Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
4
Replies

User logging

alain.bider
Level 1
Level 1

‎03-09-2005 05:07 AM - edited ‎03-09-2019 10:34 AM

Hi all,

Is there any command where I can log users accessing PIX via telnet or pdm??

Regards,

Alain

Labels:
0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎03-09-2005 06:02 AM

Hi Alain,

how is the authentication done ? if it is local, then there isnt a way in pix to log the users. you cannot get any historical data. If you have a Cisco ACS, you can account for the users logging in the device.

However, you can see the present connections on the PIX by using the who command.

pixfirewall# who

0: From 192.168.1.3

1: From 192.168.2.2

hope this helps.. all the best.

Raj

0 Helpful

alain.bider
Level 1
Level 1
In response to sachinraja

‎03-09-2005 06:35 AM

Hi Raj,

Thanks for the quick response.

If I enable logging i get tons of messages. Is it possible to log specific messages?? like:

710001: TCP access requested from 192.168.0.117/1408 to inside:192.168.0.250/telnet

710002: TCP access permitted from 192.168.0.117/1408 to inside:192.168.0.250/telnet

This would more or less solve my problem (only having IP address of accessing device)

Regards

0 Helpful

shannong
Level 4
Level 4
In response to alain.bider

‎03-09-2005 10:41 AM

There are several other messages associated with user access and actions. 502103 would be useful way to track user login since you can't doing anything without being in enable mode.

502103: User priv level changed: Uname: shannon From: 1 To: 15

111008: User 'shannon' executed the 'enable' command.

111009: User 'shannon' executed cmd: show conn

Another advantage is that the first two are level 5 messages. If you turn on logging to level 5, you won't get level 6 and 7 messages.

There are 19 other level 5 messages. While you can't turn on just a single message, you could lower the logging level of this message to something like 3 and then only syslog at that level. Level 3 is errors and it would be good to capture others messages from this level and lower.

logging on

logging trap 3

logging host inside 1.1.1.1

logging message 502103 level 3

0 Helpful

alain.bider
Level 1
Level 1
In response to shannong

‎03-10-2005 01:51 AM

Thanks for your valuable input.

Is it also valide for login over pdm? I believe so, but not sure

Regards

0 Helpful
Customers Also Viewed These Support Documents