cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
515
Views
0
Helpful
8
Replies

Concentrator filterable event logs in ASA?

whiteford
Level 1
Level 1

Hi,

On the concentrator it had a great tool caleld "filterable event logs" to see why users were having issues logging on the VPN and the same for the site-to-site links.

How can I do this on the ASA 5520?

Thanks

8 Replies 8

andrew.prince
Level 10
Level 10

You can filter on anything in the log, goto:-

Monitor> Logging> Real-Time log viewer

then in the "Filter By" box enter what you want to find/see.

HTH>

Thanks Andrew,

But how can I just show VPN related information?

Thanks

Monitoring> VPN> VPN Statistics>

HTH>

I'm look for information as to when users put in incorrect passwords/username, or the SA's are wrong on a Site-to-Site tunnel etc, just like the concentrator did?

You can search the logs for the syslog id's:-

1) 713120 - VPN creation and PHASE 2 sucess auth

2) 713050 - VPN termination

HTH>

My real-time logger appears blank (debugging), but my log buffer (debugging) is full information but very slow, which should I use?

The choice is yours - you should check your config to the real time logging.

HTH>

Farrukh Haroon
VIP Alumni
VIP Alumni

You can also create a logging list for a particular 'class' like FAILOVER, VPNs etc. and then either send it to syslog/email etc. or raise its level to something very low (like level 1 or2). Then just turn on buffer logging or monitor logging for that particular level. This way you will filter all the level 4/5/6 messages of permit/deny/acl logging.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: