I have a pix-515 running 6.1(4) . I have not configured any aaa for the pix. Administartors log in to the pix using the local passwords. Now i want to know is there a way to log the activities of the person who logs in using this local username/password .
What i'm looking at is , every time the login and enable password is used there should be an entry in the buffer log indicating the log in and log out time.
Additionally is ther a way to log the commands executed by the administartor.
These logs could be either on the pix itself or on the syslog server
If you have logging enabled, you'll see entries in your syslog server (or cached system log) with the message ID of "PIX-5-111008". All of these messages are commands executed by someone logged into the PIX, but AAA authentication has to be enabled for these messages to be generated. Most commands will get logged, except for minor ones such as "ping", etc.
The log in and log out times are identified by the message ID "%PIX-2-109011" and "%PIX-5-109012" respectively. Note that if you have Road Warrior VPN users logging in through your PIX, the log in message will be generated for each authentication, but no log out message will be logged.
You can find more information about system log messages here:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...