Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
1
Replies

Syslog formats

k9adv2
Level 1
Level 1

‎03-27-2008 07:10 AM - edited ‎03-11-2019 05:22 AM

Very new to Cisco products and syslog...

Question:

We have 2 devices ASA 5520 and VPN 3000 Concentrator sending data to syslog server.

I'm looking to gather information regarding authentication from these devices, but the format for syslog messages is different.

ASA 5520 Example:

2008-03-24,07:45:59,xxx.xxx.xxx.xxx,21,6,%ASA-6-113004: AAA user authentication Successful : server = xxx: user = testuser

2008-03-24,07:46:02,xxx.xxx.xxx.xxx,21,6,%ASA-6-113009: AAA retrieved default group policy (xxx) for user = testuser

2008-03-24,07:46:05,xxx.xxx.xxx.xxx,21,6,%ASA-6-113008: AAA transaction status ACCEPT : user = testuser

VPN 3000 Concentrator Example:

2008-03-24,03:03:07,xxx.xxx.xxx.xxx,23,5,1042195: 2008 Mar 24 01:58:42.650 CST -6:00 %AUTH-5-28: RPT=12964: 70.3.134.114: User [domain\testuser] Group [vpnremote-trusted] disconnected: Session Type: IPSec/UDP Duration: 0:28:15 Bytes xmt: 48160 Bytes rcv: 89152 Reason: Lost Service

I'm trying to get ASA 5520 to format the same as VPN 3000 Concentrator. We have reports that look for specifics in the syslog data.

Is this possible or not even an option due to different device types?

TIA...Scott

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎03-27-2008 11:55 AM

Wont' work because of the different devices. The Concentrators were acquired from [I forget] so the logs are different. Sorry but you'll have to change your scripts. I've always found it useful to filter the scripts on the code type (ie ASA-6-113009). Pretty easy to change the script when Cisco changes something.

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card