JORGE RODRIGUEZ Wed, 07/02/2008 - 22:36
User Badges:
  • Green, 3000 points or more

Best is to setup a syslog server to capture logs or set up FTP server for same purpose, if you want specific log ID such as vpn clients connections, you may filter by using the Event List feature under firewall managemet logging section, configure Event class to filter on specific messages events such as vpn Ike IPsec connections webvpn etc..


working with messages loggings - see logging host for syslog server setup or logging ftp-server

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1736463


Event list logging filtering - logging in general

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/cfglog.html



Rgds

-Jorge


leo_zidane Thu, 07/03/2008 - 17:59
User Badges:

My ASA firewall logging setup is by syslog ID. Do you know what is the syslog ID associated with VPN so that I can enable it?

JORGE RODRIGUEZ Fri, 07/04/2008 - 19:48
User Badges:
  • Green, 3000 points or more

Look in messages ID ranges from 701001 to 732003 , like the 731052, 713056, 713060, 713061, there could be more , what I would suggest is to have a user connect via vpn and look at the asdm log when the user connects, take look at realtime asdm log and take notes of the syslog ID# on the syslog id colum,you may also ask the user to to purposely fail user password when connecting so that you can capture syslog id number for references.



System log messages

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html


Syslog messages by code

http://www.cisco.com/en/US/products/ps6120/products_system_message_guides_list.html



HTH

-Jorge

PLS rate any helpful posts

Actions

This Discussion