Logging PIX usage

Unanswered Question
Jul 21st, 2007

Hi.

We have a very interesting problem. Using KIWI as a syslog server, we are trying to record each and every time a user logs into a pix or asa device and ALSO every command entered. Is this possible via programming on the security device OR MUST it be done on syslog???

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
JORGE RODRIGUEZ Sat, 07/21/2007 - 20:50

Go over this document, it is all here, all is based on what you instruct the asa appliencen on what msgs be sent to the syslog server.

http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logconf.html

the messages that are generated by the asa when it is conigured by someone or any admin changes on the device falls under the "notification messages severity level 5", after you go over the 1st document above you can sort of filter the messages you want the asa to send to the syslog system.

Messages categories

http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logsev.html

lastly this will provide you with messages

meanings.

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html

HTH

Jorge

netsec123 Sun, 07/22/2007 - 06:06

Thank you very very much. I will review these docs and if I have any ?, hope I can reach out again. :)

Cheers.

netsec123 Sun, 07/22/2007 - 06:46

Also, is there any way to record the show commands somebody enters as well..

JORGE RODRIGUEZ Sun, 07/22/2007 - 09:50

for command recording you would have to implement a cisco secure access control sevices solution implementing tacacs+ , with this solution you can record commands entered in devices.. if there is any other way perhaps someone could share that information.

Link to Cisco secure access control services.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_qanda_item0900aecd80108148.shtml

Rgds

Jorge

Actions

This Discussion