04-15-2014 12:35 PM
Hi -
How to make below message show up as in logging buffer? Do I have to turn on debug?
%ASA-6-713184: Group = xxxxx, Username = xxxxx, IP = x.x.x.x, Client Type: WinNT Client Application Version: 4.6.03.0021
My goal is to capture the "Client Type" and "App Version" when AnyConnect client is conneted.
logging enable
logging timestamp
logging buffer-size 999999
logging buffered debugging
Thanks in advance.
04-15-2014 02:56 PM
The -6- in the string indicates this particular message is level 6 (informational). Since informational logging on an ASA generally includes a large volume of messages - for instance every single tcp session setup and teardown - I tend not to use that level unless I'm troubleshooting or else have something like a regulatory or legal requirement to capture that much information.
I would prefer to pick one or two important informational messages and elevate their default logging level to something like 4 (warning) like this:
logging message 713184 level 4
That way you don't have to fill up your log buffer (or syslog server) with tens of thousands or millions of messages you don't need.
And yes - "logging buffered <severity level>" is how you set the level of messages sent to the internal logging buffer.
04-15-2014 03:53 PM
Thanks for taking time & looking into it. I appreciated.
Good ideas, I will bring the logging level down.
My ASA OS is 8.4(7)3, for some reasons, the log message %ASA-6-713184 won't show up on buffer, even though i have enabled logging buffered debugging. Was it a bug? Anyone?
04-15-2014 07:47 PM
Try setting "logging buffered informational" (or my earlier suggested approach).
04-15-2014 08:23 PM
I tried on 2 ASAs (8.2 & 8.4) with no luck, I didn't see log message %ASA-6-713184 in buffer outputs. If you can access an ASA, can you try below commands?
logging enable
logging buffer-size 128000
logging buffered informational
logging message 713184 level errors (bring it down from level 6 to 3, but still no luck)
04-16-2014 05:12 AM
Hmm. I'm seeing the same behavior you are when I tried it on an ASA and then VPN'd in - no log message being generated.
I have successfully changed the log message level in the past for other events. I wonder if it's a bug related to this message?
The ASA I tried on is running 8.4(4).
04-20-2014 11:23 PM
Hi Marvin,
You will not be able to see it because the message id is relevant for IPsec connections and you are trying using Anyconnect. So this id will not be generated and you will not be able to see it in the syslog.
Vishnu
04-21-2014 07:01 AM
Good catch Vishnu - this explain why it didn't show up.
Question: is there a relevant logging message for anyconnect to reveal the client type and version?
sh vpn-sessiondb detail anyconnect and sh vpn-sessiondb webvpn works but i want to see them show up as a log message if possible. Thanks
04-20-2014 09:52 PM
hi joe,
could you try issuing a show logging message 713184?
if still nothing try debug crypto isakmp.
04-21-2014 06:57 AM
Thanks Johnlloyd - no , debug and show logging message didn't help. Thanks
04-20-2014 11:21 PM
Hi Joe,
The message that you have mentioned here is not for Anyconnect: %ASA-6-713184: Group = xxxxx, Username = xxxxx, IP = x.x.x.x, Client Type: WinNT Client Application Version: 4.6.03.0021
It is for IPSec VPN client so no matter you use commands like "logging message 713184 level <1-7>" or "debug crypto isakmp", it is not going to solve your question. These will be relevant if you are connecting using IPSec VPN client. I say this because crypto is not used in SSL and Anyconnect versions are mainly 2.x and 3.x but the one you have showed here is 4.6.x which is an IPSec VPN client version.
For now you can use manual commands to capture this information:
Show vpn-sessiondb detail anyconnect
Show vpn-sessiondb detail webvpn
Let me know if this answers your question.
Vishnu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide