Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1165
Views
0
Helpful
0
Replies

VPN AnyConnect - user logs - MAC Address - send to remote Syslog server

Hardi Ahmed
Level 7
Level 7

‎06-19-2017 11:54 PM - edited ‎02-21-2020 06:11 AM

Hi

for the remote users there is a Firewall dedicated for AnyConnect client access, during that the event logs are sending to a remote syslog server 'ArcSgith'. the logs can be parsed from the ArcSight properly, however still unable to see the client MAC addresses there.

the applied configuration on the Firewall is as a follows;

logging enable
logging list DAP-Event-List message 734001-734004
logging buffer-size 65535
logging buffered warnings
logging trap debugging
logging asdm debugging
logging facility 23
logging host DmzInterVPN 10.100.50.220
logging class auth trap informational
logging class vpdn trap informational
logging class vpn trap informational
logging class vpnc trap informational
logging class webvpn trap informational
logging class svc trap debugging
no logging message 302016
logging message 716023 level debugging
logging message 734002 level debugging
logging message 734001 level debugging
logging message 734004 level debugging
logging message 113019 level debugging
logging message 722037 level debugging
logging message 722038 level debugging
logging message 113004 level debugging
logging message 716060 level debugging
logging message 716059 level debugging
logging message 716058 level debugging
logging message 716001 level debugging
logging message 716002 level debugging

I used many articles from Cisco but with no Luck, appreciate your support.

thanks lot in advance

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card