cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1109
Views
0
Helpful
1
Replies

ASA Level 5 Log Alert

agoraya
Level 1
Level 1

Does anyone know why this log message is generated:

Error Message %ASA-5-502103: User priv level changed: Uname:  user From:  privilege_level To: privilege_level

In my case the Uname: enable_1 is not a recognized username local to the FW, is this generated because FW sees this as a form of unauthorized access?

 

1 Accepted Solution

Accepted Solutions

Rahul Govindan
VIP Alumni
VIP Alumni

This will be seen when the user goes from privileged exec mode(Hostname#) to exec mode (Hostname>). So if someone logged in to the privileged exec mode and used the command "disable", it would take them back to enable mode. I think the ASA moves the user back to enable_1 by default. This is an excerpt from my ASA:

CiscoASA# show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
CiscoASA# disable
CiscoASA> show curpriv
Username : enable_1
Current privilege level : 1
Current Mode/s : P_UNPR
CiscoASA>

View solution in original post

1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

This will be seen when the user goes from privileged exec mode(Hostname#) to exec mode (Hostname>). So if someone logged in to the privileged exec mode and used the command "disable", it would take them back to enable mode. I think the ASA moves the user back to enable_1 by default. This is an excerpt from my ASA:

CiscoASA# show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
CiscoASA# disable
CiscoASA> show curpriv
Username : enable_1
Current privilege level : 1
Current Mode/s : P_UNPR
CiscoASA>

Review Cisco Networking for a $25 gift card