wondering, how do we track FMC admin logs , I want to have a log about any changes that has been done in FMC ? like adding a new rule or updating existing one.
I know there is an audit log option in the FMC under configuration however using that I could not see detailed information on what exact changes has been done by the users.
below syslog output that has been generated by FMC :
<14>Aug 01 06:39:42 sfdccsm: [testfmc] testfmc fmcadmin@IP address, Policies > Access Control > Access Control > Firewall Policy Editor, Save Policy Testing Policy
Looking at above logs , we can see that fmcadmin has done some changes in the access control section and save the policies , however how to track what changes he has done by this user ? if fmcadmin has created a new rule or edited an existing one.
Thanks for help!
Version 6.2.2 will introduce more verbose audit logs for access control policy changes. As of now there is no way to track changes using the audit log.