Announcement

Collapse
No announcement yet.

How to log command history type into the console?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to log command history type into the console?

    Good morning.
    For auditing purposes, we need to log which commands where type into the ASA console, with user and time.
    Could you tell me which is the command? I can't find it... it has change from "Archive".
    This will also log the commands introduced via the graphic interphase, right? After all, it's just a front end that sends commands to the cisco router.

    Thanks.

  • #2
    Re: How to log command history type into the console?

    Bump, anyone?

    Comment


    • #3
      Re: How to log command history type into the console?

      Complete guess but logging-class and then maybe
      auth—User authentication.
      config—Command interface.

      Didn't even know of the archive command - not that I can find it?

      http://www.cisco.com/en/US/docs/secu...html#wp1749568
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: How to log command history type into the console?

        Thanks for the response, Andy, but it's not working.
        I even tried using logging trap debugging, to send EVERYTHING to our syslog, and nothing... all I see is this level of logs, no other type of "User 'X' executed cmd:" messeges.:

        201115721 10.3.1.1 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show version
        201115735 10.3.1.1 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show running-config aaa authorization
        201115683 10.3.1.1 local7 15:17:20 Nov %ASA-7-111009: User 'X' executed cmd: show module 1 details
        200968772 10.3.1.1 local7 09:34:14 Nov %ASA-7-111009: User 'X' executed cmd: show version

        I can't see any other commands typed, it's very weird. I also tried with logging buffered debugging, sending the messeges to an FTP server and it's the same.
        I can't see any more messeges than these.
        Anyone has any more ideas?

        Comment


        • #5
          Re: How to log command history type into the console?

          Hey, I just saw something on the net.
          Those commands that were logged are READ ONLY commands, that why they are logged only on debugging level.
          On notification (level 5), you get this kind of messeges.

          %ASA-5-111008: User 'X' executed the 'dir disk0:/dap.xml' command.

          On this, I don't get the messeges I should get about creating new access rule.
          Anyone knows if these should be logged with the number 111008 also or is it another syslog number?

          Thanks!

          Comment

          Working...
          X