topic We want to know which events should we be monitoring in SYSTEM events logs to know that the IPsec tunnel is down and back up again. in Panorama Discussions

We want to know which events should we be monitoring in SYSTEM events logs to know that the IPsec tunnel is down and back up again.

Kandarp_Desai — Fri, 30 Aug 2024 10:27:15 GMT

Hello,

Would like to know which specific log events from the system logs for IPsec we should be monitoring to know that the IPsec tunnel has gone down and got back up.

We don't have tunnel monitoring or path monitoring configured so this is the only way we can monitor the tunnel going up or down. Which logs in the SYSTEM logs can we monitor which indicates that a tunnel has gone down. And also which event indicates that TUNNEL is back up (For both IKEv1 and IKEv2) ?

Re: We want to know which events should we be monitoring in SYSTEM events logs to know that the IPsec tunnel is down and back up again.

TomYoung — Fri, 30 Aug 2024 13:57:18 GMT

Hi @Kandarp_Desai ,

The following filter under Device > Log Settings > System work well for me. The 1st half of the "or" lets me know the VPN is back up, and the 2nd half lets me know the VPN is down.

( subtype eq 'vpn' ) and (( description contains 'IKEv2 child SA negotiation is succeeded as responder, non-rekey' ) or ( description contains 'down'))

Thanks,

Tom

Re: We want to know which events should we be monitoring in SYSTEM events logs to know that the IPsec tunnel is down and back up again.

Kandarp_Desai — Mon, 02 Sep 2024 09:18:53 GMT

Thanks a ton Tom for your answers as always !!