Hello Prashant,
Here are the steps for setting up the syslog server. First you would need to install a syslog server software on one of the computers. You may download one of the popular kiwisyslog servers from:
http://www.kiwisyslog.com/software_downloads.htm
It is listed as Kiwi Syslog Daemon. You may download standard edition that runs as a program. Once the syslog server is installed you will then need to login into the ASA in configuration terminal mode and enter the following commands.
logging host [in_if_name] ip_address
(example: logging host inside 1.2.3.4 We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the inside network.)
logging timestamp
logging trap 7
logging on
These commands will enable the PIX to ASA sending syslog messages to the syslog server.
For more information on logging commands you may refer to this URL:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115
To Capture VPN and High Availabilty Traffic Syslog Messages
Use the logging list command in order to capture the syslog for LAN-to-LAN and Remote access IPsec VPN messages alone. This example captures all VPN (IKE and IPsec) class system log messages with debugging level or higher.
Example:
hostname(config)#logging enable
hostname(config)#logging timestamp
hostname(config)#logging list my-list level debugging class vpn
hostname(config)#logging list my-list level debugging class ha
hostname(config)#logging trap my-list
hostname(config)#logging host inside 192.168.1.1
These commands are helpful in a situation when we are troubleshooting VPN client random disconnect issue and we need to collect syslog from the time of outage. Above statements will allow ONLY allow VPN and HA related syslog to be sent to the syslog server thus helping us not to dig through gigs
Here are the steps for setting up the syslog server. First you would need to install a syslog server software on one of the computers. You may download one of the popular kiwisyslog servers from:
http://www.kiwisyslog.com/software_downloads.htm
It is listed as Kiwi Syslog Daemon. You may download standard edition that runs as a program. Once the syslog server is installed you will then need to login into the ASA in configuration terminal mode and enter the following commands.
logging host [in_if_name] ip_address
(example: logging host inside 1.2.3.4 We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the inside network.)
logging timestamp
logging trap 7
logging on
These commands will enable the PIX to ASA sending syslog messages to the syslog server.
For more information on logging commands you may refer to this URL:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemint.htm#wp1020115
To Capture VPN and High Availabilty Traffic Syslog Messages
Use the logging list command in order to capture the syslog for LAN-to-LAN and Remote access IPsec VPN messages alone. This example captures all VPN (IKE and IPsec) class system log messages with debugging level or higher.
Example:
hostname(config)#logging enable
hostname(config)#logging timestamp
hostname(config)#logging list my-list level debugging class vpn
hostname(config)#logging list my-list level debugging class ha
hostname(config)#logging trap my-list
hostname(config)#logging host inside 192.168.1.1
These commands are helpful in a situation when we are troubleshooting VPN client random disconnect issue and we need to collect syslog from the time of outage. Above statements will allow ONLY allow VPN and HA related syslog to be sent to the syslog server thus helping us not to dig through gigs of logs from the time of issue.
Hope that helps
Regards
Rahul Ilwadhi
