Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
5
Replies

How to find log from CSM for users tried with Wrong Password/Uname

MSJ1
Level 1
Level 1

‎08-05-2021 12:34 PM

Hello,

 

How to find log from CSM for users tried with Wrong Password/Uname.

 

Is there way to find the usernames from Cisco Security Manager for those failed to authenticate in ASA for AnyConnect VPN ?

 

What Event ID need to be will be responsible for this to log  ?

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎08-05-2021 12:49 PM

@MSJ1 

Try this syslog message:- 109006

 

Error Message%ASA-6-109006: Authentication failed for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.

Explanation The specified authentication request failed, possibly because of an incorrect password. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_4769484

 

0 Helpful

MSJ1
Level 1
Level 1
In response to Rob Ingram

‎08-05-2021 01:15 PM

Hello , @Rob Ingram

 

When I look at CSM and I filter with 109006 , it does not show me anything .

 

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to MSJ1

‎08-05-2021 01:55 PM

@MSJ1 

Is the ASA even configured to send those syslog events to CSM?

0 Helpful

MSJ1
Level 1
Level 1
In response to Rob Ingram

‎08-06-2021 05:26 AM

Hello @Rob Ingram 

 

I have below configured in ASA to send to CSM 

 

logging enable
logging buffer-size 100000
logging buffered debugging
logging trap debugging
logging asdm informational

 

logging host Inside CSM_IP

logging class auth console debugging
logging class webvpn console debugging
logging class svc console debugging
logging class ssl console debugging

0 Helpful

MSJ1
Level 1
Level 1
In response to MSJ1

‎08-10-2021 05:08 AM

Hello @Rob Ingram 

 

Can you suggest based on my last comment  ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents