<div>
You can do this with GFI EventsManager<br />
<br />
<a href="http://www.gfi.com/eventsmanager" rel="ugc">http://www.gfi.com/eventsmanager</a><br />

</div>


<div>
Thanks very much Dstewartjr,<br />
<br />
I want to know if it is possible for PIX and ASA to log firewall administration activities including configuration, firewall policy and firewall rule changes without using any other tool.<br />
<br />
<br />
<br />
<br />

</div>


<div>
This may be what you need<br />
<br />
<br />
<a href="https://www.experts-exchange.com/questions/22066465/Log-Analyzer-for-Cisco-PIX-ASA.html" rel="ugc">https://www.experts-exchange.com/questions/22066465/Log-Analyzer-for-Cisco-PIX-ASA.html</a><br />

</div>


<div>
<br />
Thanks so much dstewartjr and Voltz-dk. <br />
<br />
Does that mean if I had these stuff (see below) on PIX configuration file, the Syslogs would log the all activities that happened on FW including administrator changing FW rules? <br />
<br />
aaa-server TACACS+ protocol tacacs+ <br />
aaa-server RADIUS protocol radius <br />
aaa-server RADIUS (inside) host X.X.X.X $ABC timeout 5<br />
aaa-server LOCAL protocol local <br />
aaa authentication telnet console RADIUS<br />
aaa authentication ssh console RADIUS <br />
<br />
logging on<br />
logging timestamp<br />
logging standby<br />
logging trap informational<br />
logging host inside X.X.X.X<br />
logging host Management Y.Y.Y.Y<br />
logging message 106015 level debugging<br />
logging message 305012 level debugging<br />
logging message 305011 level debugging<br />
logging message 305010 level debugging<br />
logging message 305009 level debugging<br />
logging message 302015 level debugging<br />
logging message 302014 level debugging<br />
logging message 302013 level debugging<br />
logging message 304001 level debugging<br />
logging message 609002 level debugging<br />
logging message 609001 level debugging<br />
logging message 302016 level debugging<br />
<br />

</div>


<div>
You mean in my way, I can't send debugging messages or both informational and debugging? &nbsp; and how to relable them as informational?<br />
If I don't have aaa-server, Can I log administrator's actions, such as change FW rules?<br />
&nbsp;<br />

</div>


<div>
Thanks so much, Decoleur and Voltz-dk, I got it.
</div>


<div>
<div class="content wysiwyg-content">
How to log network administrator's actions, such as change FW rules, On PIX525 and ASA5520?
</div>
</div>


How to log network administrator's actions, such as change FW rules, On PIX525 and ASA5520?

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).