Display users logged into firewall

jedavis — Tue, 12 Mar 2019 03:29:48 GMT

I want to see what administrative users are logged into a firewall, like "show user" in IOS. I seem to have forgotten how to do this. Or perhaps I never knew. Can anyone provide the CLI command?

Thanks,

-Jeff

Display users logged into firewall

Jouni Forss — Tue, 14 Jan 2014 17:46:28 GMT

Hi,

Try the following commands

show ssh sessions

show asdm session

Hope this helps

- Jouni

Display users logged into firewall

prateeve — Tue, 14 Jan 2014 17:54:03 GMT

Hi,

On ASA you could run following commands to check the ip's from which some one have logged in to the ASA:

show ssh sessions

To display information about the active SSH sessions on the ASA, use the show ssh sessions command in privileged EXEC mode.

show asdm sessions

To display a list of active ASDM sessions and their associated session IDs, use the

show asdm sessions command in privileged EXEC mode.

who

To display active Telnet administration sessions on the ASA, use the

who command in privileged EXEC mode.

To check through syslogs messages, like on snmp server or syslog server, you have configure following commands:

1 First we have to enable logging on ASA.

logging enable

2 Then we need to setup logging list with the syslog id’s which we want to see in the logging messages.

logging list cmds(name of logging list) message 111008

logging list cmds message 111009

logging list cmds message 111010

logging list cmds message 605005

Here, syslog messages specified above correspond to the following:

111008

Error Message %ASA-5-111008: User user executed the command string

Explanation The user entered any command, with the exception of a show command.

111009

Error Message    %ASA-7-111009:User user executed cmd:string

Explanation The user entered a command that does not modify the configuration. This message appears only for show commands.

111010

Error Message    %ASA-5-111010: User username, running application-name from IP ip

addr, executed cmd

Explanation A user made a configuration change.

•username—The user making the configuration change

•application-name—The application that the user is running

•ip addr—The IP address of the management station

•cmd—The command that the user has executed

605005

Error Message    %ASA-6-605005: Login permitted from source-address/source-port to

interface:destination/service for user "username"

The following form of the message appears when the user logs in to the console:

Login permitted from serial to console for user "username"

Explanation A user was authenticated successfully, and a management session started.

•source-address—Source address of the login attempt

•source-port—Source port of the login attempt

•interface—Destination management interface

•destination—Destination IP address

•service—Destination service

•username—Destination management interface

3. Commands to configure ASA to send logs to syslog server.

- Prateek Verma

Display users logged into firewall

jedavis — Tue, 14 Jan 2014 19:24:26 GMT

That's it!

Thanks Jouni

Display users logged into firewall

jedavis — Tue, 14 Jan 2014 19:25:34 GMT

Thank you for the (very) thorough awnser Prateek! I will make use of that logging list.

-Jeff

topic Display users logged into firewall in Network Security

Display users logged into firewall

Display users logged into firewall

Display users logged into firewall

111009

111010

605005

Display users logged into firewall

Display users logged into firewall