02-14-2022 12:38 AM
hello there,
I hoping you are doing great. I wanna to use syslog to record anyconnect client connected event.
I am using ASA5512-X (Software Version 9.12(4)30), below is my logging config on asa:
logging enable
logging timestamp
logging buffer-size 65535
logging trap informational
logging asdm informational
logging host inside 10.10.0.32
logging class vpnc trap informational
logging class svc trap informational
logging class ssl trap informational
BUT when I using anyconnect client to connect to asa. no syslog recevied. any idea?
thanks!
02-14-2022 12:59 AM - edited 02-14-2022 01:05 AM
@ronald.su do you not receive any syslog messages?
If you just want anyconnect logon/logoff events, you may be better off creating a filter list on the events you do want to receive. The example below should cover anyconnect logon events.
logging enable
logging timestamp
no logging hide username
logging list SEND-TO-SYSLOG message 109006
logging list SEND-TO-SYSLOG message 113004
logging list SEND-TO-SYSLOG message 113012
logging list SEND-TO-SYSLOG message 716001-716002
logging trap SEND-TO-SYSLOG
logging host INSIDE 192.168.10.15
Depend on your aaa server (local, ldap or radius) you will get a different syslog message, refer to the list below.
https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_4769484
02-14-2022 10:18 AM
Taken from my notes, I would enable the following message IDs for AnyConnect:
message ID 113005
message ID 722023
message ID 722022
message ID 113006
message ID 713184
message ID 716002
message ID 713228
message ID 716001
message ID 302010
Please refer to the link @Rob Ingram shared for more details about each one.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: