Cisco ISR 4000 series Configuration Manual page 52

Cisco ISR 4000 Family Routers Administrator Guidance
Requirement Auditable Events
FTA_SSL_EXT.1 Any attempts at
unlocking of an
[local] interactive
session.
FTA_SSL.3 The termination of
a remote session
by
locking
mechanism.
FTA_SSL.4 The termination of
an
session.
FTP_ITC.1 Initiation of the
trusted channel.
Termination of the
trusted channel.
Failure
trusted
functions.
Additional
Audit Record
Contents
invalid
certificate)
None.
No additional
information.
the session
No additional
interactive information.
Identification
of the initiator
and target of
failed trusted
channels
establishment
of the
attempt.
channel
Sample Record
ID: 147461 (syslogd) app_name: ssl
Process: syslogd
In the TOE this is represented by login
attempts that occur after the timeout of a
local administrative user.
001383: May 10 18:06:34.091: %SYS-6-
EXEC_EXPIRE_TIMER:
(0.0.0.0)) exec-timeout timer expired for
user securityperson
001384: May 10 18:06:34.091: %SYS-6-
EXIT_CONFIG: User securityperson has
exited tty session 0(0.0.0.0)
Audit record generated when SSH
session is terminated because of idle
timeout:
May 29 2012 15:18:00 UTC: %SYS-6-
TTY_EXPIRE_TIMER:
expired, tty 0 (0.0.0.0)), user admin
Audit record generate when admin logs
out of CONSOLE.
May 17 2011 16:29:09: %PARSER-5-
CFGLOG_LOGGEDCMD:
User:test_admin logged command:exit
Audit record generated when the admin
logs out of SSH:
Jun 18 11:17:36.653: SSH0: Session
terminated normally
AUDIT: See logs
FCS_IPSEC_EXT.1.
(tty 0
(exec timer
provided by
Page 52 of 66