Syslog formats

Unanswered Question

Very new to Cisco products and syslog...

Question:

We have 2 devices ASA 5520 and VPN 3000 Concentrator sending data to syslog server.

I'm looking to gather information regarding authentication from these devices, but the format for syslog messages is different.

ASA 5520 Example:

2008-03-24,07:45:59,xxx.xxx.xxx.xxx,21,6,%ASA-6-113004: AAA user authentication Successful : server = xxx: user = testuser

2008-03-24,07:46:02,xxx.xxx.xxx.xxx,21,6,%ASA-6-113009: AAA retrieved default group policy (xxx) for user = testuser

2008-03-24,07:46:05,xxx.xxx.xxx.xxx,21,6,%ASA-6-113008: AAA transaction status ACCEPT : user = testuser

VPN 3000 Concentrator Example:

2008-03-24,03:03:07,xxx.xxx.xxx.xxx,23,5,1042195: 2008 Mar 24 01:58:42.650 CST -6:00 %AUTH-5-28: RPT=12964: 70.3.134.114: User [domain\testuser] Group [vpnremote-trusted] disconnected: Session Type: IPSec/UDP Duration: 0:28:15 Bytes xmt: 48160 Bytes rcv: 89152 Reason: Lost Service

I'm trying to get ASA 5520 to format the same as VPN 3000 Concentrator. We have reports that look for specifics in the syslog data.

Is this possible or not even an option due to different device types?

TIA...Scott

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Thu, 03/27/2008 - 11:55

Wont' work because of the different devices. The Concentrators were acquired from [I forget] so the logs are different. Sorry but you'll have to change your scripts. I've always found it useful to filter the scripts on the code type (ie ASA-6-113009). Pretty easy to change the script when Cisco changes something.

HTH

Actions

This Discussion