I have tried with the same configuration given below,
logging trap debugging
logging host inside X.X.X.X
Other than using the trap level 4 I have used 7 because I want to see every single events. Basically my requirement is to know which user doing what/or running which command. I am getting the report on my syslog server but it is not showing the exact Username. It is only showing [User "enable_15"]. But I want to see the name of the user.
Here are some syslog messages,-
1)03:42 PM y.y.y.y Notice User 'enable_15' executed the 'logging host inside x.x.x.x' command.
2)03:42 PM y.y.y.y Notice User 'enable_15' executed the 'logging trap debugging' command.
3)03:42 PM y.y.y.y Notice User 'enable_15' executed the 'logging timestamp' command.
I am using Solarwinds Syslog and AAA is enabled in my firewall.
My requirement is I want to see who the user logged in and what command he put in my device (router/FW). I want to bring all these information in my syslog server (Solarwinds). Logging notice level can provide this information.
Now the problem I face, when I do not use AAA configuration and administer it withour AAA then user name is showing on the everyline of the syslog message and wht cmd he placed on the device. But when I am using with AAA user log on and command he is placing - are comming on seperate line. As there are lots of syslog messages so it is very difficult to identify which user place which command as these are on seperate line.
I understand that from AAA I can easily identify who and what. But I want to see it on the syslog and within the same line. For exam:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...