cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4403
Views
5
Helpful
5
Replies

ASA VPN Logging Issue

rdianat
Level 1
Level 1

Hello experts,

I have upgraded my ASA5540 form 8.2(2) to 8.4(2) and I have run into this logging issue.

previously I was logging the message ID: 713906 and could get this information:

group name, public address, assigned local address, username which identifies all the elements of a tunnel establishment.

As I upgraded to 8.4(2) I have lost this logging capability. I have tried to use different logging message ID alternatives like 722022, 722051 without any luck. I configured the message IDs and just they are not being logged. here is my config:

logging enable

logging facility 22

logging queue 1024

logging device-id hostname

logging buffered 10000000

logging message 722051 level debugging

logging message 713906 level debugging

logging message 713050 level debugging

logging message 715053 level debugging

logging message 715019 level debugging

logging message 713906 level debugging

logging message 713184 level debugging

logging message 113019 level debugging

logging message 113004 level debugging

logging message 113005 level debugging

logging message 713052 level debugging

logging message 106015 level debugging

logging message 302013 level debugging

logging message 302016 level debugging

logging message 302014 level debugging

logging message 750006 level debugging

logging message 722022 level debugging

logging message 737026 level debugging

I see lots of lines being logged for connection etablishment, but not the above logs which I am interested in.

I am interested to have at least 'username, local ip address, at the time the session is established all together in one line. I can see many lines for 302013, 302014, 302016 for different connections, but I am more intereseted in the start of the session.

And please note I am using pure ipsec both IKEV1 and IKEV2 with cisco vpn client as well as cisco anyconnect. I am NOT using ssl vpn.

Any help would be appreciated.

Thank you,

Razi

2 Accepted Solutions

Accepted Solutions

Razi,

I'm not sure why you can't see 722022 and 746012 in the debug level logs. However, unless I am mistaken,you should be able to change logs 746012 and 734003 to informational using the same command you are using for those other messages. You might try this:

logging message 746012 informational

logging message 734003 informational

Thanks

Joey

View solution in original post

Kamal Malhotra
Cisco Employee
Cisco Employee

There are multiple issues in this.

1. The logs don't contain all the required information.

2. There are multiple logs with information of interest.

3. The same log appears more then once at the same time.

Filed a bug to resolve the same log appearing twice. The bug ID is : CSCtz01680. The bug is resolved and needs to be incorporated in one of the future releases.

Filed an enhancement request CSCtz01714 to resolve the logging information issue.

View solution in original post

5 Replies 5

johuggin
Level 1
Level 1

Hello Razi,

Are you seeing any debug level logs? What are the level of logs which you are seeing? Can you give us an output of a 'show logging messsage 722022'?

Thanks!

Yes, I see the debug level logs but nothing for 722022.

tst-vpn(config)# sh logg mess 722022

syslog 722022: default-level informational, current-level debugging (enabled)

Now I found the message ID 746012 and 734003 could be an acceptable solution, but the problem is for these two messages to be logged I have to enable logging buffered debugging". When I enable buffered debug logging, the buffer gets full immediately and I get lots of undesired logs. Is there any other message ID which can work in informational (level 6) and give me the same information as in 746012 or 722022?

Thanks,

Razi

Razi,

I'm not sure why you can't see 722022 and 746012 in the debug level logs. However, unless I am mistaken,you should be able to change logs 746012 and 734003 to informational using the same command you are using for those other messages. You might try this:

logging message 746012 informational

logging message 734003 informational

Thanks

Joey

Joey,

I CAN see 746012, but only if I have enabled debug logging " logging buffered debugging"

I did the commands you have mentioned:

logging message 746012 informational

logging message 734003 informational

by doing this I can not see these messages, but if I do "logging buffered debugging" then I can see these messages. if a message is generated in debug level, we can not change it to informational level by "informational" keyword. This is what I thought and that is what I see after configuration.

Any other thought?

Thanks,

Razi

Kamal Malhotra
Cisco Employee
Cisco Employee

There are multiple issues in this.

1. The logs don't contain all the required information.

2. There are multiple logs with information of interest.

3. The same log appears more then once at the same time.

Filed a bug to resolve the same log appearing twice. The bug ID is : CSCtz01680. The bug is resolved and needs to be incorporated in one of the future releases.

Filed an enhancement request CSCtz01714 to resolve the logging information issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: