12-27-2019 06:27 AM
We use cisco acs (version 5.8.0.32.9) for accounting and authentication for our cisco asa's. It seems for all ASA's I check the accounting logs in ACS and I see thousands of these messages a day:
14:03.3 10:34.6 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Start
14:03.3 10:34.5 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Stop
14:03.3 10:34.5 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35945:1.1.1.1 Stop
14:03.2 10:34.1 d1a-acs username 15 [ CmdAV=terminal pager 0 ] asa-device-name ASA Firewalls Stop
14:03.2 10:34.0 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Start
14:02.8 10:30.6 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35946:1.1.1.1 Start
14:02.8 10:30.2 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35945:1.1.1.1 Start
14:02.2 10:23.7 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Stop
14:02.2 10:23.7 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35943:1.1.1.1 Stop
14:02.2 10:23.5 d1a-acs username 15 [ CmdAV=terminal pager 0 ] asa-device-name ASA Firewalls Stop
14:02.2 10:23.5 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Start
14:02.0 10:19.7 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35943:1.1.1.1 Start
05:30.3 05:30.3 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:35940:1.1.1.1 Stop
05:30.3 05:30.3 d1a-acs username 1 asa-device-name ASA Firewalls username:10.0.60.192:0:1.1.1.1 Stop
05:30.1 05:30.1 d1a-acs username 15 [ CmdAV=terminal pager 0 ] asa-device-name ASA Firewalls Stop
I changed the device name to "asa-device-name", the source IP to 1.1.1.1, and the username to "username". The source IP is our snmp server (solarwinds). Is there a way to configure acs to not log some messages so we don't have thousands of messages in our accounting logs?The only messages we are really interested in are when there's an actual change being made on the asa. Thanks in advance. 🐴
Solved! Go to Solution.
12-27-2019 06:54 AM
Not sure ACS have ability to do that for imcoming logs -
Instead you can remove sending accouting to ACS, send to some syslog server and filter. only for the particular events. Look at the below thread :
is this something work as alternative ?
12-27-2019 06:54 AM
Not sure ACS have ability to do that for imcoming logs -
Instead you can remove sending accouting to ACS, send to some syslog server and filter. only for the particular events. Look at the below thread :
is this something work as alternative ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide