cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
27460
Views
0
Helpful
4
Replies

Configuration last modified

1salvarez
Level 1
Level 1

Does the ASA keep a log of changes or the users that made them? See the attachment. I'm hoping there's a command that'll show atleast a list of when changes were made.

1 Accepted Solution

Accepted Solutions

From the configuration of your syslog settings, you should already have syslog 111008 as it is syslog message level 5 (notification).

View solution in original post

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

The output of "show version" has a line that shows you when last configuration changes were made. The same as your attached screenshot.

Or, you can also have a syslog to log whenever a user entered any command into the ASA. It's syslog# 111008:

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4769400

If you would like to see the changes or the command that you entered within the same telnet/ssh session, you can issue "show history", and it will list down all the commands that you entered during that session. The history will be lost if you log out of the session. More information on the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s3.html#wp1463076

Hope that answers your question.

We already have a syslog server set up. How do I add 111008.

logging enable
logging timestamp
logging console notifications
logging monitor notifications
logging buffered informational
logging trap informational
logging history warnings
logging asdm informational
logging facility 18
logging host inside 192.X.X.X
logging class auth console emergencies history warnings monitor emergencies trap emergencies

I was hoping the following was the way to go:

ASDM Configuration

This procedure shows an ASDM configuration for Example 2 with the use of the message       list.

  1. Choose Event Lists under Logging and click             Add in order to create a message list.

    /image/gif/paws/63884/pix70-syslog-10.gif

  2. Enter the name of the message list in the Name box. In this case             my_critical_messages is used. Click Add under             Event Class/Severity Filters.

    pix70-syslog-11.gif

  3. Choose the Event Class and Severity from the drop-down             menus.

    In this case, choose All and             Critical respectively. Click OK when you are             done.

    /image/gif/paws/63884/pix70-syslog-12.gif

  4. Click Add under the Message ID Filters if             additional messages are required.

    In this case, you need to put in messages with ID 611101-611323.

    /image/gif/paws/63884/pix70-syslog-13.gif

  5. Put in the ID range in the Message IDs box and click             OK.

    pix70-syslog-14.gif

  6. Go back to the Logging Filters menu and choose             Console as the destination.

  7. Click Use event list and choose             my_critical_messages from the drop- down menu. Click             OK when you are done.

    pix70-syslog-15.gif

  8. Click Apply after you return to the Logging             Filters window.

    pix70-syslog-16.gif

    This completes the ASDM configurations using message list as shown             in Example 2.

From the configuration of your syslog settings, you should already have syslog 111008 as it is syslog message level 5 (notification).

Hello

This is just for information.

We got NCM from solarwinds ( Network Configuration Manager ) ; which takes automatic Backup and sends Email Alert when ever there is configuration changes. We deployed this long time back as we didnt manage to get this working using ASDM

If you need more information on NCM check www.solarwinds.com

thanks

ST

Review Cisco Networking for a $25 gift card