10-12-2008 11:58 PM - edited 02-21-2020 03:02 AM
Hi,
On the concentrator it had a great tool caleld "filterable event logs" to see why users were having issues logging on the VPN and the same for the site-to-site links.
How can I do this on the ASA 5520?
Thanks
10-14-2008 01:03 AM
You can filter on anything in the log, goto:-
Monitor> Logging> Real-Time log viewer
then in the "Filter By" box enter what you want to find/see.
HTH>
10-14-2008 01:42 AM
Thanks Andrew,
But how can I just show VPN related information?
Thanks
10-14-2008 01:47 AM
Monitoring> VPN> VPN Statistics>
HTH>
10-14-2008 02:02 AM
I'm look for information as to when users put in incorrect passwords/username, or the SA's are wrong on a Site-to-Site tunnel etc, just like the concentrator did?
10-14-2008 02:27 AM
You can search the logs for the syslog id's:-
1) 713120 - VPN creation and PHASE 2 sucess auth
2) 713050 - VPN termination
HTH>
10-14-2008 03:24 AM
My real-time logger appears blank (debugging), but my log buffer (debugging) is full information but very slow, which should I use?
10-14-2008 03:29 AM
The choice is yours - you should check your config to the real time logging.
HTH>
10-14-2008 06:18 AM
You can also create a logging list for a particular 'class' like FAILOVER, VPNs etc. and then either send it to syslog/email etc. or raise its level to something very low (like level 1 or2). Then just turn on buffer logging or monitor logging for that particular level. This way you will filter all the level 4/5/6 messages of permit/deny/acl logging.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: