Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA send syslog messages for configuration changes

On a router you can send configuration changes to the syslog server by doing,

conf t

archive

log config

logging enable

notify syslog

Then the router will send something like,

.Aug  3 13:12:00.776 PACIFIC: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin  logged command:no interface Loopback76

if I had typed at the command line, "no int lo76"

How do you do this on the ASA?

Goal:  I want to know when anybody does any kind of config on my ASA.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA send syslog messages for configuration changes

The syslog number 111008 and 111010 will log the command that is entered by user.

111010 is for configuration changes.

Here is the syslog for your information:

111008:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400

111010:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410

You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.

2 REPLIES
Cisco Employee

ASA send syslog messages for configuration changes

The syslog number 111008 and 111010 will log the command that is entered by user.

111010 is for configuration changes.

Here is the syslog for your information:

111008:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400

111010:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410

You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.

Community Member

Re: ASA send syslog messages for configuration changes

Thanks, here's what I did,

logging list notif-cfg-changes message 111008-111010

logging list notif-cfg-changes level errors

logging trap notif-cfg-changes

I think this means send those specific messages even though they are a higher numbered level (5) than the 'error' level 3.  Then send level 3 messages.

My syslog server gets the 111008 messages.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1064820

18403
Views
0
Helpful
2
Replies
CreatePlease to create content