is there a way to verify from Cisco router syslogs that an IPSec tunnel is being successfully established with another Cisco router / peer? I've been looking at the System Message manuals (SEC, Crypto events) and only see stuff that would indicate problems - would like to be able to check syslogs to validate that a tunnel came up without issue, or if a tunnel drops, etc. but not sure what these messages look like.
Randy, I understand now!
What I would do in this case is couple of things, but this still needs some minor configuration on the router, it depends on the router managed provider but.. you should be able to ask the provider know that you want to get syslog traps from the router to your syslog server, and they should be able to provide this to you and they should provide that, after all, you are paying for services even though is a managed router by provider.
On the router thye would configure a secondary logging server.
say your syslog server is 220.127.116.11
router(config)#logging trap informational
the above informational is facility #6 out of the 7 levels of facility, 0 being emergencies 1 alerts 2 critical and so on..I believe with this facility# you will see tunnel info on the syslog.
additionally, on the access-lists pertaining to the L2L Ipsec tunnel add the keyword log at the end of each of its access-list, with the keywork log the router will send traps pertaining to the access-list to your syslog thus providing you that the connection is stablihed or not.