https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220420#M5982 <HTML><HEAD></HEAD><BODY><P>Yes, you can see the user authentication in the syslog messages. Just make sure you set the syslog level to the right one (I think informational).</P><P></P><P>Amin</P><P></P></BODY></HTML> Tue, 11 May 2004 21:00:29 GMT Amin-Al 2004-05-11T21:00:29Z https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220416#M5978 <P>I have Pix 515 running 6.3.3. I am authenticating my users on port 80 to a windows 2000 active directory. I am capturing the data in a syslog but it does not send what username they entered. It only records IP address. Is there a way to capture who logs in by user name in Syslog.</P><P></P><P></P> Fri, 21 Feb 2020 18:10:08 GMT https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220416#M5978 shane 2020-02-21T18:10:08Z https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220417#M5979 <HTML><HEAD></HEAD><BODY><P>You need to setup aaa accounting as well. It is done similar to defining a tacacs/radius server for user authentication. The user id, source and dest ip address info is sent in the accounting packet.</P><P></P></BODY></HTML> Wed, 05 May 2004 11:14:30 GMT https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220417#M5979 ehirsel 2004-05-05T11:14:30Z https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220418#M5980 <HTML><HEAD></HEAD><BODY><P>So when you turn on AAA accounting it will send the http request with the username and the destination of where these people are going on the internet to a syslog server?</P><P></P><P>I assumed that the aaa accounting packet was in a TACACS or Radius packet not the syslog information. </P></BODY></HTML> Wed, 05 May 2004 12:36:33 GMT https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220418#M5980 dthompson 2004-05-05T12:36:33Z https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220419#M5981 <HTML><HEAD></HEAD><BODY><P>The aaa accounting info will not be sent to the syslog server; only the aaa server. You may need to merge the info together - since most of it is redundant the aaa accounting info may be all that you need as it contains timestamps as well.</P></BODY></HTML> Wed, 05 May 2004 16:54:29 GMT https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220419#M5981 ehirsel 2004-05-05T16:54:29Z https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220420#M5982 <HTML><HEAD></HEAD><BODY><P>Yes, you can see the user authentication in the syslog messages. Just make sure you set the syslog level to the right one (I think informational).</P><P></P><P>Amin</P><P></P></BODY></HTML> Tue, 11 May 2004 21:00:29 GMT https://community.cisco.com/t5/network-access-control/http-authentication-on-pix-syslog/m-p/220420#M5982 Amin-Al 2004-05-11T21:00:29Z