11-16-2011 08:56 AM - edited 03-11-2019 02:51 PM
Does anyone know which messaging logging ID I need to use to log failed login attempts to Cisco ASA, I need the log to include the source IP address
11-16-2011 11:03 AM
Use TACACS.
11-16-2011 11:19 AM
I was looking for the actual message IDS for syslog. Figured out you can use
315011
605004
605005
113015
11-16-2011 04:41 PM
Hi,
I have a lab setup and I forgot to remove some configuration from the IPS to stop loging to my ASA device. Of course now it is trying to login and it is being denied, these logs may help you
611102
605004
This is the info it shows,
%ASA-6-611102: User authentication failed: Uname: R4Admin
%ASA-6-605004: Login denied from x.x.x.x/50237 to inside:x.x.x.x/telnet for user "R4Admin"
Let me know if it works.
Mike
11-17-2011 05:45 AM
Thanks! do you know a way to log login attempts from IPs that are not permitted? for example if you only allow SSH to the outside interface of the ASA from 1.1.1.1 but 2.2.2.2 tries to connect?
11-17-2011 09:36 AM
Hi,
Actually, on that one, I had no configuration for telnet.. SSH nor any cli access, so I think that should fit for you needs.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide