04-01-2010 05:22 AM - edited 03-11-2019 10:28 AM
Is it possible to configure ASA to generate syslog msg when admin user log in and log out=
br
04-01-2010 04:08 PM
Hi,
Yes, the ASA will log when a user/admin logs in/out
Check this example, I am connecting via SSH with my admin user fcoto:
%ASA-6-113012: AAA user authentication Successful : local database : user = fcoto
%ASA-6-113008: AAA transaction status ACCEPT : user = fcoto
%ASA-6-611101: User authentication succeeded: Uname: fcoto
%ASA-6-611101: User authentication succeeded: Uname: fcoto
%ASA-6-605005: Login permitted from x.x.x.x/2826 to outside:y.y.y.y/ssh for user "fcoto"
Then, as soon as I enter privilege mode, I change privilege and got this message:
%ASA-5-502103: User priv level changed: Uname: enable_15 From: 1 To: 15
The above logs you can configure them to just get them, or you will see them as part of the logs (depending on the severity level that you configure).
You can choose to just see some logs, to change the severity of these messages, to send them to a syslog server, etc.
Federico.
12-01-2015 08:23 AM
Hello,
Can you provide the cmds?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: