07-21-2007 11:40 AM - edited 03-11-2019 03:47 AM
Hi.
We have a very interesting problem. Using KIWI as a syslog server, we are trying to record each and every time a user logs into a pix or asa device and ALSO every command entered. Is this possible via programming on the security device OR MUST it be done on syslog???
Thanks!
07-21-2007 08:50 PM
Go over this document, it is all here, all is based on what you instruct the asa appliencen on what msgs be sent to the syslog server.
http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logconf.html
the messages that are generated by the asa when it is conigured by someone or any admin changes on the device falls under the "notification messages severity level 5", after you go over the 1st document above you can sort of filter the messages you want the asa to send to the syslog system.
Messages categories
http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logsev.html
lastly this will provide you with messages
meanings.
http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html
HTH
Jorge
07-22-2007 06:06 AM
Thank you very very much. I will review these docs and if I have any ?, hope I can reach out again. :)
Cheers.
07-22-2007 06:46 AM
Also, is there any way to record the show commands somebody enters as well..
07-22-2007 09:50 AM
for command recording you would have to implement a cisco secure access control sevices solution implementing tacacs+ , with this solution you can record commands entered in devices.. if there is any other way perhaps someone could share that information.
Link to Cisco secure access control services.
Rgds
Jorge
07-22-2007 10:37 AM
THANK YOU SO MUCH!
This actually helps a lot!
Cheers!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide