https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050233#M895258 <P>Good morning.</P><P>For auditing purposes, we need to log which commands where type into the ASA console, with user and time.</P><P>Could you tell me which is the command? I can't find it... it has change from "Archive".</P><P>This will also log the commands introduced via the graphic interphase, right? After all, it's just a front end that sends commands to the cisco router.</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 13:55:51 GMT juanscopp 2019-03-11T13:55:51Z https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050233#M895258 <P>Good morning.</P><P>For auditing purposes, we need to log which commands where type into the ASA console, with user and time.</P><P>Could you tell me which is the command? I can't find it... it has change from "Archive".</P><P>This will also log the commands introduced via the graphic interphase, right? After all, it's just a front end that sends commands to the cisco router.</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 13:55:51 GMT https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050233#M895258 juanscopp 2019-03-11T13:55:51Z https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050234#M895263 <HTML><HEAD></HEAD><BODY><P>Well you could do it via AAA, even with that the ASA will only show the username enable_15. Even if you do 'logging buffered debug' you will see each command typed, but it won't should you the specific user:</P><P></P><P>111008: User 'enable_15' executed the 'logging on' command</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sat, 11 Oct 2008 10:07:33 GMT https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050234#M895263 Farrukh Haroon 2008-10-11T10:07:33Z https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050235#M895268 <HTML><HEAD></HEAD><BODY><P>Well you should use AAA to complete your requirment or you can enable logging by building one logging server and using below mentioned commands</P><P>logging enable</P><P>logging timestamp</P><P>logging console informational</P><P>logging buffered informational</P><P>logging trap informational</P><P>logging facility 23</P><P>logging queue 2048</P><P>logging host <SERVER_INT_NAME> xxx.xxx.xxx.xxx(Loging server ip) format emblem (if using linex server)</SERVER_INT_NAME></P><P>logging host Inside_mgt 192.168.1.1(logging server Ip for window server</P></BODY></HTML> Sat, 11 Oct 2008 12:45:22 GMT https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050235#M895268 gcsnetexpert 2008-10-11T12:45:22Z https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050236#M895272 <HTML><HEAD></HEAD><BODY><P>Thanks for the response, guys, but it's not working.</P><P>I even tried using logging trap debugging, to send EVERYTHING to our syslog, and nothing... all I see is this level of logs, no other type of "User 'X' executed cmd:" messeges.:</P><P></P><P>201115721 10.3.1.1 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show version </P><P></P><P>201115735 10.3.1.1 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show running-config aaa authorization </P><P></P><P>201115683 10.3.1.1 local7 15:17:20 Nov %ASA-7-111009: User 'X' executed cmd: show module 1 details </P><P></P><P>200968772 10.3.1.1 local7 09:34:14 Nov %ASA-7-111009: User 'X' executed cmd: show version </P><P></P><P>I can't see any other commands typed, it's very weird. I also tried with logging buffered debugging, sending the messeges to an FTP server and it's the same.</P><P>I can't see any more messeges than these.</P><P>Anyone has any more ideas?</P></BODY></HTML> Wed, 12 Nov 2008 12:25:40 GMT https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050236#M895272 juan.scopp 2008-11-12T12:25:40Z https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050237#M895275 <HTML><HEAD></HEAD><BODY><P>Hey, I just saw something on the net.</P><P>Those commands that were logged are READ ONLY commands, that why they are logged only on debugging level.</P><P>On notification (level 5), you get this kind of messeges.</P><P></P><P>%ASA-5-111008: User 'X' executed the 'dir disk0:/dap.xml' command.</P><P></P><P>On this, I don't get the messeges I should get about creating new access rule.</P><P>Anyone knows if these should be logged with the number 111008 also or is it another syslog number?</P><P></P><P>Thanks!</P><P></P></BODY></HTML> Wed, 12 Nov 2008 18:35:42 GMT https://community.cisco.com/t5/network-security/how-to-log-command-history-type-into-the-console/m-p/1050237#M895275 juan.scopp 2008-11-12T18:35:42Z