Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
204
Views
0
Helpful
1
Replies

Cisco ASA policy and user account management

shalendra2
Level 1
Level 1

‎10-14-2015 11:42 PM - edited ‎03-11-2019 11:45 PM

Hi Team,

                Could you please provide the syslog messages for following

                1. Group policy modified

                2. User account modified,enabled,disabled

                3. VPN user added,deleted and modified

                4. VPN user logon and logoff activity

 

We have referred Cisco asa syslog reference guide

 

Regards,

Shalendra

Labels:
0 Helpful
1 Reply 1

Rishabh Seth
Level 7
Level 7

‎10-15-2015 01:24 AM

Hi,

 

There are many syslogs that you can use to granularly monitor your ASA. Here are few syslog IDs that you can try and search more in the link mentioned below:

 

                1. Group policy modified:502111,502112, 718046

                2. User account modified,enabled,disabled 501101,502101,502102,502103

                3. VPN user added,deleted and modified-- i think this would be same as number 2.

                4. VPN user logon and logoff activity-- 716039,716055,719020,719023,721016,721018,

 

For more details you can refee :

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs2.html

 

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card