Re: Audit Log on WSA and ESA

Abbas Ravat · ‎09-22-2020

Dear Colleagues

I want to configure Audit Log for configuration changes on WSA and ESA.

-How can I configure to send Audit log to SIEM.

-How to give access to audit log to users logged in to WSA/ESA.

Please advice.

balaji.bandi · ‎09-23-2020

is this device managed by SMA ? or managed standalone. - either case proceedure same, if you doing central management you need to perform in SMA.

Login to ESA / WSA /. SMA

system administration --> Log subscription.

click add log subscription

Logtype --select audit log from pull down menu.

Select method how you like to ship logs to SIEM

Hope this help you ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ken Stieers · ‎09-23-2020

Logs in the ESA and WSA can be sent at syslog...

In the gui, it's under System Administration/Log Subscriptions.

You probably want to turn on "CLI Audit Logs" and maybe "Configuration History Logs"

You'll probably have to write some parsing rules in the SEIM

Log types, descriptions and log examples are in the online help file.

Ken