 5520 to format the same as VPN 3000 Concentrator. We have reports that look for specifics in the syslog data.
Is this possible or not even an option due to different device types?