Right, so there is no way to send that or trigger an alert message via fmc?

are you using ASA with sfr sensor. or you using FTD?

with ASA sfr sensor I am afraid you cant setup the alert on FMC. its only set up on ASA and could get a syslog message as @Cristian Matei mentioned.

however, if you using FTD than yes. you can configure the logging/alerts setup.

I'm using FMC to manage my FTD appliances. They are not running in ASA mode.

Here this is how you configure it.

Thanks, I just got around to testing this. I might open a case with tac. I tried the recommended filter and was not getting anything in my syslog. I deleted the filter, then just send anything informational to my syslog then I started to see the logs roll in. I tried some failed logins to my vpn, but I am not seeing them come in via syslog. If I grep for 611102, nothing shows up.

The correct logging event is %ASA-6-113005.

There appears to be a bug where it doesn't show the username. But this is what I am looking for to monitor failed anyconnect login attempts.

https://networkengineering.stackexchange.com/questions/9620/cisco-vpn-logs-do-not-show-the-username

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj62974