Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1771
Views
0
Helpful
3
Replies

Traceability of changes via GUI

christoph.boesch
Level 1
Level 1

‎12-08-2011 04:59 AM

Hi all

I have the requirement that ALL configuration changes (CLI and GUI) are traceable (=logs sent to our central syslog server).

For CLI changes, I just had to create a new cli-logs-subscription and forward the logs to the syslog server. Now every command is perfectly logged.

But for GUI changes, I haven't managed to achieve full traceability of changes. If I use a "HTTP log subscription", I can only see HTTP Requests, but NOT which values and parameters have been changed.

Any possibility to make GUI changes completely traceable?

Thanks & regards!

Chris

Labels:
0 Helpful
3 Replies 3

Enrico Werner
Cisco Employee
Cisco Employee

‎12-08-2011 08:02 AM

Hi Chris,

I agree that it is not very pleasant to search in the GUI log file, but it is the right file if you want to trace back configuration changes made on the GUI.

AsyncOS 7.5 includes a configuration history log that consists of a configuration file with an additional section listing the name of the user, a description of where in the configuration the user made changes, and the comment the user entered when committing the change. Each time a user commits a change, a new log is created containing the configuration file after the change.

Version 7.5 should be released in the next few days/weeks.

Best regards,

Enrico

0 Helpful

christoph.boesch
Level 1
Level 1
In response to Enrico Werner

‎12-08-2011 11:15 PM

Hi Enrico

Thanks for your answer!

The GUI log only displays which pages have been requested, but not which values have been changed. So IMHO it's not possible to trace back configuration changes with this log.

I'm already using 7.5 and configuration history log, but unfortunately it's not possible to export this information via syslog.

Any other possibilities?

Regards

Chris

0 Helpful

Enrico Werner
Cisco Employee
Cisco Employee
In response to christoph.boesch

‎12-09-2011 01:36 AM

Hi Chris,

below is an example from the GUI log which shows a commit for a content filter creation:

Fri Dec  9 10:13:02 2011 Info: req:144.254.42.170 user:admin id:qIjQj3CkVncB88I2QaG7 200 GET /commit?referrer=https://10.31.110.70/mail_policies/email_security_manager/incoming_content_filters HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1

So the trick is to grep for "GET /commit".

The configuration log is dumping the entire configuration to the disk which may have as much as several megabytes in size. For this particular file you could SCP push to some external server instead of using syslog.

Best regards,

Enrico

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents