This message appears when a user is authenticated successfully and a management session starts.

The AAA transaction for a user associated with an IPSec or WebVPN connection was completed successfully. The user is the username associated with the connection.

The user associated with a IPSec or WebVPN connection has been successfully authenticated to the local user database. user is the username associated with the connection.

This message indicates that the remote access user was authenticated.

The WebVPN session has started for the user in this group at the specified IP address. When the user logs in via the WebVPN login page, the WebVPN session starts.

The WebVPN user has been successfully authenticated to the SSO server.

This message appears when the username is authenticated by the AAA server. The vpnuser is the WebVPN username.

This message indicates that an administrator has been authenticated successfully and a ASDM session was started. | An ASDM logging connection is started by a remote management client.

This message appears after an incorrect login attempt or a failed login to the security appliance. For all logins, three attempts are allowed per session, and the session is terminated after three incorrect attempts. For SSH and TELNET logins, this message is generated after the third failed attempt or if the TCP session is terminated after one or more failed attempts. For other types of management sessions, this message is generated after every failed attempt.

This message appears after an SSH session completes. If a user enters quit or exit, the terminated normally message displays. If the session disconnected for another reason, the text describes the reason.

A request for authentication to the local user database for a user associated with an IPSec or WebVPN connection has been rejected. Details of why the request was rejected are provided in the reason field. user is the username associated with the connection.

This is an indication that either an authentication or authorization request for a user associated with an IPSec or WebVPN connection has been rejected. Details of why the request was rejected are provided in the reason field. server_IP_address is the IP address of the relevant AAA server. user is the user name associated with the connection. aaa_operation is either authentication or authorization.

The AAA transaction for a user associated with an IPSec or WebVPN connection has failed due to an error or has been rejected due to a policy violation. Details are provided in the reason field. user is the username associated with the connection.

This is an indication that the AAA transaction for a user associated with an IPSec or WebVPN connection has failed due to an error or rejected due to a policy violation. Details are provided in the reason field. This event only appears when the AAA transaction is with the local user database rather than with an external AAA server. user is the username associated with the connection.

This is a AAA message. This message is displayed if the specified authentication request fails, possibly because of an incorrect password.

This is a AAA message. This message is displayed if a user is not authorized to access the specified address, possibly because of an incorrect password.

This message is displayed when a user tries to authenticate to an NT Auth domain that was configured for guest account access and the username is not a valid username on the NT server. The connection is denied.

The AAA transaction for a user associated with an IPSec or WebVPN connection has failed due to an error or rejected due to a policy violation. Details are provided in the reason field. server_IP_address is the IP address of the relevant AAA server. user is the username associated with the connection.

This is a security appliance management message. This message is displayed after the specified number of times a user incorrectly types the password to enter privileged mode. The maximum is three attempts.

User authentication failed when attempting to access the security appliance.

The security appliance server has sent the security appliance a message indicating that this user must be restricted. There are several reasons for this including security appliance software upgrades, changes in permissions, and so on. The security appliance server will transition the user back into full access mode as soon as the operation has been completed. | This message indicates that the security appliance server has rejected this user.

This message indicates that the hardware client has failed extended authentication. This is most likely a username/password problem or authentication server issue. | This message indicates that the remote user has failed to extend authentication. This is most likely a username or password problem or authentication server issue.

The client returned an invalid length username and the tunnel was torn down.

This event will contain a reason string

A user attempted to log in to a server via the CIFS protocol but was not successful.

Before a WebVPN session starts, the user must be authenticated successfully by a local or remote server (for example, RADIUS or TACACS+). In this case, the user credentials (user name and password) either did not match or the user does not have permission to start a WebVPN session.

A user was unable to log in to WebVPN because the system is in the process of rebooting.

The WebVPN user failed to authenticate to the SSO server.

This message appears when the username is denied by the AAA server. The session will be aborted. The user is not allowed to access the e-mail account. The vpnuser is the WebVPN username.

A locally configured user is being locked out. This happens when a configured number of consecutive authentication failures have occurred for this user and indicates that all future authentication attempts by this user will be rejected until an administrator unlocks the user using the clear aaa local user lockout command. user is the user that is now locked and number is the consecutive failure threshold configured with the aaa local authentication attempts max-fail command.

A locally configured user that was locked out after exceeding the maximum number of consecutive authentication failures set by the aaa local authentication attempts max-fail command has been unlocked by the indicated administrator.

This message indicates that a ASDM session ended.

The user entered any command, with the exception of a show command.

This message is displayed when you enter the write command to store your configuration on a device (either floppy, Flash memory, TFTP, the failover standby unit, or the console terminal). The IP_address indicates whether the login was made at the console port or with a Telnet connection.

This is a management message. This message is displayed when you erase the contents of Flash memory by entering the write erase command at the console. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.

This message is displayed when you enter the reload or configure command to read in a configuration. The device text can be floppy, memory, net, standby, or terminal. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.

This message is displayed when a request to clear the module configuration is completed. The source file and line number are identified.

The group policy that is associated with the tunnel-group is being overridden with a user specific policy, policy_name. The policy_name is specified using the username command when LOCAL authentication is configured or is returned in the RADIUS CLASS attribute when RADIUS authentication is configured.

An address translation slot was created. The slot translates the source address from the local side to the global side. In reverse, the slot translates the destination address from the global side to the local side.