How to make below message show up as in logging buffer? Do I have to turn on debug?
%ASA-6-713184: Group = xxxxx, Username = xxxxx, IP = x.x.x.x, Client Type: WinNT Client Application Version: 4.6.03.0021
My goal is to capture the "Client Type" and "App Version" when AnyConnect client is conneted.
logging buffer-size 999999
logging buffered debugging
Thanks in advance.
The -6- in the string indicates this particular message is level 6 (informational). Since informational logging on an ASA generally includes a large volume of messages - for instance every single tcp session setup and teardown - I tend not to use that level unless I'm troubleshooting or else have something like a regulatory or legal requirement to capture that much information.
I would prefer to pick one or two important informational messages and elevate their default logging level to something like 4 (warning) like this:
That way you don't have to fill up your log buffer (or syslog server) with tens of thousands or millions of messages you don't need.
And yes - "logging buffered <severity level>" is how you set the level of messages sent to the internal logging buffer.
Thanks for taking time & looking into it. I appreciated.
Good ideas, I will bring the logging level down.
My ASA OS is 8.4(7)3, for some reasons, the log message %ASA-6-713184 won't show up on buffer, even though i have enabled logging buffered debugging. Was it a bug? Anyone?
I tried on 2 ASAs (8.2 & 8.4) with no luck, I didn't see log message %ASA-6-713184 in buffer outputs. If you can access an ASA, can you try below commands?
logging buffer-size 128000
logging buffered informational
logging message 713184 level errors (bring it down from level 6 to 3, but still no luck)
Hmm. I'm seeing the same behavior you are when I tried it on an ASA and then VPN'd in - no log message being generated.
I have successfully changed the log message level in the past for other events. I wonder if it's a bug related to this message?
The ASA I tried on is running 8.4(4).
You will not be able to see it because the message id is relevant for IPsec connections and you are trying using Anyconnect. So this id will not be generated and you will not be able to see it in the syslog.
Good catch Vishnu - this explain why it didn't show up.
Question: is there a relevant logging message for anyconnect to reveal the client type and version?
sh vpn-sessiondb detail anyconnect and sh vpn-sessiondb webvpn works but i want to see them show up as a log message if possible. Thanks
The message that you have mentioned here is not for Anyconnect: %ASA-6-713184: Group = xxxxx, Username = xxxxx, IP = x.x.x.x, Client Type: WinNT Client Application Version: 4.6.03.0021
It is for IPSec VPN client so no matter you use commands like "logging message 713184 level <1-7>" or "debug crypto isakmp", it is not going to solve your question. These will be relevant if you are connecting using IPSec VPN client. I say this because crypto is not used in SSL and Anyconnect versions are mainly 2.x and 3.x but the one you have showed here is 4.6.x which is an IPSec VPN client version.
For now you can use manual commands to capture this information:
Show vpn-sessiondb detail anyconnect
Show vpn-sessiondb detail webvpn
Let me know if this answers your question.