Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

SSH Logging

I'm attempting to log failed SSH and Telnet login attempts on an ASA 5510 to a syslog server.  I've found the following two message ID's, but I can't seem to spot IP addresses in syslog for the failed attempts. 

May  5 19:50:09 10.1.1.2 May 05 2012 19:45:12: %ASA-6-113015: AAA user authentication Rejected : reason = Invalid password : local database : user = username

May  5 19:50:09 10.1.1.2 May 05 2012 19:45:12: %ASA-7-611102: User authentication failed: Uname: username

Is there a message ID or configuration command that I am missing that would have the IP address?  I have pasted my logging config below; excuse the clutter, I was trying to narrow down a VPN user auth logging issue I was having earlier. 

logging enable

logging timestamp

logging list my-list level debugging class vpn

logging buffer-size 10000

logging asdm-buffer-size 512

logging buffered debugging

logging trap debugging

logging history debugging

logging asdm debugging

logging host inside x.x.x.x

logging class auth trap debugging

logging class config trap debugging

logging class session trap debugging

logging class vpn trap debugging

logging class vpnc trap debugging

logging class webvpn trap debugging

logging class svc trap debugging

logging class ssl trap debugging

logging message 611103 level debugging

logging message 611102 level debugging

logging message 611101 level debugging

1 REPLY
Cisco Employee

SSH Logging

2862
Views
0
Helpful
1
Replies
CreatePlease to create content