topic This will be seen when the in Network Security

ASA Level 5 Log Alert

agoraya — Tue, 12 Mar 2019 08:45:35 GMT

Does anyone know why this log message is generated:

Error Message %ASA-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level

In my case the Uname: enable_1 is not a recognized username local to the FW, is this generated because FW sees this as a form of unauthorized access?

This will be seen when the

Rahul Govindan — Wed, 11 Jan 2017 00:36:53 GMT

This will be seen when the user goes from privileged exec mode(Hostname#) to exec mode (Hostname>). So if someone logged in to the privileged exec mode and used the command "disable", it would take them back to enable mode. I think the ASA moves the user back to enable_1 by default. This is an excerpt from my ASA:

CiscoASA# show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
CiscoASA# disable
CiscoASA> show curpriv
Username : enable_1
Current privilege level : 1
Current Mode/s : P_UNPR
CiscoASA>