ASA Syslog Options

Unanswered Question
Apr 21st, 2010

In the ASA reference manual is says you can send certain syslog messages to the syslog server and cut out unwanted ones.  For example the below command came from the manual, can anyone tell me what the format is for the "message_list" option?

In other words, if I just want to see timestamps and session information for remote access users going to my syslog server how would I set that up within the ASA?

logging trap {severity_level | message_list}

Thanks,

glh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Wed, 04/21/2010 - 19:22

You can send all the syslog messages for remote vpn client only to your syslog server as follows:

logging list vpn-log level debugging class vpnc
logging trap vpn-log

OR/ alternatively, if you know exactly which syslog messages you are after, you can configure it this way:

logging list vpn-list message 611101

logging trap vpn-list

The vpn client syslog is within the 611xxx range, and here is the syslog for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4774570

Hope that helps.

GREG HARPER Thu, 04/22/2010 - 08:20

Can I also send the critical and/or error messages as well as the vpnc messages to the syslog server?  If yes, what would that configuration look like?

Thanks for your response this is a big help!

glh

Actions

This Discussion