This article is intended to be a simple example of configuring AnyConnect relevant syslog messages to be sent from the ASA to a Syslog server. The syslog server in this example is Spunk but almost any syslog server should be do the job. The Syslog ID's used in this example are just a set I felt were sufficient for this article, however you can view the extensive list of syslog messages available and customize to best fit your environment.
Explanation A new user-IP mapping has been added to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reason is VPN user. The failure reasons include the following: Maximum user limit reached and Duplicated address.
Recommended Action None required.
Error Message %ASA-6-722051: Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 Address assigned-ipassigned to session
ExplanationThe specified address has been assigned to the given user.
•group-policy —The group policy that allowed the user to gain access
•username —The name of the user
•public-ip —The public IP address of the connected client
•assigned-ip —The IPv4 or IPv6 address that is assigned to the client
Explanation A change has been made to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reasons include the following: Inactive timeout, NetBIOS probing failed, PIP notification, VPN user logout, Cut-through-proxy user logout, and MAC address mismatch. The failure reason is PIP notification.
Recommended Action None required.
Note: For detailed configuration guidance please refer to the guides below.
a Configuration > Device Management > Logging > Syslog Servers
2. Syslog Setup
a. Configuration > Device Management > Logging > Syslog Setup
Choose a system log facility for syslog servers to use as a basis to file messages. The default is LOCAL(4)20, which is what most UNIX systems expect. However, because your network devices share eight available facilities, you might need to change this value for system logs. Source: ASDM Online Help.
Note: In this example. LOCAL1(17) is being used.
3. Create and Event List
a. Configuration > Device Management > Logging > Event Lists
4. Add the Event List to the Logging filter for Syslog
a. Configuration > Device Management > Logging > Logging Filters
We have a FTD HA setup with 2 FP 2110 running FTD 126.96.36.199We see frequent messages like this in the ASAconsole.log in the standby unit%FTD-3-210005: LU allocate connection failed for UDP connection from INSIDE:X.X.X.X/64181 to OUTSIDE:188.8.131.52/53Output of ...
Hi all, the best Community of the internet. I want to open a new issue to see if anybody have some experiences about next. Happen that I have a security solution installed based on two Cisco Firepower 2130 with ASA image configured as failover a...
We have recently integrated our ASA authentication with Azure Active Directly using SAML. Now users are asked to login through Microsoft web page and provide 2 factor authentication using Azure AD. Whenever a user disconnects their sessio...
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...