Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
26771
Views
0
Helpful
2
Replies

ASA send syslog messages for configuration changes

Go to solution
Timothy Chan
Level 1
Level 1

ā€Ž08-07-2012 01:49 PM - edited ā€Ž02-21-2020 04:42 AM

On a router you can send configuration changes to the syslog server by doing,

conf t

archive

log config

logging enable

notify syslog

Then the router will send something like,

.Aug  3 13:12:00.776 PACIFIC: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin  logged command:no interface Loopback76

if I had typed at the command line, "no int lo76"

How do you do this on the ASA?

Goal:  I want to know when anybody does any kind of config on my ASA.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

ā€Ž08-08-2012 10:24 AM

The syslog number 111008 and 111010 will log the command that is entered by user.

111010 is for configuration changes.

Here is the syslog for your information:

111008:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400

111010:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410

You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

ā€Ž08-08-2012 10:24 AM

The syslog number 111008 and 111010 will log the command that is entered by user.

111010 is for configuration changes.

Here is the syslog for your information:

111008:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400

111010:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410

You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.

0 Helpful

Go to solution
Timothy Chan
Level 1
Level 1
In response to Jennifer Halim

ā€Ž08-13-2012 10:22 AM

Thanks, here's what I did,

logging list notif-cfg-changes message 111008-111010

logging list notif-cfg-changes level errors

logging trap notif-cfg-changes

I think this means send those specific messages even though they are a higher numbered level (5) than the 'error' level 3.  Then send level 3 messages.

My syslog server gets the 111008 messages.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1064820

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card