11-24-2010 08:31 PM
Hi,
Is it possible for CSMARS v6.0 to fectch data & generate report from the ASA v8.2 of local user authentication. There no ACS nor syslog in the network.
Thanks in advance.
Regards,
Shivani Singh
11-29-2010 01:01 AM
Shivani
The ASA does not fetch info from the ASA, but rather receives syslogs. You can configure the ASA to send syslogs relating to local authentication to the MARS and then configure the MARS to run reports for this information. eg:
logging trap warnings
logging message 113012 level warnings
logging message 113015 level warnings
Nov 29 2010 10:23:16: %ASA-4-113015: AAA user authentication Rejected : reason = Invalid password : local database : user = mwinnett
Nov 29 2010 10:23:19: %ASA-4-113012: AAA user authentication Successful : local database : user = mwinnett
Matthew
11-30-2010 02:11 AM
Hi Matthew,
Thanx for repling but if we configure aaa local what can be:-
1) the consequences on the existing users
2) since VPN users are also authenticated locally can i get logs for the same on CSMARS.
If yes what kind of reporting should be fine tuned inorder to achieve the same.
Regards,
Shivani.
11-30-2010 02:19 AM
Shivani
The changes proposed are only to change the loggings level, so wont affect anything else. Can you post the output of
show runn logg
show runn aaa
Can you set collect the logging level 7 output for a vpn connection (with good and bad authentication) and we can take a look and see what are the most appropriate messages to send to the MARS.
Matthew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide