I have setup syslog server for my ASA 5520 logs. For ASDM and syslog server it is set from Informational level. But in my syslog server I am not able to find the "login details like which user access ASA on what time " etc. Is there any additional set up need to be done on the ASA ?
Thanks and regards
Without seeing your configuration it is hard to tell if something is missing.
Have you configured accounting for the SSH/Telnet protocol?
aaa accounting ssh console GROUP
Where GROUP is the TACACS or RADIUS group you have configured.
Please go through this link, it gives you options, like logging class or logging list, if you like you can configure the logging class just to see what logs are shown through ASDM real time log viewer with logging class auth:
logging class auth asdm debugging
FYI: It is the same thing on 8.X or 9.X.
Is it necessary that RADIUS and TACACS be configured as authentication servers to get the log ? I have only configured as local authentication. ASDM -logging level 6 and SNMP logging level 5.
I tried that only, I can get other logs but not able to get admin access or any login info
Do you have the command logging console informational configured on the ASA? Keep in mind that you need to be logging to the console and not the ASDM.
Why would he need to do this over console??? he is just checking for user authentication.
can you get us a show run username?
If you are talking about console in any case then setting a timeout for console logging is necessary
console timeout 15
This will obligate user to authenticate when logging into the device
Ya there is no console logging enabled. Below is the logging setting;
Syslog logging: enabled
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level notifications, facility 23, 81520865 messages logged
Logging to Application XXXXX errors: 138897 dropped: 8890508
History logging: level informational, 187638103 messages logged
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 188649338 messages logged
So Can you advise what are the changes need to be done ? Just console logging ? For SNMP poll to be added, is it necessary that monitor logging also enabled ?