07-21-2007 11:40 AM - edited 03-11-2019 03:47 AM
Hi.
We have a very interesting problem. Using KIWI as a syslog server, we are trying to record each and every time a user logs into a pix or asa device and ALSO every command entered. Is this possible via programming on the security device OR MUST it be done on syslog???
Thanks!
07-21-2007 08:50 PM
Go over this document, it is all here, all is based on what you instruct the asa appliencen on what msgs be sent to the syslog server.
http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logconf.html
the messages that are generated by the asa when it is conigured by someone or any admin changes on the device falls under the "notification messages severity level 5", after you go over the 1st document above you can sort of filter the messages you want the asa to send to the syslog system.
Messages categories
http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logsev.html
lastly this will provide you with messages
meanings.
http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html
HTH
Jorge
07-22-2007 06:06 AM
Thank you very very much. I will review these docs and if I have any ?, hope I can reach out again. :)
Cheers.
07-22-2007 06:46 AM
Also, is there any way to record the show commands somebody enters as well..
07-22-2007 09:50 AM
for command recording you would have to implement a cisco secure access control sevices solution implementing tacacs+ , with this solution you can record commands entered in devices.. if there is any other way perhaps someone could share that information.
Link to Cisco secure access control services.
Rgds
Jorge
07-22-2007 10:37 AM
THANK YOU SO MUCH!
This actually helps a lot!
Cheers!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: