Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco ASA alert on VPN

Posted on 2013-05-22
4
1,441 Views
Last Modified: 2013-06-06
Hello,

I'm trying to setup an alert on successful VPN login attempts on my ASA 5520. I've not gotten far.

I have Clientless SSL VPN access enabled and working. I see the syslog events when some one logs in and out of the VPN.

How can I set up an email alert to be sent to me when this happens? I have alerts coming to me for critical events and I'd like to add this to my list.

Thank you.
0
Comment
Question by:netcmh
  • 2
4 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39189733
Below are the commands I used to send email alerts when the primary default route failed (triggered via SLA). I found the syslog error ID (622001) and changed the level to error, created a logging group with that message, and tied that group to the logging mail commands. You would just need to change this to the syslog error ID(s) that you see during logon/logoff. You may need to add an exception on your email server to allow the ASA to send the email.


logging enable
logging list InternetSLA message 622001
logging console errors
logging buffered informational
logging asdm informational
logging mail InternetSLA
logging from-address ASAFIREWALL@company.com
logging recipient-address chris@company.com level errors
logging message 622001 level errors

sla monitor 1
type echo protocol ipIcmpEcho x.x.x.5 interface outside
sla monitor schedule 1 life forever start-time now

smtp-server 172.20.0.10
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190664
0
 
LVL 20

Author Comment

by:netcmh
ID: 39190765
So, I already have alerts coming to me on critical events.

What I need is the ability to track VPN logins, in addition to the existing:

logging enable
logging timestamp
logging asdm-buffer-size 500
logging console errors
logging monitor debugging
logging buffered warnings
logging trap notifications
logging asdm warnings
logging mail alerts
logging from-address CiscoASA@mycompany.com
logging recipient-address admin@mycompany.com level errors
logging host inside NetAdminPC
logging class vpn trap informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 505013
no logging message 505015
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020

How do I proceed?

Thanks
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39191517
You have logging mail set to alerts. A VPN login is more than likely classified as informational versus an alert. Capture the logon/logoff messages in the syslog, and the message will include the message ID number. Then you can manually change the level of that syslog entry to alert and it will be included in the email.

Let's say the syslog id is 99989

logging message 99989 level alerts

would change the level of that entry and qualify it for your syslog email.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
P2P and MPLS 3 60
Expanding Subnet Mask 20 152
ASA Tunnel 18 42
Palo Alto site-to-site vpn monitoring 5 20
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question