I've figured out how to monitor failed attempts via syslog. However there is another trouble. We've many servers in a distributed deployment. Syslog set to global on all servers through our primary server (syslog writes to the syslog server and log collector). Log collector placed on the secondary server. Syslog server receives log messages about administrator logins to the primary server, but it hasn't received any messages from another servers in deployment. I've changed settings on the primary server and it seem's that on secondary servers this setting was changed automatically (according to GUI). What can be source of problem? All related ports on fw's are open.
And there is another issue. Is that possible to monitor CLI login attempts through syslog?
I've found only this messages in catalog:
10006 INFO Administrator Authentication and Authorization AAC Administrator authentication failed
33103 INFO Internal Operations Diagnostics CLI User login to ACS configuration mode failed
51000 NOTICE Administrative and Operational Audit Administrator-Login Administrator authentication failed
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...