Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15643
Views
0
Helpful
4
Replies

Admin logs to monitor all the changes done in ESA

Go to solution
Chandan Visweswara
Level 1
Level 1

‎05-15-2014 11:25 AM

We have a situation wherein we want to see who accessed the Ironport ESA appliance and did a configuration change. Would we be able to do it? or Can Cisco Support can find it out from backend?

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Wertz
Level 1
Level 1

‎05-15-2014 01:45 PM

Grep your system_logs files for the word "commit".  That will list the date/time and person who committed a change, along with their description of the change if they provided one.  Of course, their description is only as accurate as they wanted it to be.

Wed May  7 12:42:34 2014 Info: PID 1633: User jsmith commit changes: Added SMTP route for new email domain new.mycompany.com.

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Scott Wertz
Level 1
Level 1

‎05-15-2014 01:45 PM

Grep your system_logs files for the word "commit".  That will list the date/time and person who committed a change, along with their description of the change if they provided one.  Of course, their description is only as accurate as they wanted it to be.

Wed May  7 12:42:34 2014 Info: PID 1633: User jsmith commit changes: Added SMTP route for new email domain new.mycompany.com.

 

0 Helpful

Go to solution
Anilkumar48
Level 1
Level 1

‎07-19-2019 12:48 AM

I have the same scenario wherein the client is asking for System_logs from ESA to review the "Commit" comments from 6 months. 

 

I am using the CES and have GUI access. 

 

Is there any way I can access these logs by using the GUI? 

0 Helpful

Go to solution
Prab
Level 1
Level 1
In response to Anilkumar48

‎06-08-2020 05:53 AM - edited ‎06-08-2020 07:09 AM

Yes, you can download the log files from the from CES GUI.

 

You have to use the following URL. Login to the CES cluster and then navigate to the following URL.

Replace the hostname with your CES hostname in the following URL. Change the URL parameters to download different log files.

Example URL, this will download the log file named smtp:

 https://XXX.eu.iphmx.com/cluster/system_administration/log_list?log_type=smtp

 

 

You can have the SSH access to the Cloud CES.

You need to create a support ticket. Also, you could download/upload the files from CES using the PSCP access.

 

To upload a file to the CES cluster:

pscp.exe -P 2200 C:\Users\Desktop\domainmap.txt cesusername@127.0.0.1:/configuration/

The above command will upload the file "domainmap.txt" located on the local machine under the "C:\Users\Desktop\" directory to the CES cluster's configuration directory

 

To export a file from the CES cluster:

pscp.exe -P 2200 cesusername@127.0.0.1:/configuration/smtp-routes C:\Users\Desktop

The above command will download the file "smtp-routes" located on the CES cluster's configuration directory to the local machine under the "C:\Users\Desktop\" directory

0 Helpful

Go to solution
Anilkumar48
Level 1
Level 1

‎07-19-2019 12:48 AM

I have the same scenario wherein the client is asking for System_logs from ESA to review the "Commit" comments from 6 months. 

 

I am using the CES and have GUI access. 

 

Is there any way I can access these logs by using the GUI? 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents