Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Failed command authorization logging on Cisco ASA

Hi,

We have set up command authorization on our ASA 5540s. We have for example the following:

aaa authorization command LOCAL

privilege show level 1 mode exec command counters

privilege clear level 10 mode exec command counters

If I issue the "clear counters" command with an account with privilege level 10 or above I get the following message in the log:

%ASA-5-111008: User 'asa-admin' executed the 'clear counters' command.

if I instead log in as a user with privilege level 7, I am correctly informed that I was not authorized to use the command:

ciscoasa# clear counters

^

ERROR: % Invalid input detected at '^' marker.

ERROR: Command authorization failed

ciscoasa#

However, I do not get any message for this failed attempt in the log.

Do you know if it is possible to also log the commands that users attempt, but are not authorized to use?

Thanks in advance for your help!

Best regards,

Harry

1 REPLY
Silver

Re: Failed command authorization logging on Cisco ASA

You can use ACS to Privilege for Restricted Access. In this scenario, users are able to use selective commands.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

507
Views
0
Helpful
1
Replies
CreatePlease to create content