Failed command authorization logging on Cisco ASA

Unanswered Question
Feb 12th, 2009


We have set up command authorization on our ASA 5540s. We have for example the following:

aaa authorization command LOCAL

privilege show level 1 mode exec command counters

privilege clear level 10 mode exec command counters

If I issue the "clear counters" command with an account with privilege level 10 or above I get the following message in the log:

%ASA-5-111008: User 'asa-admin' executed the 'clear counters' command.

if I instead log in as a user with privilege level 7, I am correctly informed that I was not authorized to use the command:

ciscoasa# clear counters


ERROR: % Invalid input detected at '^' marker.

ERROR: Command authorization failed


However, I do not get any message for this failed attempt in the log.

Do you know if it is possible to also log the commands that users attempt, but are not authorized to use?

Thanks in advance for your help!

Best regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion