08-01-2017 11:54 PM - edited 02-21-2020 06:13 AM
Hello Everyone,
wondering, how do we track FMC admin logs , I want to have a log about any changes that has been done in FMC ? like adding a new rule or updating existing one.
I know there is an audit log option in the FMC under configuration however using that I could not see detailed information on what exact changes has been done by the users.
below syslog output that has been generated by FMC :
<14>Aug 01 06:39:42 sfdccsm: [testfmc] testfmc fmcadmin@IP address, Policies > Access Control > Access Control > Firewall Policy Editor, Save Policy Testing Policy
Looking at above logs , we can see that fmcadmin has done some changes in the access control section and save the policies , however how to track what changes he has done by this user ? if fmcadmin has created a new rule or edited an existing one.
Thanks for help!
08-05-2017 02:17 PM
Version 6.2.2 will introduce more verbose audit logs for access control policy changes. As of now there is no way to track changes using the audit log.
09-16-2018 09:50 PM
Hi Prashant
Can you share version of FMC
11-30-2020 03:44 AM
Hi ,
Is there any way to collect from FMC 6.7 access control changes done by all users?
Thanks,
Gal
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: