Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1165
Views
0
Helpful
1
Replies

Send ASA5505 logs to Kiwi syslog server

Srinivas N
Level 1
Level 1

‎06-20-2016 10:51 PM - edited ‎03-12-2019 12:55 AM

Below configuration has been done in ASA 5510 and getting alerts to Kiwi syslog server, 

logging enable
logging trap informational
logging asdm informational
logging host inside <ip address of syslog server>

we need only vpn related alerts, please advise what config need to do on firewall

present getting below alerts on sys log server

06-21-2016 11:20:18 Local4.Info 10.10.10.1 Jun 21 2016 02:47:20: %ASA-6-302014: Teardown TCP connection 125818 for outside:40.100.0.194/443 to inside:10.10.10.11/56136 duration 0:00:01 bytes 7397 TCP Reset-I
06-21-2016 11:20:18 Local4.Info 10.10.10.1 Jun 21 2016 02:47:20: %ASA-6-302014: Teardown TCP connection 125686 for outside:118.214.96.55/443 to inside:10.10.10.11/56058 duration 0:05:07 bytes 39437 TCP FINs
06-21-2016 11:20:16 Local4.Info 10.10.10.1 Jun 21 2016 02:47:18: %ASA-6-302013: Built outbound TCP connection 125818 for outside:40.100.0.194/443 (40.100.0.194/443) to inside:10.10.10.11/56136 (111.93.9.122/56136)
06-21-2016 11:20:16 Local4.Info 10.10.10.1 Jun 21 2016 02:47:18: %ASA-6-305011: Built dynamic TCP translation from inside:10.10.10.11/56136 to outside:111.93.9.122/56136
06-21-2016 11:20:16 Local4.Info 10.10.10.1 Jun 21 2016 02:47:18: %ASA-6-302016: Teardown UDP connection 125817 for outside:8.8.4.4/53 to inside:10.10.10.11/61067 duration 0:00:00 bytes 297
06-21-2016 11:20:16 Local4.Info 10.10.10.1 Jun 21 2016 02:47:18: %ASA-6-302015: Built outbound UDP connection 125817 for outside:8.8.4.4/53 (8.8.4.4/53) to inside:10.10.10.11/61067 (111.93.9.122/61067)
06-21-2016 11:20:16 Local4.Info 10.10.10.1 Jun 21 2016 02:47:18: %ASA-6-305011: Built dynamic UDP translation from inside:10.10.10.11/61067 to outside:111.93.9.122/61067

Thanks & Regards, Srinivas. N.
Labels:
0 Helpful
1 Reply 1

Srinivas N
Level 1
Level 1

‎06-20-2016 11:20 PM

Hi Friends,

I did the below config, if any modification required please let me know.

To Capture VPN and High Availabilty Traffic Syslog Messages

Use the logging list command in order to capture the syslog for LAN-to-LAN and Remote access IPsec VPN messages alone. This example captures all VPN (IKE and IPsec) class system log messages with debugging level or higher. 

logging host [in_if_name] ip_address 

(example: logging host inside 1.2.3.4  We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the inside network.)

logging timestamp
logging trap 7
logging on

These commands will enable the PIX to ASA sending syslog messages to the syslog server. 

Example: 

hostname(config)#logging enable

hostname(config)#logging timestamp

hostname(config)#logging list my-list level debugging class vpn

hostname(config)#logging list my-list level debugging class ha

hostname(config)#logging trap my-list

hostname(config)#logging host inside 192.168.1.1 

These commands are helpful in a situation when we are troubleshooting VPN client random disconnect issue and we need to collect syslog from the time of outage. Above statements will allow ONLY allow VPN and HA related syslog to be sent to the syslog server thus helping us not to dig through gigs

Thanks & Regards, Srinivas. N.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card