Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1358
Views
0
Helpful
4
Replies

HTTP Authentication on PIX - Syslog

shane
Level 1
Level 1

‎05-04-2004 11:34 AM - edited ‎02-21-2020 10:10 AM

I have Pix 515 running 6.3.3. I am authenticating my users on port 80 to a windows 2000 active directory. I am capturing the data in a syslog but it does not send what username they entered. It only records IP address. Is there a way to capture who logs in by user name in Syslog.

Labels:
0 Helpful
4 Replies 4

ehirsel
Level 6
Level 6

‎05-05-2004 04:14 AM

You need to setup aaa accounting as well. It is done similar to defining a tacacs/radius server for user authentication. The user id, source and dest ip address info is sent in the accounting packet.

0 Helpful

dthompson
Level 1
Level 1
In response to ehirsel

‎05-05-2004 05:36 AM

So when you turn on AAA accounting it will send the http request with the username and the destination of where these people are going on the internet to a syslog server?

I assumed that the aaa accounting packet was in a TACACS or Radius packet not the syslog information.

0 Helpful

ehirsel
Level 6
Level 6
In response to dthompson

‎05-05-2004 09:54 AM

The aaa accounting info will not be sent to the syslog server; only the aaa server. You may need to merge the info together - since most of it is redundant the aaa accounting info may be all that you need as it contains timestamps as well.

0 Helpful

Amin-Al
Level 1
Level 1
In response to ehirsel

‎05-11-2004 02:00 PM

Yes, you can see the user authentication in the syslog messages. Just make sure you set the syslog level to the right one (I think informational).

Amin

0 Helpful
Customers Also Viewed These Support Documents