Federico Coto F... Thu, 04/01/2010 - 16:08
User Badges:
  • Green, 3000 points or more


Yes, the ASA will log when a user/admin logs in/out

Check this example, I am connecting via SSH with my admin user fcoto:

%ASA-6-113012: AAA user authentication Successful : local database : user = fcoto
%ASA-6-113008: AAA transaction status ACCEPT : user = fcoto
%ASA-6-611101: User authentication succeeded: Uname: fcoto
%ASA-6-611101: User authentication succeeded: Uname: fcoto
%ASA-6-605005: Login permitted from x.x.x.x/2826 to outside:y.y.y.y/ssh for user "fcoto"

Then, as soon as I enter privilege mode, I change privilege and got this message:

%ASA-5-502103: User priv level changed: Uname: enable_15 From: 1 To: 15

The above logs you can configure them to just get them, or you will see them as part of the logs (depending on the severity level that you configure).

You can choose to just see some logs, to change the severity of these messages, to send them to a syslog server, etc.



This Discussion