Hey all,
Curious if anyone can shed some light on these ID's, as the ASA syslog encyclopedia isn't very insightful:
Error Message %ASA-6-722022: Group group-name User user-name IP addr (TCP | UDP) connection established (with | without) compression
Error Message %ASA-6-722023: Group group User user-name IP IP_address SVC connection terminated {with|without} compression
What exactly do these mean? I'm trying to track users' VPN sessions (I've successfully tested and it appears ID's 113039 and 113019 are the best for providing accurate session info). The problem is, the 722* ID's listed above are extremely prominent in the logs. There are blocks of time -- we're talking a month or two for each user in which the only ID's I see are the 722* events--particularly the 722023 event. We have since tuned the ASA to prioritize the 113* ID's, but I'm trying to find a way to explain to management (and legal) why there are chunks of time that we're only seeing 722022/023 events. Are these just communications between agent and server? Any insight is HUGELY appreciated.
Thanks!