Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4231
Views
0
Helpful
2
Replies

Audit Log on WSA and ESA

Abbas Ravat
Level 1
Level 1

‎09-22-2020 11:37 PM

Dear Colleagues

I want to configure Audit Log for configuration changes on WSA and ESA.

-How can I configure to send Audit log to SIEM.

-How to give access to audit log to users logged in to WSA/ESA.

Please advice.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎09-23-2020 02:04 AM

is this device managed by SMA ? or managed standalone. - either case proceedure same, if you doing central management you need to perform in SMA.

 

Login to ESA / WSA /. SMA

system administration --> Log subscription.

click add log subscription

Logtype --select audit log from pull down menu.

 

Select method how you like to ship logs to SIEM

 

Hope this help you ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Ken Stieers
VIP
VIP

‎09-23-2020 08:04 AM

Logs in the ESA and WSA can be sent at syslog...

In the gui, it's under System Administration/Log Subscriptions.



You probably want to turn on "CLI Audit Logs" and maybe "Configuration History Logs"

You'll probably have to write some parsing rules in the SEIM

Log types, descriptions and log examples are in the online help file.



Ken




0 Helpful
Customers Also Viewed These Support Documents