AnyConnect VPN Client user logging

vikaspurohit1 · ‎06-05-2018

We are trying to capture user level logs for Cisco AnyConnect client based VPN. I understand that this is covered using the syslog message types in range 7x. However, just want to confirm, if I configure the logging trap informational under logging command, will it capture the VPN user logs or I need to apply a logging list specifically to include these messages.

Bogdan Nita · ‎06-06-2018

Enabling logging trap informational will send all informational logs and above to the logging server, and you should have the user vpn logs somewhere in there.

The logging list is used to filter this messages if the number of logs is to much or you only need specific logs.

Another option would be to change the logging level for the user vpn logs.

HTH

Bogdan

Marvin Rhoads · ‎06-06-2018

@vikaspurohit1 there are several 7xxxxx series syslog messages associated with remote access VPN client connections. They are generally a mix of severity 4 ("error") and 5 ("warning"). if you set logging to "informational" (severity 6) you will get a LOT of messages you probably don't want (like every single TCP connection and UDP flow).

The general recommendation is to leave ASA syslog level at 4 or 5 unless you are troubleshooting or have legal or regulatory requirements for all those more verbose log messages. As @Bogdan Nita mentioned, you can always modify a given message's severity level to make it be included among the more severe messages.

AnyConnect VPN Client user logging

AnyConnect VPN Client に関する FAQ

AnyConnect (Windows) 接続時のエラー (The VPN client driver encountered an error.)

AnyConnect/Cisco Secure Client : 他のVPNクライアントとの同時VPNセッションについて

Doc-Cisco ISE Posture p/ VPN de Acceso Remoto con Cisco Secure Client

Cisco Secure Client (旧称AnyConnect)とASAとの互換性等について