ASA - log successful and failed logons to syslog server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2012 01:20 AM - edited 03-11-2019 03:31 PM
Hello,
How can I log successful and failed SSH and ADSM logons to our syslog server?
Thanks
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2012 02:05 AM
Hi,
I haven't really touched the default logging configurations much but some firewalls that I manage have "logging trap informational" which sends messages of users connecting to the firewall.
The messages shows which username was used and if it was rejected or accepted. These messages all seem to be of the "informational" / "level 6" syslog messages.
The syslog IDs for them are:
ASA-6-113008
ASA-6-113012
ASA-6-113015
Though these messages only show information about the AAA not which type of connection was used (I tried both SSH and ASDM to see)
I'm sure there are more messages that will show additional information about the connection and also what the logged user did on the firewall during the management connection.
- Jouni
