I just found out that is cannot be done.

:-(

From where? I am about to open a TAC case with ACS group.

I have a friend with some years of work experience with PIX firewalls, I just asked him ...

Opening a TAC case would be a great idea. They may know more, like if in ver 7 we will have this feature.

Good luck and pls keep us updated :-)

Okay, I found out that there is no command accounting available...however, you can use Syslog to track who did what. Here is a link to "Authentication & Command Authorization for PIX 6.2". Go to the Accounting section.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800949d6.shtml#accounting

This was given to me by a TAC engineer. Also, one of my CCIE friends verified that the PIX cannot do accounting on CLI commands...only on user services being passed through the PIX. Hope this helps!!

indeed it helps. i'll do syslog then.

thanks a lot and good luck.

C

Hi, I'm having the same problem. the link provide didn't gave me much info. currently I have logging nofication enable and everything is being sent to my syslog server - that's too much. I just want to log messages when someone make changes. I tried using the "no logging message (message-id) but it takes too long. Do you know if I can use the "logging messages" command and specify a range, i.e 11100-111111?

thanks!