Cisco Preparative Procedures & Operational User Guide
© 2016 Cisco Systems, Inc. All rights reserved.
SFR
Auditable
Event
Actual Audited Event
FCS_TLSS_EXT.1
Failure to
establish an
TLS Session
%FPRM-6-AUDIT: [session][internal][creation][internal][211634][sys/user-
ext/web-login-admin-web_60027_A][id:web_60027_A, name:
USERNAME
policyOwner:local][] Web A: local user
USERNAME
logged in from
IP_ADDRESS
%FPRM-6-AUDIT: [session][internal][deletion][internal][1205449][sys/user-
ext/user-
USERNAME
/ term-web_27244_A][sys/user-ext/user-
USERNAME
/term-web_27244_A][] Fabric A: user
USERNAME
terminated session id
ttyS0_1_3038
%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user
USERNAME
from
IP_ADDRESS
- httpd[8515]
%AUTHPRIV-5-SYSTEM_MSG: pam_unix(aaa:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost= user=
USERNAME
- aaad
%LOCAL0-6-SYSTEM_MSG: authentication failed - httpd[8501]
%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user
USERNAME
from
IP_ADDRESS
- httpd[8501]
%AUTHPRIV-5-SYSTEM_MSG: Login failed for user
USERNAME
-
httpd[8501]
%USER-6-SYSTEM_MSG: [ssl:info] [pid 8926:tid 1823603600] [client
IP_ADDRESS
:60782] AH02008: SSL library error 1 in handshake (server
IP_ADDRESS
:443) - httpd[8926]
%USER-6-SYSTEM_MSG: [ssl:info] [pid 8926:tid 1823603600] SSL Library
Error: error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls
allowed in fips mode - httpd[8926]
%USER-6-SYSTEM_MSG: [ssl:info] [pid 8926:tid 1823603600] [client
IP_ADDRESS
:60782] AH01998: Connection closed to child 124 with abortive
shutdown (server
IP_ADDRESS
:443) - httpd[8926]
FIA_UIA_EXT.1
All use of the
identification
and
authentication
mechanism.
See FIA_UAU_EXT.2.
FIA_UAU_EXT.2
All use of the
identification
and
authentication
mechanism.
%FPRM-6-AUDIT: [session][internal][creation][internal][213524][sys/user-
ext/sh-login-admin-ttyS0_1_6336][id:ttyS0_1_6336, name:
USERNAME
,
policyOwner:local][] Fabric A: local user
USERNAME
logged in from console
%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user
USERNAME
from console - login
Fabric A: user
USERNAME
terminated session id pts_0_1_7451
Affected Object: sys/user-ext/user-admin/term-pts_0_1_7451
FIA_X509_EXT.1
Unsuccessful
attempt to
validate a
%AUTHPRIV-6-SYSTEM_MSG: 11[IKE] sending end entity cert "C=US,
ST=CA, O=Cisco, OU=STBU, CN=
D_NAME
" - charon-custom
%AUTHPRIV-6-SYSTEM_MSG: 11[IKE] establishing CHILD_SA test -