Solved

saving cisco VPN logs

Posted on 2011-09-12
3
419 Views
Last Modified: 2012-05-12
I have an ASA 5510 and have 3 VPN tunnels as well as an SSL VPN setup and I also have users connect via the anyconnect client.

I have been told I need to save logs from when people would connect and disconnect, so they can be reviewed if need be.  I figure I can setup a syslog server, but are there individual settings I need to make on the device itself?  Not sure what I would be looking for in the logs.
0
Comment
Question by:Wayside_Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 250 total points
ID: 36524683
There are several options.  Yes, you do have to configure the ASA with the IP address(es) of the syslog server(s).  Typically, mostly what I see is people changing the level of information that is logged (from level 0 - "emergencies" up to level 7 - "debugging".  Usually I see it set at "informational" which is level 6, but I can't recall if there's a default value that's set.  You can also change severity level for specific messages but I've rarely seen that level of detail in the configuration.

Take a look at the Configuraing Logging chapter in the configuration guide.  http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/monitor_syslog.html

0
 
LVL 33

Expert Comment

by:MikeKane
ID: 36529130
jmeggers gave you the right link....    I'm just going to add that a level 7 debug is not good for daily logging as it produces a LOT of traffic, especially on a busy device.   Level 5 is usually sufficient IMHO.    

For the backend, you can look at LogAnalyzer running with Rsyslog on any Linux host.    Its opensource and a good program... I use it myself.   Kiwi is a good windows alternative that's a paid for model.   I've used that one before also with success.
0
 
LVL 1

Author Comment

by:Wayside_Tech
ID: 36531770
Thanks, I will look into it and see.  Much appreciated.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question