Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2032
Views
0
Helpful
1
Replies

collecting ASA firewall configuration change logs through ASDM

Go to solution
cyberops123
Level 1
Level 1

‎02-19-2018 11:44 AM - edited ‎02-21-2020 07:22 AM

Hi

I work in Security team and our network team is responsible with Company Firewalls .they dont really use CLI at all for configuration changes on the ASAs and I was wondering if there is a way we can receive any syslog messages or alertswhen they make changes through with ASDM .(NAT configuration changes , removing or adding ACLs , etc ... )does anyone have any idea or experience with this before ?

 

currently we use SIEM to collect events from ASA via syslog but it doesnt really give details about configuration changes 

 

Thanks 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎02-19-2018 07:55 PM

You need to look for the flowing syslog messages.

111008

Error Message %ASA-5-111008: User *user* executed the command *string*

Explanation" The user entered any command, with the exception of a *show*
command.

Recommended Action" None required.

111010

Error Message %ASA-5-111010: User *username*, running *application-name* from
IP *ip addr*, executed*cmd*

Explanation: A user made a configuration change.

- *username* —The user making the configuration change
- *application-name* —The application that the user is running
- *ip addr* —The IP address of the management station
- *cmd* —The command that the user has executed

Recommended Action: None required.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎02-19-2018 07:55 PM

You need to look for the flowing syslog messages.

111008

Error Message %ASA-5-111008: User *user* executed the command *string*

Explanation" The user entered any command, with the exception of a *show*
command.

Recommended Action" None required.

111010

Error Message %ASA-5-111010: User *username*, running *application-name* from
IP *ip addr*, executed*cmd*

Explanation: A user made a configuration change.

- *username* —The user making the configuration change
- *application-name* —The application that the user is running
- *ip addr* —The IP address of the management station
- *cmd* —The command that the user has executed

Recommended Action: None required.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card