Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 647
  • Last Modified:

How can I log only specific messages in a Cisco ASA 5505?

The client has a site-to-site VPN with a remote location.  The users then RDP into a remote server and complain about sporadic dropped RDP sessions.  I have turned on logging (buffer informational), but I am seeing too much non-relevant traffic.  I would specifically like to only log the following:

1.  Built inbound TCP connection (302013)
2.  Teardown TCP connection (302014)
3.  Deny TCP (no connection) from ( 106015)

It would be great to limit it to 3389 only, but I will take what I can get on this.  I would appreciate any help on possible syntax to limit the logging to these messages.
0
Yockos
Asked:
Yockos
1 Solution
 
harbor235Commented:
You can run debug commands for the VPN related events only, but the log will still grab other events. Ideally you want to log these events to a SYSLOG server where there are lots of tools available for parsing logs. Fro instance if you are on a *NIX SYSLOG server than egrep is your friend. There is also SPLUNK(costly), SolarWinds, etc ...and other pay parsing software suites


harbor235 ;}
0
 
YockosAuthor Commented:
I was afraid of that.  I thought about a syslog server, but it might be too much effort at this point.  I will see if I can catch the problem when they report the drop (they are supposed to as soon as it happens).  If this does not work, then I will re-visit setting up a syslog server or using ASDM.

Thanks for the input.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now