Concentrator filterable event logs in ASA?

whiteford · ‎10-12-2008

Hi,

On the concentrator it had a great tool caleld "filterable event logs" to see why users were having issues logging on the VPN and the same for the site-to-site links.

How can I do this on the ASA 5520?

Thanks

andrew.prince · ‎10-14-2008

You can filter on anything in the log, goto:-

Monitor> Logging> Real-Time log viewer

then in the "Filter By" box enter what you want to find/see.

HTH>

whiteford · ‎10-14-2008

Thanks Andrew,

But how can I just show VPN related information?

Thanks

andrew.prince · ‎10-14-2008

Monitoring> VPN> VPN Statistics>

HTH>

whiteford · ‎10-14-2008

I'm look for information as to when users put in incorrect passwords/username, or the SA's are wrong on a Site-to-Site tunnel etc, just like the concentrator did?

andrew.prince · ‎10-14-2008

You can search the logs for the syslog id's:-

1) 713120 - VPN creation and PHASE 2 sucess auth

2) 713050 - VPN termination

HTH>

whiteford · ‎10-14-2008

My real-time logger appears blank (debugging), but my log buffer (debugging) is full information but very slow, which should I use?

andrew.prince · ‎10-14-2008

The choice is yours - you should check your config to the real time logging.

HTH>

Farrukh Haroon · ‎10-14-2008

You can also create a logging list for a particular 'class' like FAILOVER, VPNs etc. and then either send it to syslog/email etc. or raise its level to something very low (like level 1 or2). Then just turn on buffer logging or monitor logging for that particular level. This way you will filter all the level 4/5/6 messages of permit/deny/acl logging.

Regards

Farrukh