Email logging VPN Traffic

avburren1 · ‎03-01-2012

Hi,

I use ASA 5510 and I would like to log VPN traffic ( for example, as soon as a remote user try to connect to the asa).

I would like this log be send to a specific mail address.

I already configure Email Logging for severity ( level 3) and it works well.

How I can add the VPN traffic Log ?

Thank you

Zebedee007 · ‎03-01-2012

Hi,

This is the logging setup I have for logging VPN connections.

logging list email-alert message 716001-716002

logging list email-alert message 113019

logging list email-alert message 713119-713120

logging buffer-size 8192

logging buffered alerts

logging asdm notifications

logging mail email-alert

logging from-address fw-1@company.com

logging recipient-address someone@company level notifications

smtp-server xxx.xxx.xxx.xxx

This will give you IPSec Phase 1 & 2 connections & disconnections & also WebVPN connections

HTH

Zeb.

avburren1 · ‎03-06-2012

Hi,

logging enable
logging list VPNtraffic message 716001-716002
logging list VPNtraffic message 113019
logging list VPNtraffic message 713119-713120
logging asdm warnings
logging mail VPNtraffic
logging from-address xy@company.com
logging recipient-address xy@company.com level critical

smtp-server xxx.xxx.xxx.xxx

I have these lines but I don't receive the mail.

any ideas?

Zebedee007 · ‎03-06-2012

Hi,

You will need to run no logging mail VPNtrafic to be able to make changes to the mail logging list, once changes are made run logging mail VPNtraffic

Change:

logging recipient-address xy@company.com level critical

To:

logging recipient-address xy@company.com level notifications

Also might be worth adding the following lines:

logging buffer-size 8192

logging buffered alerts

HTH

Zeb,

avburren1 · ‎03-06-2012

If I change level critical to level notifications, Are you sure I will not have all the other traffic notifications send by Mail ?

thank you