<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Cisco ASA Logging of Bad Password Attempts in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Cisco-ASA-Logging-of-Bad-Password-Attempts/m-p/68123#M13790</link>
    <description>&lt;P&gt;You should be looking for:&lt;/P&gt;

&lt;P&gt;%ASA-6-605004: Login denied from source-address/source-port to interface:destination/service for user “username”&lt;/P&gt;

&lt;P&gt;%ASA-6-605005: Login permitted from source-address/source-port to interface:destination/service for user “username”~&lt;/P&gt;

&lt;P&gt;Log level has to be set to informational. Event ID is 605004.&lt;/P&gt;</description>
    <pubDate>Wed, 20 Mar 2013 16:59:03 GMT</pubDate>
    <dc:creator>krugger</dc:creator>
    <dc:date>2013-03-20T16:59:03Z</dc:date>
    <item>
      <title>Cisco ASA Logging of Bad Password Attempts</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Cisco-ASA-Logging-of-Bad-Password-Attempts/m-p/68122#M13789</link>
      <description>&lt;P&gt;I am trying to log "Bad Passwords" or "Access Denied" attempts on the ASA and alert on them with Splunk:&lt;/P&gt;

&lt;P&gt;I have the Cisco ASA 5510 Syslog setup and pointed to Splunk and I am getting data into Splunk but cannot search and see find the bad password attempts.  I am running Cisco 8.2.1 I have changed the logging trap warnings to notifications with no effect. &lt;/P&gt;

&lt;P&gt;logging enable&lt;BR /&gt;
logging console notifications&lt;BR /&gt;
logging trap warnings&lt;BR /&gt;
logging device-id hostname&lt;BR /&gt;
logging host inside 10.1.100.110&lt;/P&gt;</description>
      <pubDate>Wed, 20 Mar 2013 16:41:07 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Cisco-ASA-Logging-of-Bad-Password-Attempts/m-p/68122#M13789</guid>
      <dc:creator>prosyspath</dc:creator>
      <dc:date>2013-03-20T16:41:07Z</dc:date>
    </item>
    <item>
      <title>Re: Cisco ASA Logging of Bad Password Attempts</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Cisco-ASA-Logging-of-Bad-Password-Attempts/m-p/68123#M13790</link>
      <description>&lt;P&gt;You should be looking for:&lt;/P&gt;

&lt;P&gt;%ASA-6-605004: Login denied from source-address/source-port to interface:destination/service for user “username”&lt;/P&gt;

&lt;P&gt;%ASA-6-605005: Login permitted from source-address/source-port to interface:destination/service for user “username”~&lt;/P&gt;

&lt;P&gt;Log level has to be set to informational. Event ID is 605004.&lt;/P&gt;</description>
      <pubDate>Wed, 20 Mar 2013 16:59:03 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Cisco-ASA-Logging-of-Bad-Password-Attempts/m-p/68123#M13790</guid>
      <dc:creator>krugger</dc:creator>
      <dc:date>2013-03-20T16:59:03Z</dc:date>
    </item>
  </channel>
</rss>

