Options

ASA Buffered Log - What is this?

cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
in CCNP
<141>Feb 27 2009 11:43:14 ASA5520 : %ASA-5-611103: User logged out:
<142>Feb 27 2009 11:43:24 ASA5520 : %ASA-6-611101: User authentication succeeded:
<142>Feb 27 2009 11:43:24 ASA5520 : %ASA-6-611101: User authentication succeeded:
<142>Feb 27 2009 11:43:24 ASA5520 : %ASA-6-611101: User authentication succeeded:
<141>Feb 27 2009 11:43:25 ASA5520 : %ASA-5-611103: User logged out:


What are these numbers in front of the Timestamp? I have never seen those before on ANY of my firewalls.
· Share on FacebookShare on Twitter

Comments

  • Options
    mikearamamikearama Member Posts: 749
    Hey CT...

    I can't reproduce that on my ASA's no matter what I do... not in the buffered log, not in the syslogs, and not in the ASDM log. I see that you have both 5's and 6's in the mix, so I change all levels to Notification... no difference.

    I'm running ASA version 8.0(4) and ASDM 6.1(5) on a pair of 5540's and a pair of 5550's. You?
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
    · Share on FacebookShare on Twitter
  • Options
    cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    8.0(4) and 6.1(5) on a 5520. I'm wondering if it is specific to AAA. It isn't like that for all messages.....
    · Share on FacebookShare on Twitter
  • Options
    cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    I have used these two configurations today:
    logging list VPN level informational class vpn
    logging list VPN level informational class vpnc
    logging buffered VPN
    logging list RemoteAccess message 113001-113999
    logging list RemoteAccess message 316001-316999
    logging list RemoteAccess message 320001-320999
    logging list RemoteAccess message 611102
    logging list RemoteAccess message 713001-713235
    logging list RemoteAccess message 713237-713999
    logging buffered RemoteAccess
    · Share on FacebookShare on Twitter
  • Options
    cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    Still curious what these are if anyone gets bored with life. I haven't had time for any further research...
    · Share on FacebookShare on Twitter
  • Options
    APAAPA Member Posts: 959
    line numbers??? are they users logged into the ASA for management purposes??

    Could be telling the router to show exactly what vty line the users has taken....

    Looks quite similar to the output when you enable 'service linenumber' on a IOS router\switch
    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
    · Share on FacebookShare on Twitter
  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Syslog line numbers so if messages get lost you know about it (or so I was told :D).
    · Share on FacebookShare on Twitter
  • Options
    tierstentiersten Member Posts: 4,505
    dynamik wrote: »
    Syslog line numbers so if messages get lost you know about it (or so I was told :D).
    Nah. They're not sequential and they're repeated for one :)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.