Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Display users logged into firewall

I want to see what administrative users are logged into a firewall, like "show user" in IOS.  I seem to have forgotten how to do this.  Or perhaps I never knew.  Can anyone provide the CLI command?

Thanks,

-Jeff

2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

Display users logged into firewall

Hi,

Try the following commands

show ssh sessions

show asdm session

Hope this helps

- Jouni

New Member

Display users logged into firewall

Hi,

On ASA you could run following commands to check the ip's from which some one have logged in to the ASA:

show ssh sessions

To display information about the active SSH sessions on the ASA, use the show ssh sessions command in privileged EXEC mode.

show asdm sessions

To display a list of active ASDM sessions and their associated session IDs, use the

show asdm sessions command in privileged EXEC mode.

who

To display active Telnet administration sessions on the ASA, use the

who command in privileged EXEC mode.

To check through syslogs messages, like on snmp server or syslog server, you have configure following commands:

1  First we have to enable logging on ASA.

logging enable

2  Then we need to setup logging list with the syslog id’s which we want to see in the logging messages.

logging list cmds(name of logging list) message 111008

logging list cmds message 111009

logging list cmds message 111010

logging list cmds message 605005

Here, syslog messages specified above correspond to the following:

111008

Error Message    %ASA-5-111008: User user executed the command string

Explanation    The user entered any command, with the exception of a show command.

111009

Error Message    %ASA-7-111009:User user executed cmd:string 

Explanation    The user entered a command that does not modify the configuration. This message appears only for show commands.

111010

Error Message    %ASA-5-111010: User username, running application-name from IP ip  
addr, executed cmd

Explanation    A user made a configuration change.

username—The user making the configuration change

application-name—The application that the user is running

ip addr—The IP address of the management station

cmd—The command that the user has executed

605005

Error Message    %ASA-6-605005: Login permitted from source-address/source-port to 
interface:destination/service for user "username"

The following form of the message appears when the user logs in to the console:

Login permitted from serial to console for user "username"

Explanation    A user was authenticated successfully, and a management session started.

source-address—Source address of the login attempt

source-port—Source port of the login attempt

interface—Destination management interface

destination—Destination IP address

service—Destination service

username—Destination management interface

3. Commands to configure ASA to send logs to syslog server.

- Prateek Verma

4 REPLIES
Super Bronze

Display users logged into firewall

Hi,

Try the following commands

show ssh sessions

show asdm session

Hope this helps

- Jouni

New Member

Display users logged into firewall

Hi,

On ASA you could run following commands to check the ip's from which some one have logged in to the ASA:

show ssh sessions

To display information about the active SSH sessions on the ASA, use the show ssh sessions command in privileged EXEC mode.

show asdm sessions

To display a list of active ASDM sessions and their associated session IDs, use the

show asdm sessions command in privileged EXEC mode.

who

To display active Telnet administration sessions on the ASA, use the

who command in privileged EXEC mode.

To check through syslogs messages, like on snmp server or syslog server, you have configure following commands:

1  First we have to enable logging on ASA.

logging enable

2  Then we need to setup logging list with the syslog id’s which we want to see in the logging messages.

logging list cmds(name of logging list) message 111008

logging list cmds message 111009

logging list cmds message 111010

logging list cmds message 605005

Here, syslog messages specified above correspond to the following:

111008

Error Message    %ASA-5-111008: User user executed the command string

Explanation    The user entered any command, with the exception of a show command.

111009

Error Message    %ASA-7-111009:User user executed cmd:string 

Explanation    The user entered a command that does not modify the configuration. This message appears only for show commands.

111010

Error Message    %ASA-5-111010: User username, running application-name from IP ip  
addr, executed cmd

Explanation    A user made a configuration change.

username—The user making the configuration change

application-name—The application that the user is running

ip addr—The IP address of the management station

cmd—The command that the user has executed

605005

Error Message    %ASA-6-605005: Login permitted from source-address/source-port to 
interface:destination/service for user "username"

The following form of the message appears when the user logs in to the console:

Login permitted from serial to console for user "username"

Explanation    A user was authenticated successfully, and a management session started.

source-address—Source address of the login attempt

source-port—Source port of the login attempt

interface—Destination management interface

destination—Destination IP address

service—Destination service

username—Destination management interface

3. Commands to configure ASA to send logs to syslog server.

- Prateek Verma

New Member

Display users logged into firewall

Thank you for the (very) thorough awnser Prateek!  I will make use of that logging list.

-Jeff

New Member

Display users logged into firewall

That's it!

Thanks Jouni

17615
Views
10
Helpful
4
Replies
CreatePlease to create content