Announcement

Collapse
No announcement yet.

How to log command history type into the console?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • starriol
    started a topic How to log command history type into the console?

    How to log command history type into the console?

    Good morning.
    For auditing purposes, we need to log which commands where type into the ASA console, with user and time.
    Could you tell me which is the command? I can't find it... it has change from "Archive".
    This will also log the commands introduced via the graphic interphase, right? After all, it's just a front end that sends commands to the cisco router.

    Thanks.

  • starriol
    replied
    Re: How to log command history type into the console?

    Hey, I just saw something on the net.
    Those commands that were logged are READ ONLY commands, that why they are logged only on debugging level.
    On notification (level 5), you get this kind of messeges.

    %ASA-5-111008: User 'X' executed the 'dir disk0:/dap.xml' command.

    On this, I don't get the messeges I should get about creating new access rule.
    Anyone knows if these should be logged with the number 111008 also or is it another syslog number?

    Thanks!

    Leave a comment:


  • starriol
    replied
    Re: How to log command history type into the console?

    Thanks for the response, Andy, but it's not working.
    I even tried using logging trap debugging, to send EVERYTHING to our syslog, and nothing... all I see is this level of logs, no other type of "User 'X' executed cmd:" messeges.:

    201115721 10.3.1.1 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show version
    201115735 10.3.1.1 local7 15:17:28 Nov %ASA-7-111009: User 'X' executed cmd: show running-config aaa authorization
    201115683 10.3.1.1 local7 15:17:20 Nov %ASA-7-111009: User 'X' executed cmd: show module 1 details
    200968772 10.3.1.1 local7 09:34:14 Nov %ASA-7-111009: User 'X' executed cmd: show version

    I can't see any other commands typed, it's very weird. I also tried with logging buffered debugging, sending the messeges to an FTP server and it's the same.
    I can't see any more messeges than these.
    Anyone has any more ideas?

    Leave a comment:


  • AndyJG247
    replied
    Re: How to log command history type into the console?

    Complete guess but logging-class and then maybe
    auth—User authentication.
    config—Command interface.

    Didn't even know of the archive command - not that I can find it?

    http://www.cisco.com/en/US/docs/secu...html#wp1749568

    Leave a comment:


  • starriol
    replied
    Re: How to log command history type into the console?

    Bump, anyone?

    Leave a comment:

Working...
X