Solved: cisco acs accounting logs for ASA's

Benjamin Saito · ‎12-27-2019

We use cisco acs (version 5.8.0.32.9) for accounting and authentication for our cisco asa's. It seems for all ASA's I check the accounting logs in ACS and I see thousands of these messages a day:

14:03.3 10:34.6 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Start
14:03.3 10:34.5 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Stop
14:03.3 10:34.5 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35945:1.1.1.1 Stop
14:03.2 10:34.1 d1a-acs username 15 [ CmdAV=terminal pager 0 ] asa-device-name ASA Firewalls Stop
14:03.2 10:34.0 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Start
14:02.8 10:30.6 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35946:1.1.1.1 Start
14:02.8 10:30.2 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35945:1.1.1.1 Start
14:02.2 10:23.7 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Stop
14:02.2 10:23.7 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35943:1.1.1.1 Stop
14:02.2 10:23.5 d1a-acs username 15 [ CmdAV=terminal pager 0 ] asa-device-name ASA Firewalls Stop
14:02.2 10:23.5 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Start
14:02.0 10:19.7 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35943:1.1.1.1 Start
05:30.3 05:30.3 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35940:1.1.1.1 Stop
05:30.3 05:30.3 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Stop
05:30.1 05:30.1 d1a-acs username 15 [ CmdAV=terminal pager 0 ] asa-device-name ASA Firewalls Stop

I changed the device name to "asa-device-name", the source IP to 1.1.1.1, and the username to "username". The source IP is our snmp server (solarwinds). Is there a way to configure acs to not log some messages so we don't have thousands of messages in our accounting logs?The only messages we are really interested in are when there's an actual change being made on the asa. Thanks in advance. 🐴