08-01-2017 11:54 PM - edited 02-21-2020 06:13 AM
Hello Everyone,
wondering, how do we track FMC admin logs , I want to have a log about any changes that has been done in FMC ? like adding a new rule or updating existing one.
I know there is an audit log option in the FMC under configuration however using that I could not see detailed information on what exact changes has been done by the users.
below syslog output that has been generated by FMC :
<14>Aug 01 06:39:42 sfdccsm: [testfmc] testfmc fmcadmin@IP address, Policies > Access Control > Access Control > Firewall Policy Editor, Save Policy Testing Policy
Looking at above logs , we can see that fmcadmin has done some changes in the access control section and save the policies , however how to track what changes he has done by this user ? if fmcadmin has created a new rule or edited an existing one.
Thanks for help!
08-05-2017 02:17 PM
Version 6.2.2 will introduce more verbose audit logs for access control policy changes. As of now there is no way to track changes using the audit log.
09-16-2018 09:50 PM
Hi Prashant
Can you share version of FMC
11-30-2020 03:44 AM
Hi ,
Is there any way to collect from FMC 6.7 access control changes done by all users?
Thanks,
Gal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide