Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

Logging administrator activities

Hi,

I have a pix-515 running 6.1(4) . I have not configured any aaa for the pix. Administartors log in to the pix using the local passwords. Now i want to know is there a way to log the activities of the person who logs in using this local username/password .

What i'm looking at is , every time the login and enable password is used there should be an entry in the buffer log indicating the log in and log out time.

Additionally is ther a way to log the commands executed by the administartor.

These logs could be either on the pix itself or on the syslog server

regards,

jimmy.

  • Other Security Subjects
1 REPLY
dro
New Member

Re: Logging administrator activities

Hi Jimmy,

If you have logging enabled, you'll see entries in your syslog server (or cached system log) with the message ID of "PIX-5-111008". All of these messages are commands executed by someone logged into the PIX, but AAA authentication has to be enabled for these messages to be generated. Most commands will get logged, except for minor ones such as "ping", etc.

The log in and log out times are identified by the message ID "%PIX-2-109011" and "%PIX-5-109012" respectively. Note that if you have Road Warrior VPN users logging in through your PIX, the log in message will be generated for each authentication, but no log out message will be logged.

You can find more information about system log messages here:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008008d2af.html

98
Views
0
Helpful
1
Replies