cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
860
Views
5
Helpful
2
Replies

ASA anyconnect logging to syslog

ronald.su
Level 1
Level 1

hello there,

  I hoping you are  doing great.  I wanna to use syslog to record anyconnect client connected event.

I am using ASA5512-X (Software Version 9.12(4)30), below is my logging config on asa:

logging enable
logging timestamp
logging buffer-size 65535
logging trap informational
logging asdm informational
logging host inside 10.10.0.32
logging class vpnc trap informational
logging class svc trap informational
logging class ssl trap informational

 

BUT when I using anyconnect client to connect to asa. no syslog recevied. any idea?

thanks!

2 Replies 2

@ronald.su do you not receive any syslog messages?

If you just want anyconnect logon/logoff events, you may be better off creating a filter list on the events you do want to receive. The example below should cover anyconnect logon events.

 

logging enable
logging timestamp
no logging hide username
logging list SEND-TO-SYSLOG message 109006
logging list SEND-TO-SYSLOG message 113004
logging list SEND-TO-SYSLOG message 113012
logging list SEND-TO-SYSLOG message 716001-716002
logging trap SEND-TO-SYSLOG
logging host INSIDE 192.168.10.15

Depend on your aaa server (local, ldap or radius) you will get a different syslog message, refer to the list below.

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_4769484

 

Taken from my notes, I would enable the following message IDs for AnyConnect:

message ID 113005
message ID 722023
message ID 722022
message ID 113006
message ID 713184
message ID 716002
message ID 713228
message ID 716001
message ID 302010

Please refer to the link @Rob Ingram shared for more details about each one.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: