How to log command history type into the console?

Unanswered Question
Oct 10th, 2008
User Badges:

Good morning.

For auditing purposes, we need to log which commands where type into the ASA console, with user and time.

Could you tell me which is the command? I can't find it... it has change from "Archive".

This will also log the commands introduced via the graphic interphase, right? After all, it's just a front end that sends commands to the cisco router.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Sat, 10/11/2008 - 03:07
User Badges:
  • Red, 2250 points or more

Well you could do it via AAA, even with that the ASA will only show the username enable_15. Even if you do 'logging buffered debug' you will see each command typed, but it won't should you the specific user:

111008: User 'enable_15' executed the 'logging on' command



gcsnetexpert Sat, 10/11/2008 - 05:45
User Badges:

Well you should use AAA to complete your requirment or you can enable logging by building one logging server and using below mentioned commands

logging enable

logging timestamp

logging console informational

logging buffered informational

logging trap informational

logging facility 23

logging queue 2048

logging host server ip) format emblem (if using linex server)

logging host Inside_mgt server Ip for window server

juan.scopp Wed, 11/12/2008 - 04:25
User Badges:

Thanks for the response, guys, but it's not working.

I even tried using logging trap debugging, to send EVERYTHING to our syslog, and nothing... all I see is this level of logs, no other type of "User 'X' executed cmd:" messeges.:

201115721 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show version

201115735 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show running-config aaa authorization

201115683 local7 15:17:20 Nov %ASA-7-111009: User 'X' executed cmd: show module 1 details

200968772 local7 09:34:14 Nov %ASA-7-111009: User 'X' executed cmd: show version

I can't see any other commands typed, it's very weird. I also tried with logging buffered debugging, sending the messeges to an FTP server and it's the same.

I can't see any more messeges than these.

Anyone has any more ideas?

juan.scopp Wed, 11/12/2008 - 10:35
User Badges:

Hey, I just saw something on the net.

Those commands that were logged are READ ONLY commands, that why they are logged only on debugging level.

On notification (level 5), you get this kind of messeges.

%ASA-5-111008: User 'X' executed the 'dir disk0:/dap.xml' command.

On this, I don't get the messeges I should get about creating new access rule.

Anyone knows if these should be logged with the number 111008 also or is it another syslog number?



This Discussion