On a router you can send configuration changes to the syslog server by doing,
Then the router will send something like,
.Aug 3 13:12:00.776 PACIFIC: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:no interface Loopback76
if I had typed at the command line, "no int lo76"
How do you do this on the ASA?
Goal: I want to know when anybody does any kind of config on my ASA.
The syslog number 111008 and 111010 will log the command that is entered by user.
111010 is for configuration changes.
Here is the syslog for your information:
You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.