CES Audit log

ymadheka · ‎03-02-2017

Hi Team,

In the CES console for the audit log there is no option for check the administrative activities carried out to check what changes has been made by an administrative user. As per my research cisco.com it is not a configurable option.

Can you please advise is there any feature request planned for this?

Appreciate your help here.

Thanks & Regards,

Yogesh Madhekar

Libin Varghese · ‎03-02-2017

Hi Yogesh,

All commit made to the appliance are logged in the system logs. So searching for the word commit in the system logs would show you when changes were made along with any comments that were provided.

You can also configure configuration history logs under System Administration -> Log Subscriptions to save a copy of the configuation file automatically whenever a commit is performed. You can then compare the configuration files to see what changes were made.

You should be able to download the log files directly from Log Subscriptions or by using FTP to the device.

If this does not match your requirement there is the below feature request for ESA to enhance logging further.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv82635/?reffering_site=dumpcr

Thank You!
Libin Varghese

ymadheka · ‎03-02-2017

Hi Libin,

Thanks for the quick reply.

In case of the comments not added by the user during the commit the logs doesn't indicate the changes made the logged in admin user, so customer would like to see what configuration changes were done by the user to be used as forensics in future of the changes done on the console.

Libin Varghese · ‎03-02-2017

That would be a manual process by comparing difference in configuration files after configuration history logs are configured.

Detailed audit logs are not available separately and are being tracked by the feature request I shared earlier.

- Libin V

ymadheka · ‎03-02-2017

Thanks for the quick revert.

Will convey the same to the customer, let you know in case of any concerns raised.