Solved

saving cisco VPN logs

Posted on 2011-09-12
3
414 Views
Last Modified: 2012-05-12
I have an ASA 5510 and have 3 VPN tunnels as well as an SSL VPN setup and I also have users connect via the anyconnect client.

I have been told I need to save logs from when people would connect and disconnect, so they can be reviewed if need be.  I figure I can setup a syslog server, but are there individual settings I need to make on the device itself?  Not sure what I would be looking for in the logs.
0
Comment
Question by:Wayside_Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 250 total points
ID: 36524683
There are several options.  Yes, you do have to configure the ASA with the IP address(es) of the syslog server(s).  Typically, mostly what I see is people changing the level of information that is logged (from level 0 - "emergencies" up to level 7 - "debugging".  Usually I see it set at "informational" which is level 6, but I can't recall if there's a default value that's set.  You can also change severity level for specific messages but I've rarely seen that level of detail in the configuration.

Take a look at the Configuraing Logging chapter in the configuration guide.  http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/monitor_syslog.html

0
 
LVL 33

Expert Comment

by:MikeKane
ID: 36529130
jmeggers gave you the right link....    I'm just going to add that a level 7 debug is not good for daily logging as it produces a LOT of traffic, especially on a busy device.   Level 5 is usually sufficient IMHO.    

For the backend, you can look at LogAnalyzer running with Rsyslog on any Linux host.    Its opensource and a good program... I use it myself.   Kiwi is a good windows alternative that's a paid for model.   I've used that one before also with success.
0
 
LVL 1

Author Comment

by:Wayside_Tech
ID: 36531770
Thanks, I will look into it and see.  Much appreciated.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Password recovery 2950 is Deleting configuration Why 8 63
Cisco SRST questions 5 56
Configuring NAT in ASA ver. 9.1 4 51
Cisco ASA 5510 Question 2 32
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question