Syslog data in Rapid 7 is showing
‘ASA-6-113015: AAA user authentication Rejected : reason = User was not found : local database : user = ***** : user IP =’
This appears to be a new feature in Cisco and has to be turned off.
To change this we have to enter
→ no logging hide username
.>expert
Admin@fw:~$ sudo su
Password:
Root@fw:/home/admin# LinaConfigTool “no logging hide username”
Sources:
https://web.gxis.de/tiki/tiki-view_blog_post.php?postId=264
https://community.cisco.com/t5/network-security/no-logging-hide-username-ftd/td-p/4183332
https://quickview.cloudapps.cisco.com/quickview/bug/CSCur17006
https://bst.cisco.com/quickview/bug/CSCur55388