Hi Joe,The message that you

TCAM · ‎04-15-2014

Hi -

How to make below message show up as in logging buffer? Do I have to turn on debug?

%ASA-6-713184: Group = xxxxx, Username = xxxxx, IP = x.x.x.x, Client Type: WinNT Client Application Version: 4.6.03.0021

My goal is to capture the "Client Type" and "App Version" when AnyConnect client is conneted.

logging enable
logging timestamp
logging buffer-size 999999
logging buffered debugging

Thanks in advance.

Marvin Rhoads · ‎04-15-2014

The -6- in the string indicates this particular message is level 6 (informational). Since informational logging on an ASA generally includes a large volume of messages - for instance every single tcp session setup and teardown - I tend not to use that level unless I'm troubleshooting or else have something like a regulatory or legal requirement to capture that much information.

I would prefer to pick one or two important informational messages and elevate their default logging level to something like 4 (warning) like this:

logging message 713184 level 4

That way you don't have to fill up your log buffer (or syslog server) with tens of thousands or millions of messages you don't need.

And yes - "logging buffered <severity level>" is how you set the level of messages sent to the internal logging buffer.

TCAM · ‎04-15-2014

Thanks for taking time & looking into it. I appreciated.

Good ideas, I will bring the logging level down.

My ASA OS is 8.4(7)3, for some reasons, the log message %ASA-6-713184 won't show up on buffer, even though i have enabled logging buffered debugging. Was it a bug? Anyone?

Marvin Rhoads · ‎04-15-2014

Try setting "logging buffered informational" (or my earlier suggested approach).

TCAM · ‎04-15-2014

I tried on 2 ASAs (8.2 & 8.4) with no luck, I didn't see log message %ASA-6-713184 in buffer outputs. If you can access an ASA, can you try below commands?

logging enable
logging buffer-size 128000
logging buffered informational
logging message 713184 level errors (bring it down from level 6 to 3, but still no luck)

Marvin Rhoads · ‎04-16-2014

Hmm. I'm seeing the same behavior you are when I tried it on an ASA and then VPN'd in - no log message being generated.

I have successfully changed the log message level in the past for other events. I wonder if it's a bug related to this message?

The ASA I tried on is running 8.4(4).

Vishnu Sharma · ‎04-20-2014

Hi Marvin,

You will not be able to see it because the message id is relevant for IPsec connections and you are trying using Anyconnect. So this id will not be generated and you will not be able to see it in the syslog.

Vishnu

TCAM · ‎04-21-2014

Good catch Vishnu - this explain why it didn't show up.

Question: is there a relevant logging message for anyconnect to reveal the client type and version?

sh vpn-sessiondb detail anyconnect and sh vpn-sessiondb webvpn works but i want to see them show up as a log message if possible. Thanks

johnlloyd_13 · ‎04-20-2014

hi joe,

could you try issuing a show logging message 713184?

if still nothing try debug crypto isakmp.

TCAM · ‎04-21-2014

Thanks Johnlloyd - no , debug and show logging message didn't help. Thanks

Vishnu Sharma · ‎04-20-2014

Hi Joe,

The message that you have mentioned here is not for Anyconnect: %ASA-6-713184: Group = xxxxx, Username = xxxxx, IP = x.x.x.x, Client Type: WinNT Client Application Version: 4.6.03.0021

It is for IPSec VPN client so no matter you use commands like "logging message 713184 level <1-7>" or "debug crypto isakmp", it is not going to solve your question. These will be relevant if you are connecting using IPSec VPN client. I say this because crypto is not used in SSL and Anyconnect versions are mainly 2.x and 3.x but the one you have showed here is 4.6.x which is an IPSec VPN client version.

For now you can use manual commands to capture this information:

Show vpn-sessiondb detail anyconnect
Show vpn-sessiondb detail webvpn

Let me know if this answers your question.

Vishnu

Cisco asa syslog message question