01-10-2017 07:05 AM - edited 03-12-2019 01:45 AM
Does anyone know why this log message is generated:
Error Message %ASA-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level
In my case the Uname: enable_1 is not a recognized username local to the FW, is this generated because FW sees this as a form of unauthorized access?
Solved! Go to Solution.
01-10-2017 04:36 PM
This will be seen when the user goes from privileged exec mode(Hostname#) to exec mode (Hostname>). So if someone logged in to the privileged exec mode and used the command "disable", it would take them back to enable mode. I think the ASA moves the user back to enable_1 by default. This is an excerpt from my ASA:
CiscoASA# show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
CiscoASA# disable
CiscoASA> show curpriv
Username : enable_1
Current privilege level : 1
Current Mode/s : P_UNPR
CiscoASA>
01-10-2017 04:36 PM
This will be seen when the user goes from privileged exec mode(Hostname#) to exec mode (Hostname>). So if someone logged in to the privileged exec mode and used the command "disable", it would take them back to enable mode. I think the ASA moves the user back to enable_1 by default. This is an excerpt from my ASA:
CiscoASA# show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
CiscoASA# disable
CiscoASA> show curpriv
Username : enable_1
Current privilege level : 1
Current Mode/s : P_UNPR
CiscoASA>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide