Login and logout Syslog messages

Each time a user logs in or out of ASMS, a log entry is created in the /var/log/messages directory. This includes internal logins, such as when FireFlow opens a session to run a traffic simulation query in AFA.

Tip: AFA can also send syslog messages to a remote server. Configure the remote server in the AFA Administration area. For more details, see Configure ASMS to generate and send syslog messages .

Login and logout syslog message contents

Syslog entries for login and logout events include the following details:

  • Date and time

  • ASMS build version

  • Event name, such as "Successful login". For details, see Login and logout syslog event reference.

  • Severity level: 0

  • The domain ID. This should always appear as NONE.

  • The username.
  • The IP address of the browsing computer. Internal events do not include the IP address, because it will always be the localhost.

Login and logout syslog event reference

The following table lists basic login and logout events that generate Syslog messages. Your system may generate additional messages depending on your configuration.

Message Description
Internal Connection Internal connection event
Internal Connection - Manual logout

Internal connection event related to a manual logout

Internal Connection - Session expired logout

Internal connection event related to a logout due to a session expiration

Internal Connection - Successful login

Internal connection event related to a successful login

Login Failed - System Error Log in failed because of a system error.
Manual logout User manually logged out
Session Expired User session expired and user is logged out
Successful login Successful login occurred
Unsuccessful login Log in failed because of invalid input. Additional details about the failure are included in the message.

Sample login and logout Syslog messages

Successful login event

Mar  2 09:29:56 localhost : CEF:0|AlgoSec|Suite|afa Wed Feb 22 09:56:46 IST 2017|Successful login|Successful login|0|NONE|user=admin IP=192.168.201.1

Unsuccessful login because of user input

Mar  2 09:36:22 localhost : CEF:0|AlgoSec|Suite|afa Wed Feb 22 09:56:46 IST 2017|Unsuccessful login|Unsuccessful login|0|NONE|user=admina IP=192.168.201.1

Unsuccessful login because of a system error

Feb  5 16:15:59 afa-4-126 : CEF:0|AlgoSec|Suite|v6.11.0-b390|Login Failed - System Error|Login Failed - System Error|0|NONE|user=admin IP=192.168.3.216

Internal login

Mar  2 09:45:30 localhost : CEF:0|AlgoSec|Suite|v6.11.0-b495|Internal Connection|Internal Connection|0|NONE|user=FireFlow_batch

Manual logout

Mar  2 09:36:13 localhost : CEF:0|AlgoSec|Suite|afa Wed Feb 22 09:56:46 IST 2017|Manual logout|Manual logout|0|NONE|user=admin IP=192.168.201.1

Session Expired

Jan 29 19:26:35 localhost : CEF:0|AlgoSec|Suite|v6.11.0-b310|Session Expired|Session Expired|0|NONE|user=admin IP=192.168.201.1

 

Note: By default, timeout occurs after the session is inactive for 5 hours.