Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures page 50

Requirement Auditable
FIA_UIA_EXT. All use of the
1 identification
and
authentication
mechanism.
FIA_UAU_EXT. All use of the
2 authentication
mechanism.
Additional Audit
Events Record Contents
Provided user
identity, origin of
the attempt (e.g., IP
address).
Origin of the
attempt (e.g., IP
address).
Sample Record
[Source: 100.1.1.5] [localport: 22] at 11:31:35 UTC
Mon Jun 18 2012
Feb 8 06:47:17.041: %SSH-5-SSH2_CLOSE: SSH2
Session from 1.1.1.1 (tty = 0) for user 'cisco' using
crypto cipher 'aes256-cbc', hmac 'hmac-sha1-96'
closed

See Audit events in FIA_UAU_EXT.2

Login as an administrative user at the console
Username: auditperson
Password:
ASR-SL-491>?
000278: *Apr 23 07:11:56: %SEC_LOGIN-5-
LOGIN_SUCCESS: Login Success [user:
auditperson] [Source: 0.0.0.0] [localport: 0] at
07:11:56 UTC Thu Apr 23 2009?

Failed login via the console does not allow any
actions
Username: auditperson
Password:
% Authentication failed
Username:
000254: *Apr 26 00:45:43.340: %SEC_LOGIN-4-
LOGIN_FAILED: Login failed [user: auditperson]
[Source: 0.0.0.0] [localport: 0] [Reason: Login
Authentication Failed] at 23:45:43 a Sat Apr 25 2009

Successful login via ssh
Mar 24 07:30:02.488: \%SEC_LOGIN-5-
LOGIN_SUCCESS: Login Success [user: admin15]
[Source: 10.21.0.101] [localport: 22] at 07:30:02
EDT Tue Mar 24 2015

Failed login via ssh
Page 50 of 72