Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA send syslog messages for configuration changes

On a router you can send configuration changes to the syslog server by doing,

conf t

archive

log config

logging enable

notify syslog

Then the router will send something like,

.Aug  3 13:12:00.776 PACIFIC: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin  logged command:no interface Loopback76

if I had typed at the command line, "no int lo76"

How do you do this on the ASA?

Goal:  I want to know when anybody does any kind of config on my ASA.

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

ASA send syslog messages for configuration changes

The syslog number 111008 and 111010 will log the command that is entered by user.

111010 is for configuration changes.

Here is the syslog for your information:

111008:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400

111010:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410

You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.

2 REPLIES
Super Bronze

ASA send syslog messages for configuration changes

The syslog number 111008 and 111010 will log the command that is entered by user.

111010 is for configuration changes.

Here is the syslog for your information:

111008:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400

111010:

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410

You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.

New Member

Re: ASA send syslog messages for configuration changes

Thanks, here's what I did,

logging list notif-cfg-changes message 111008-111010

logging list notif-cfg-changes level errors

logging trap notif-cfg-changes

I think this means send those specific messages even though they are a higher numbered level (5) than the 'error' level 3.  Then send level 3 messages.

My syslog server gets the 111008 messages.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1064820

16720
Views
0
Helpful
2
Replies