09-21-2011 09:17 PM - edited 03-11-2019 02:28 PM
HI ALL,
Please send me step bu step guide to setup syslog for site to site VPN.(in ASA 5520)
NOTE: I have a syslog server.
just send me the step to moniter site to site vpn using that in ASA 5520
Regards,
Prashant
09-22-2011 03:00 AM
Hello Prashant,
Here are the steps for setting up the syslog server. First you would need to install a syslog server software on one of the computers. You may download one of the popular kiwisyslog servers from:
http://www.kiwisyslog.com/software_downloads.htm
It is listed as Kiwi Syslog Daemon. You may download standard edition that runs as a program. Once the syslog server is installed you will then need to login into the ASA in configuration terminal mode and enter the following commands.
logging host [in_if_name] ip_address
(example: logging host inside 1.2.3.4 We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the inside network.)
logging timestamp
logging trap 7
logging on
These commands will enable the PIX to ASA sending syslog messages to the syslog server.
For more information on logging commands you may refer to this URL:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115
To Capture VPN and High Availabilty Traffic Syslog Messages
Use the logging list command in order to capture the syslog for LAN-to-LAN and Remote access IPsec VPN messages alone. This example captures all VPN (IKE and IPsec) class system log messages with debugging level or higher.
Example:
hostname(config)#logging enable
hostname(config)#logging timestamp
hostname(config)#logging list my-list level debugging class vpn
hostname(config)#logging list my-list level debugging class ha
hostname(config)#logging trap my-list
hostname(config)#logging host inside 192.168.1.1
These commands are helpful in a situation when we are troubleshooting VPN client random disconnect issue and we need to collect syslog from the time of outage. Above statements will allow ONLY allow VPN and HA related syslog to be sent to the syslog server thus helping us not to dig through gigs
Here are the steps for setting up the syslog server. First you would need to install a syslog server software on one of the computers. You may download one of the popular kiwisyslog servers from:
http://www.kiwisyslog.com/software_downloads.htm
It is listed as Kiwi Syslog Daemon. You may download standard edition that runs as a program. Once the syslog server is installed you will then need to login into the ASA in configuration terminal mode and enter the following commands.
logging host [in_if_name] ip_address
(example: logging host inside 1.2.3.4 We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the inside network.)
logging timestamp
logging trap 7
logging on
These commands will enable the PIX to ASA sending syslog messages to the syslog server.
For more information on logging commands you may refer to this URL:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115
To Capture VPN and High Availabilty Traffic Syslog Messages
Use the logging list command in order to capture the syslog for LAN-to-LAN and Remote access IPsec VPN messages alone. This example captures all VPN (IKE and IPsec) class system log messages with debugging level or higher.
Example:
hostname(config)#logging enable
hostname(config)#logging timestamp
hostname(config)#logging list my-list level debugging class vpn
hostname(config)#logging list my-list level debugging class ha
hostname(config)#logging trap my-list
hostname(config)#logging host inside 192.168.1.1
These commands are helpful in a situation when we are troubleshooting VPN client random disconnect issue and we need to collect syslog from the time of outage. Above statements will allow ONLY allow VPN and HA related syslog to be sent to the syslog server thus helping us not to dig through gigs of logs from the time of issue.
Hope that helps
Regards
Rahul Ilwadhi
09-22-2011 08:26 PM
Thanks let me try
04-16-2014 10:05 PM
Don't forget to add the command "logging trap <logging list name>" to apply the filter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide