Solved

saving cisco VPN logs

Posted on 2011-09-12
3
395 Views
Last Modified: 2012-05-12
I have an ASA 5510 and have 3 VPN tunnels as well as an SSL VPN setup and I also have users connect via the anyconnect client.

I have been told I need to save logs from when people would connect and disconnect, so they can be reviewed if need be.  I figure I can setup a syslog server, but are there individual settings I need to make on the device itself?  Not sure what I would be looking for in the logs.
0
Comment
Question by:Wayside_Tech
3 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 250 total points
ID: 36524683
There are several options.  Yes, you do have to configure the ASA with the IP address(es) of the syslog server(s).  Typically, mostly what I see is people changing the level of information that is logged (from level 0 - "emergencies" up to level 7 - "debugging".  Usually I see it set at "informational" which is level 6, but I can't recall if there's a default value that's set.  You can also change severity level for specific messages but I've rarely seen that level of detail in the configuration.

Take a look at the Configuraing Logging chapter in the configuration guide.  http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/monitor_syslog.html

0
 
LVL 33

Expert Comment

by:MikeKane
ID: 36529130
jmeggers gave you the right link....    I'm just going to add that a level 7 debug is not good for daily logging as it produces a LOT of traffic, especially on a busy device.   Level 5 is usually sufficient IMHO.    

For the backend, you can look at LogAnalyzer running with Rsyslog on any Linux host.    Its opensource and a good program... I use it myself.   Kiwi is a good windows alternative that's a paid for model.   I've used that one before also with success.
0
 
LVL 1

Author Comment

by:Wayside_Tech
ID: 36531770
Thanks, I will look into it and see.  Much appreciated.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RDP ISR4321 Cisco Router 7 30
Mapping drives cross domain via logon script 2 23
2012 r2 branch office DNS 2 34
ASA 5505 not passing traffic to Netgear router 22 30
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question