We have set up command authorization on our ASA 5540s. We have for example the following:
aaa authorization command LOCAL
privilege show level 1 mode exec command counters
privilege clear level 10 mode exec command counters
If I issue the "clear counters" command with an account with privilege level 10 or above I get the following message in the log:
%ASA-5-111008: User 'asa-admin' executed the 'clear counters' command.
if I instead log in as a user with privilege level 7, I am correctly informed that I was not authorized to use the command:
ciscoasa# clear counters
ERROR: % Invalid input detected at '^' marker.
ERROR: Command authorization failed
However, I do not get any message for this failed attempt in the log.
Do you know if it is possible to also log the commands that users attempt, but are not authorized to use?
Thanks in advance for your help!