cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5093
Views
0
Helpful
1
Replies

ASA - log successful and failed logons to syslog server?

Andy White
Participant
Participant

Hello,

How can I log successful and failed SSH and ADSM logons to our syslog server?

Thanks

1 Reply 1

Jouni Forss
Mentor
Mentor

Hi,

I haven't really touched the default logging configurations much but some firewalls that I manage have "logging trap informational" which sends messages of users connecting to the firewall.

The messages shows which username was used and if it was rejected or accepted. These messages all seem to be of the "informational" / "level 6" syslog messages.

The syslog IDs for them are:

ASA-6-113008

ASA-6-113012

ASA-6-113015

Though these messages only show information about the AAA not which type of connection was used (I tried both SSH and ASDM to see)

I'm sure there are more messages that will show additional information about the connection and also what the logged user did on the firewall during the management connection.

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers