04-21-2010 12:10 PM
In the ASA reference manual is says you can send certain syslog messages to the syslog server and cut out unwanted ones. For example the below command came from the manual, can anyone tell me what the format is for the "message_list" option?
In other words, if I just want to see timestamps and session information for remote access users going to my syslog server how would I set that up within the ASA?
logging trap {severity_level | message_list}
Thanks,
glh
04-21-2010 07:22 PM
You can send all the syslog messages for remote vpn client only to your syslog server as follows:
logging list vpn-log level debugging class vpnc
logging trap vpn-log
OR/ alternatively, if you know exactly which syslog messages you are after, you can configure it this way:
logging list vpn-list message 611101
logging trap vpn-list
The vpn client syslog is within the 611xxx range, and here is the syslog for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4774570
Hope that helps.
04-22-2010 08:20 AM
Can I also send the critical and/or error messages as well as the vpnc messages to the syslog server? If yes, what would that configuration look like?
Thanks for your response this is a big help!
glh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide