cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
716
Views
0
Helpful
1
Replies

Failed command authorization logging on Cisco ASA

net-harry
Level 1
Level 1

Hi,

We have set up command authorization on our ASA 5540s. We have for example the following:

aaa authorization command LOCAL

privilege show level 1 mode exec command counters

privilege clear level 10 mode exec command counters

If I issue the "clear counters" command with an account with privilege level 10 or above I get the following message in the log:

%ASA-5-111008: User 'asa-admin' executed the 'clear counters' command.

if I instead log in as a user with privilege level 7, I am correctly informed that I was not authorized to use the command:

ciscoasa# clear counters

^

ERROR: % Invalid input detected at '^' marker.

ERROR: Command authorization failed

ciscoasa#

However, I do not get any message for this failed attempt in the log.

Do you know if it is possible to also log the commands that users attempt, but are not authorized to use?

Thanks in advance for your help!

Best regards,

Harry

1 Reply 1

owillins
Level 6
Level 6

You can use ACS to Privilege for Restricted Access. In this scenario, users are able to use selective commands.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: