|Description||This article describes the steps to use to verify the appliance is receiving and processing syslog in Cisco ASA VPN integrations. For integration details, see Cisco ASA VPN Integration reference manual in the document Library.|
|Scope||Version: 8.x & 9.x|
1) Review ASA configuration to verify Syslog messages are configured properly. Format should be either default (space separated) or CSV. (CEF is not supported).
2) Using tcpdump, confirm syslog messages are reaching the appliance when client connects. In appliance CLI type
Type ctrl-C to stop
If syslog messages are not being received:
4) Have client connect.
5) Review output.master for syslog messaging that provides User ID, assigned endstation VPN IP address, and session information.
Example of syslog output for a VPN login
yams.CiscoASA FINER :: 2019-01-24 21:14:37:740 :: ASASyslogListener.parseSyslog parsed [GroupPolicy_MyPolicy, myname, 10.4.232.72] from <164>Jan 25 2019 03:14:37: %ASA-4-722051: Group <GroupPolicy_MyPolicy> User <myname> IP <18.104.22.168> IPv4 Address <10.4.232.72> IPv6 address <::> assigned to session
Contact Support for further assistance. Open a support ticket and provide the following: