- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-30-2024 03:21 AM - edited 08-30-2024 03:27 AM
Hello,
Would like to know which specific log events from the system logs for IPsec we should be monitoring to know that the IPsec tunnel has gone down and got back up.
We don't have tunnel monitoring or path monitoring configured so this is the only way we can monitor the tunnel going up or down. Which logs in the SYSTEM logs can we monitor which indicates that a tunnel has gone down. And also which event indicates that TUNNEL is back up (For both IKEv1 and IKEv2) ?
08-30-2024 06:57 AM
Hi @Kandarp_Desai ,
The following filter under Device > Log Settings > System work well for me. The 1st half of the "or" lets me know the VPN is back up, and the 2nd half lets me know the VPN is down.
( subtype eq 'vpn' ) and (( description contains 'IKEv2 child SA negotiation is succeeded as responder, non-rekey' ) or ( description contains 'down'))
Thanks,
Tom
08-30-2024 06:57 AM
Hi @Kandarp_Desai ,
The following filter under Device > Log Settings > System work well for me. The 1st half of the "or" lets me know the VPN is back up, and the 2nd half lets me know the VPN is down.
( subtype eq 'vpn' ) and (( description contains 'IKEv2 child SA negotiation is succeeded as responder, non-rekey' ) or ( description contains 'down'))
Thanks,
Tom
09-02-2024 02:18 AM
Thanks a ton Tom for your answers as always !!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!