Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel

AnyConnect Syslog Configuration Example

2883
Views
10
Helpful
0
Comments
pcarco
Cisco Employee
‎04-07-2020 10:54 AM
edited on: ‎04-07-2020 ‎10:54 AM

This article is intended to be a simple example of configuring AnyConnect relevant syslog messages to be sent from the ASA to a Syslog server.  The syslog server in this example is Spunk but almost any syslog server should be do the job.   The Syslog ID's used in this example are just a set I felt were sufficient for this article,  however you can view the extensive list of syslog messages available and customize to best fit your environment. 

 

 
The following are the syslogs configured in an event list on the ASA and tied to the Splunk instance.  A view in Splunk of the specific message is also shown
 
 The ASDM configuration is shown later as well as a captioned video demo. 
 

734001

Error Message %ASA-6-734001: DAP: User user, Addr ipaddr , Connection connection : The following DAP records were selected for this connection: DAP record names

Explanation The DAP records that were selected for the connection are listed.

user —The authenticated username
ipaddr —The IP address of the remote client
connection —The type of client connection, which can be one of the following:

- IPsec

- AnyConnect

- Clientless (web browser)

- Cut-Through-Proxy

- L2TP

DAP record names —The comma-separated list of the DAP record names
Recommended Action None required.
 734001.jpg
 

725007

Error Message %ASA-6-725007: SSL session with peer-type interface :src-ip /src-port to dst-ip /dst-port terminated.

Explanation The SSL session has terminated.

peer-type—Either the server or the client, depending on the device that initiated the connection
interface—The interface name that the SSL session is using
source-ip—The source IPv4 or IPv6 address
src-port—The source port number
dst-ip —The destination IP address
dst-port —The destination port number
Recommended Action None required
 
725007.jpg

746012

Error Message %ASA-5-746012: user-identity: Add IP-User mapping IP Address - domain_name \user_name result - reason

Explanation A new user-IP mapping has been added to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reason is VPN user. The failure reasons include the following: Maximum user limit reached and Duplicated address.

Recommended Action None required.
 
746012.jpg
 
 

722051

Error Message %ASA-6-722051: Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 Address assigned-ip assigned to session

Explanation The specified address has been assigned to the given user.

group-policy —The group policy that allowed the user to gain access
username —The name of the user
public-ip —The public IP address of the connected client
assigned-ip —The IPv4 or IPv6 address that is assigned to the client
Recommended Action None required.
 
722051.jpg
 

746013

Error Message %ASA-5-746013: user-identity: Delete IP-User mapping IP Address - domain_name \user_name result - reason

Explanation A change has been made to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reasons include the following: Inactive timeout, NetBIOS probing failed, PIP notification, VPN user logout, Cut-through-proxy user logout, and MAC address mismatch. The failure reason is PIP notification.

Recommended Action None required.

 

746013.jpg

 

113019-1.jpg

 

113019-2.jpg

ASDM Configuration

Note: For detailed configuration guidance please refer to the guides below.

ASA Configuration Guide 

ASDM Configuration Guide

 

  1. Define the Syslog Server

a   Configuration > Device Management > Logging > Syslog Servers

 

asdm-1.jpg

 

2.  Syslog Setup

a. Configuration > Device Management > Logging > Syslog Setup

Choose a system log facility for syslog servers to use as a basis to file messages. The default is LOCAL(4)20, which is what most UNIX systems expect. However, because your network devices share eight available facilities, you might need to change this value for system logs.  Source:  ASDM Online Help.

 

Note:  In this example. LOCAL1(17) is being used. 

asdm-2.jpg

 

3.  Create and Event List

a. Configuration > Device Management > Logging > Event Lists

 

asdm-3.jpg

 

4. Add the Event List to the Logging filter for Syslog

a. Configuration > Device Management > Logging > Logging Filters

 

 

asdm-4.jpg

 

 

DEMO

 

(view in My Videos)

Latest Contents
ASAv Management-Only setting
Created by dkmz on 06-02-2020 03:49 PM
4
0
4
0
I'm trying to deploy ASAv in Azure and as the docs suggest, the management-only setting should be removed from the Management interface since "...the Management interface is the only interface that can have an Azure public IP address associated with it. B... view more
Upgrade FTD on ASA in HA
Created by gustavosamuel on 06-02-2020 11:34 AM
1
0
1
0
 Hello Community, I need good advice to update two FTDs on ASA 5525X in HA from FMC1) do you need to break the HA to update them one at a time? so there is no effect on the service?Or is this process handled by the FMC without breaking the HA?I await... view more
API REST FXOS 4120 chassis Postman POST
Created by msouza on 06-02-2020 10:39 AM
0
0
0
0
I'm using Postman with a 4120 to test out various FXOS REST commands.  Getting the token and various monitoring REST commands work fine.  My problem is trying to add a new NTP server. Based on the JSON format of my GET of NTP servers, I'm settin... view more
Cisco ISE 2.4 license usage monitoring
Created by dolendeolende on 06-02-2020 09:54 AM
1
5
1
5
hi all, I am using Cisco ISE 2.4 with license base and plus.is it possible to monitor license usage through snmp or via other solution? thanks a lot for your help.  
PBR config questions on ASA
Created by tim829 on 06-02-2020 09:27 AM
0
0
0
0
I'm about to implement PBR on our ASA to route guest network traffic out of our secondary WAN connection. I do have a couple questions about the configuration though. Primary WAN Gateway: 165.XXX.XXX.129Secondary WAN Gateway: 206.XXX.XXX.1Guest Netwo... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners

Follow our Social Media Channels