• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 427
  • Last Modified:

saving cisco VPN logs

I have an ASA 5510 and have 3 VPN tunnels as well as an SSL VPN setup and I also have users connect via the anyconnect client.

I have been told I need to save logs from when people would connect and disconnect, so they can be reviewed if need be.  I figure I can setup a syslog server, but are there individual settings I need to make on the device itself?  Not sure what I would be looking for in the logs.
0
Wayside_Tech
Asked:
Wayside_Tech
1 Solution
 
jmeggersSr. Network and Security EngineerCommented:
There are several options.  Yes, you do have to configure the ASA with the IP address(es) of the syslog server(s).  Typically, mostly what I see is people changing the level of information that is logged (from level 0 - "emergencies" up to level 7 - "debugging".  Usually I see it set at "informational" which is level 6, but I can't recall if there's a default value that's set.  You can also change severity level for specific messages but I've rarely seen that level of detail in the configuration.

Take a look at the Configuraing Logging chapter in the configuration guide.  http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/monitor_syslog.html

0
 
MikeKaneCommented:
jmeggers gave you the right link....    I'm just going to add that a level 7 debug is not good for daily logging as it produces a LOT of traffic, especially on a busy device.   Level 5 is usually sufficient IMHO.    

For the backend, you can look at LogAnalyzer running with Rsyslog on any Linux host.    Its opensource and a good program... I use it myself.   Kiwi is a good windows alternative that's a paid for model.   I've used that one before also with success.
0
 
Wayside_TechAuthor Commented:
Thanks, I will look into it and see.  Much appreciated.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now