https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787413#M530201 <HTML><HEAD></HEAD><BODY><P> Thanks let me try</P></BODY></HTML> Fri, 23 Sep 2011 03:26:35 GMT prashantrecon 2011-09-23T03:26:35Z https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787411#M530199 <P>HI ALL,</P><P></P><P>Please send me step bu step guide to setup syslog for site to site VPN.(in ASA 5520)</P><P></P><P></P><P>NOTE: I have a syslog server.</P><P></P><P>just send me the step to moniter site to site vpn using that in ASA 5520</P><P></P><P></P><P>Regards,</P><P>Prashant</P> Mon, 11 Mar 2019 21:28:25 GMT https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787411#M530199 prashantrecon 2019-03-11T21:28:25Z https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787412#M530200 <HTML><HEAD></HEAD><BODY><P>Hello Prashant,</P><P></P><P style="margin-top: px; margin-bottom: px;">Here are the steps for setting up the syslog server. First you would need to install a syslog server software on one of the computers. You may download one of the popular kiwisyslog servers from:<BR /> <BR /><A href="http://www.kiwisyslog.com/software_downloads.htm" title="blocked::http://www.kiwisyslog.com/software_downloads.htm">http://www.kiwisyslog.com/software_downloads.htm</A>&nbsp; <BR /> <BR />It is listed as Kiwi Syslog Daemon. You may download standard edition that runs as a program.&nbsp; Once the syslog server is installed you will then need to login into the ASA in configuration terminal mode and enter the following commands.<BR /> <BR />logging host [in_if_name] ip_address <BR /> <BR />(example: logging host inside 1.2.3.4&nbsp; We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the inside network.)<BR /> <BR />logging timestamp<BR />logging trap 7<BR />logging on<BR /> <BR />These commands will enable the PIX to ASA sending syslog messages to the syslog server.<BR /> <BR />For more information on logging commands you may refer to this URL:<BR /> <BR /><A href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115" title="blocked::http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115</A></P><P style="margin-top: px; margin-bottom: px;"><A href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#capturevpn" target="_blank" title="blocked::http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#capturevpn">To Capture VPN and High Availabilty Traffic Syslog Messages</A></P><P></P><P>Use the <STRONG>logging list</STRONG> command in order to capture the syslog for LAN-to-LAN and Remote access IPsec VPN messages alone. This example captures all VPN (IKE and IPsec) class system log messages with debugging level or higher.</P><P><STRONG>Example:</STRONG> </P><PRE>hostname(config)#<STRONG>logging enable</STRONG></PRE><PRE>hostname(config)#<STRONG>logging timestamp</STRONG></PRE><PRE>hostname(config)#<STRONG>logging list my-list level debugging class vpn</STRONG></PRE><PRE>hostname(config<STRONG>)#logging list my-list level debugging class ha </STRONG></PRE><PRE>hostname(config)#<STRONG>logging trap my-list</STRONG></PRE><PRE>hostname(config)#<STRONG>logging host inside 192.168.1.1</STRONG></PRE><PRE> </PRE><P>These commands are helpful in a situation when we are troubleshooting VPN client random disconnect issue and we need to collect syslog from the time of outage. Above statements will allow ONLY allow VPN and HA related syslog to be sent to the syslog server thus helping us not to dig through gigs<SPAN id="mce_marker"> </SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;"><SPAN style="font-family: Calibri; font-size: 10pt; mso-bidi-font-family: Arial;"><SPAN style="color: #000000;">Here are the steps for setting up the syslog server. First you would need to install a syslog server software on one of the computers. You may download one of the popular kiwisyslog servers from:<BR /> <BR /></SPAN><A href="http://www.kiwisyslog.com/software_downloads.htm" title="blocked::http://www.kiwisyslog.com/software_downloads.htm"><SPAN style="color: #0000ff;">http://www.kiwisyslog.com/software_downloads.htm</SPAN></A><SPAN style="color: #000000;">&nbsp; <BR /> <BR />It is listed as Kiwi Syslog Daemon. You may download standard edition that runs as a program.&nbsp; Once the syslog server is installed you will then need to login into the ASA in configuration terminal mode and enter the following commands.<BR /> <BR />logging host [in_if_name] ip_address <BR /> <BR />(example: logging host inside 1.2.3.4&nbsp; We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the inside network.)<BR /> <BR />logging timestamp<BR />logging trap 7<BR />logging on<BR /> <BR />These commands will enable the PIX to ASA sending syslog messages to the syslog server.<BR /> <BR />For more information on logging commands you may refer to this URL:<BR /> <BR /></SPAN><A href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115" title="blocked::http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115"><SPAN style="color: #0000ff;">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115</SPAN></A></SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;"><SPAN style="font-family: Calibri; font-size: 10pt; mso-bidi-font-family: Arial;"><A href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#capturevpn" target="_blank" title="blocked::http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#capturevpn"><SPAN style="color: #0000ff;">To Capture VPN and High Availabilty Traffic Syslog Messages</SPAN></A></SPAN></P><P><SPAN style="color: #000000;"><SPAN style="font-family: Calibri; font-size: 10pt; mso-bidi-font-family: Arial;">Use the <STRONG>logging list</STRONG> command in order to capture the syslog for LAN-to-LAN and Remote access IPsec VPN messages alone. This example captures all VPN (IKE and IPsec) class system log messages with debugging level or higher.</SPAN></SPAN></P><P><SPAN style="color: #000000;"><STRONG style="mso-bidi-font-family: Arial; font-size: 10pt; font-family: Calibri; ">Example:</STRONG><SPAN style="font-family: Calibri; font-size: 10pt; mso-bidi-font-family: Arial;"> </SPAN></SPAN></P><PRE><SPAN style="color: #000000;"><SPAN style="font-family: Calibri; mso-bidi-font-family: Arial;">hostname(config)#<STRONG>logging enable</STRONG></SPAN></SPAN></PRE><PRE><SPAN style="color: #000000;"><SPAN style="font-family: Calibri; mso-bidi-font-family: Arial;">hostname(config)#<STRONG>logging timestamp</STRONG></SPAN></SPAN></PRE><PRE><SPAN style="color: #000000;"><SPAN style="font-family: Calibri; mso-bidi-font-family: Arial;">hostname(config)#<STRONG>logging list my-list level debugging class vpn</STRONG></SPAN></SPAN></PRE><PRE><SPAN style="color: #000000;"><SPAN style="font-family: Calibri; mso-bidi-font-weight: bold; mso-bidi-font-family: Arial;">hostname(config<STRONG>)#logging list my-list level debugging class ha </STRONG></SPAN></SPAN></PRE><PRE><SPAN style="color: #000000;"><SPAN style="font-family: Calibri; mso-bidi-font-family: Arial;">hostname(config)#<STRONG>logging trap my-list</STRONG></SPAN></SPAN></PRE><PRE><SPAN style="color: #000000;"><SPAN style="font-family: Calibri; mso-bidi-font-family: Arial;">hostname(config)#<STRONG>logging host inside 192.168.1.1</STRONG></SPAN></SPAN></PRE><PRE><SPAN style="mso-bidi-font-family: Arial; color: #000000; font-family: Calibri; "> </SPAN></PRE><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; ">These commands are helpful in a situation when we are troubleshooting VPN client random disconnect issue and we need to collect syslog from the time of outage. Above statements will allow ONLY allow VPN and HA related syslog to be sent to the syslog server thus helping us not to dig through gigs of logs from the time of issue.</SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; "> </SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; ">Hope that helps</SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; "> </SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; ">Regards</SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; ">Rahul Ilwadhi</SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; "> </SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; "> </SPAN></P><P><SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; color: #000000; font-size: 12pt; mso-ansi-language: EN-US; font-family: Calibri; mso-fareast-font-family: 'Times New Roman'; "> </SPAN></P></BODY></HTML> Thu, 22 Sep 2011 10:00:14 GMT https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787412#M530200 ilwadhi.r 2011-09-22T10:00:14Z https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787413#M530201 <HTML><HEAD></HEAD><BODY><P> Thanks let me try</P></BODY></HTML> Fri, 23 Sep 2011 03:26:35 GMT https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787413#M530201 prashantrecon 2011-09-23T03:26:35Z https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787414#M530202 <P>Don't forget to add the command "logging trap&nbsp;&nbsp;&lt;<I>logging list name</I>&gt;" &nbsp;to apply the filter.</P><P>&nbsp;</P> Thu, 17 Apr 2014 05:05:43 GMT https://community.cisco.com/t5/network-security/how-to-setup-syslog-for-site-to-site-vpn/m-p/1787414#M530202 Ahmed Bashir 2014-04-17T05:05:43Z