cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1885
Views
0
Helpful
1
Replies

vpn connections sent to syslog server on asdm 5.2

pauliew1978
Level 1
Level 1

Dear all,

I have recently lost my syslog event for client to site vpn connections. At the moment the syslog server side is set up and the asdm is pointing to it. I have set up the logging filter as follows:

cisco2.JPG

I am not quite sure what I am doing here I must admit. Also I would like to set up a syslog event for when my vpn site to site drops. Does anyone know how to do this?

I used to see messages like this being sent to me on client to site connections and disconnections...

03/12/2009 11:54 : %ASA-5-713120: Group = test12, Username =user1, IP = 100.100.10.10, PHASE 2 COMPLETED (msgid=e0211209)

many thanks,

Paul

1 Reply 1

Paul,


First of all, if you want to see logging information when you are connected via SSH or Telnet you will need to type 'terminal monitor'

If it is messages sent to a syslog server you are after, from what I can see you have the syslog  level set to emergencies which is too low. The levels are

  • Emergency (severity 0)—The system is unusable

  • Alert (severity 1)—Immediate action is needed

  • Critical (severity 2)—Critical condition

  • Error (severity 3)—Error condition

  • Warning (severity 4)—Warning condition

  • Notification (severity 5)—Normal but significant condition

  • Informational (severity 6)—Informational message

  • Debugging (severity 7)—Debugging message

So basically, if you have only Emergencies being sent to syslog, you will only see emergency events. If you set the syslog level to 5, you will see all levels 5 - 0 inclusive log messages.

So in other words, try setting your syslog level to 5 or 6, depending on how verbose you want the output. From the command line you can do

'logging trap informational' or 'logging trap notification' depending on your required verbosity.

Hope that helps,

Conor