cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
655
Views
9
Helpful
5
Replies

Logging PIX usage

netsec123
Level 1
Level 1

Hi.

We have a very interesting problem. Using KIWI as a syslog server, we are trying to record each and every time a user logs into a pix or asa device and ALSO every command entered. Is this possible via programming on the security device OR MUST it be done on syslog???

Thanks!

5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

Go over this document, it is all here, all is based on what you instruct the asa appliencen on what msgs be sent to the syslog server.

http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logconf.html

the messages that are generated by the asa when it is conigured by someone or any admin changes on the device falls under the "notification messages severity level 5", after you go over the 1st document above you can sort of filter the messages you want the asa to send to the syslog system.

Messages categories

http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logsev.html

lastly this will provide you with messages

meanings.

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html

HTH

Jorge

Jorge Rodriguez

Thank you very very much. I will review these docs and if I have any ?, hope I can reach out again. :)

Cheers.

Also, is there any way to record the show commands somebody enters as well..

for command recording you would have to implement a cisco secure access control sevices solution implementing tacacs+ , with this solution you can record commands entered in devices.. if there is any other way perhaps someone could share that information.

Link to Cisco secure access control services.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_qanda_item0900aecd80108148.shtml

Rgds

Jorge

Jorge Rodriguez

THANK YOU SO MUCH!

This actually helps a lot!

Cheers!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: