• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 645
  • Last Modified:

How can I log only specific messages in a Cisco ASA 5505?

The client has a site-to-site VPN with a remote location.  The users then RDP into a remote server and complain about sporadic dropped RDP sessions.  I have turned on logging (buffer informational), but I am seeing too much non-relevant traffic.  I would specifically like to only log the following:

1.  Built inbound TCP connection (302013)
2.  Teardown TCP connection (302014)
3.  Deny TCP (no connection) from ( 106015)

It would be great to limit it to 3389 only, but I will take what I can get on this.  I would appreciate any help on possible syntax to limit the logging to these messages.
0
Yockos
Asked:
Yockos
1 Solution
 
harbor235Commented:
You can run debug commands for the VPN related events only, but the log will still grab other events. Ideally you want to log these events to a SYSLOG server where there are lots of tools available for parsing logs. Fro instance if you are on a *NIX SYSLOG server than egrep is your friend. There is also SPLUNK(costly), SolarWinds, etc ...and other pay parsing software suites


harbor235 ;}
0
 
YockosAuthor Commented:
I was afraid of that.  I thought about a syslog server, but it might be too much effort at this point.  I will see if I can catch the problem when they report the drop (they are supposed to as soon as it happens).  If this does not work, then I will re-visit setting up a syslog server or using ASDM.

Thanks for the input.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now