Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3328
Views
0
Helpful
3
Replies

Audit Logs for Security policy changes on FMC

prashant dwivedi
Level 1
Level 1

‎08-01-2017 11:54 PM - edited ‎02-21-2020 06:13 AM

Hello Everyone,

wondering, how do we track FMC admin logs , I want to have a log about any changes that has been done in FMC ? like adding a new rule or updating existing one.

I know there is an audit log option in the FMC under configuration however using that I could not see detailed information on what exact  changes has been done by the users. 

below syslog output that has been generated by FMC :

 <14>Aug 01 06:39:42 sfdccsm: [testfmc] testfmc fmcadmin@IP address, Policies > Access Control > Access Control > Firewall Policy Editor, Save Policy Testing Policy

Looking at above logs , we can see that fmcadmin has done some changes in the access control section and save the policies , however how to track what changes he has done  by this user ? if fmcadmin has created a new rule or edited an existing one. 

Thanks for help!

3 people had this problem
0 Helpful
3 Replies 3

Oliver Kaiser
Level 7
Level 7

‎08-05-2017 02:17 PM

Version 6.2.2 will introduce more verbose audit logs for access control policy changes. As of now there is no way to track changes using the audit log.

0 Helpful

osama.mehtab.ga
Level 1
Level 1

‎09-16-2018 09:50 PM

Hi Prashant

 

Can you share version of FMC 

0 Helpful

galw
Level 1
Level 1

‎11-30-2020 03:44 AM

Hi ,

Is there any way to collect from FMC 6.7 access control changes done by all users?

Thanks,

Gal 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card