08-07-2012 01:49 PM - edited 02-21-2020 04:42 AM
On a router you can send configuration changes to the syslog server by doing,
conf t
archive
log config
logging enable
notify syslog
Then the router will send something like,
.Aug 3 13:12:00.776 PACIFIC: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:no interface Loopback76
if I had typed at the command line, "no int lo76"
How do you do this on the ASA?
Goal: I want to know when anybody does any kind of config on my ASA.
Solved! Go to Solution.
08-08-2012 10:24 AM
The syslog number 111008 and 111010 will log the command that is entered by user.
111010 is for configuration changes.
Here is the syslog for your information:
111008:
http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400
111010:
http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410
You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.
08-08-2012 10:24 AM
The syslog number 111008 and 111010 will log the command that is entered by user.
111010 is for configuration changes.
Here is the syslog for your information:
111008:
http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400
111010:
http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410
You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.
08-13-2012 10:22 AM
Thanks, here's what I did,
logging list notif-cfg-changes message 111008-111010
logging list notif-cfg-changes level errors
logging trap notif-cfg-changes
I think this means send those specific messages even though they are a higher numbered level (5) than the 'error' level 3. Then send level 3 messages.
My syslog server gets the 111008 messages.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1064820
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide