This article is intended to be a simple example of configuring AnyConnect relevant syslog messages to be sent from the ASA to a Syslog server. The syslog server in this example is Spunk but almost any syslog server should be do the job. The Syslog ID's used in this example are just a set I felt were sufficient for this article, however you can view the extensive list of syslog messages available and customize to best fit your environment.
Explanation A new user-IP mapping has been added to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reason is VPN user. The failure reasons include the following: Maximum user limit reached and Duplicated address.
Recommended Action None required.
Error Message %ASA-6-722051: Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 Address assigned-ipassigned to session
ExplanationThe specified address has been assigned to the given user.
•group-policy —The group policy that allowed the user to gain access
•username —The name of the user
•public-ip —The public IP address of the connected client
•assigned-ip —The IPv4 or IPv6 address that is assigned to the client
Explanation A change has been made to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reasons include the following: Inactive timeout, NetBIOS probing failed, PIP notification, VPN user logout, Cut-through-proxy user logout, and MAC address mismatch. The failure reason is PIP notification.
Recommended Action None required.
Note: For detailed configuration guidance please refer to the guides below.
a Configuration > Device Management > Logging > Syslog Servers
2. Syslog Setup
a. Configuration > Device Management > Logging > Syslog Setup
Choose a system log facility for syslog servers to use as a basis to file messages. The default is LOCAL(4)20, which is what most UNIX systems expect. However, because your network devices share eight available facilities, you might need to change this value for system logs. Source: ASDM Online Help.
Note: In this example. LOCAL1(17) is being used.
3. Create and Event List
a. Configuration > Device Management > Logging > Event Lists
4. Add the Event List to the Logging filter for Syslog
a. Configuration > Device Management > Logging > Logging Filters
I'm trying to deploy ASAv in Azure and as the docs suggest, the management-only setting should be removed from the Management interface since "...the Management interface is the only interface that can have an Azure public IP address associated with it. B...
Hello Community, I need good advice to update two FTDs on ASA 5525X in HA from FMC1) do you need to break the HA to update them one at a time? so there is no effect on the service?Or is this process handled by the FMC without breaking the HA?I await...
I'm using Postman with a 4120 to test out various FXOS REST commands. Getting the token and various monitoring REST commands work fine. My problem is trying to add a new NTP server.
Based on the JSON format of my GET of NTP servers, I'm settin...
I'm about to implement PBR on our ASA to route guest network traffic out of our secondary WAN connection. I do have a couple questions about the configuration though. Primary WAN Gateway: 165.XXX.XXX.129Secondary WAN Gateway: 206.XXX.XXX.1Guest Netwo...