Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2348
Views
5
Helpful
2
Replies

Audit Log Trail from Cisco ASA

NeWGuy1109
Level 1
Level 1

‎09-24-2019 09:06 AM - edited ‎02-21-2020 09:31 AM

Hello,

 

I need help in understanding the audit trail in Cisco ASA.

How can i cross check if audit logs are being generated in ASA and are being forwarded to syslog server correctly

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎09-24-2019 09:20 AM

Aan Accounting server (the third "A" in AAA) is the answer. An external RADIUS or TACACS+ server (like Cisco ISE) can keep a log of all actions.

 

You can also set the ASA to log all login and command execution actions and send those logs to an external syslog server.

 

logging enable
logging list cmds message 111009

logging trap cmds

logging host inside x.x.x.x

 

You can replace 'inside' with the name of interface where syslog server x.x.x.x resides.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

NeWGuy1109
Level 1
Level 1
In response to balaji.bandi

‎09-25-2019 07:21 AM

Thanks for the reply,

 

I am using an external syslog server where all informational logs re being forwarded.. however 111009 is classified as Debugging in syslog setup, so do i need to change it to Informational ?

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card