howruaz9
asked on
How to log network administrator's actions, such as change FW rules, On PIX525 and ASA5520?
How to log network administrator's actions, such as change FW rules, On PIX525 and ASA5520?
ASKER
Thanks very much Dstewartjr,
I want to know if it is possible for PIX and ASA to log firewall administration activities including configuration, firewall policy and firewall rule changes without using any other tool.
I want to know if it is possible for PIX and ASA to log firewall administration activities including configuration, firewall policy and firewall rule changes without using any other tool.
This may be what you need
https://www.experts-exchange.com/questions/22066465/Log-Analyzer-for-Cisco-PIX-ASA.html
https://www.experts-exchange.com/questions/22066465/Log-Analyzer-for-Cisco-PIX-ASA.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks so much dstewartjr and Voltz-dk.
Does that mean if I had these stuff (see below) on PIX configuration file, the Syslogs would log the all activities that happened on FW including administrator changing FW rules?
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host X.X.X.X $ABC timeout 5
aaa-server LOCAL protocol local
aaa authentication telnet console RADIUS
aaa authentication ssh console RADIUS
logging on
logging timestamp
logging standby
logging trap informational
logging host inside X.X.X.X
logging host Management Y.Y.Y.Y
logging message 106015 level debugging
logging message 305012 level debugging
logging message 305011 level debugging
logging message 305010 level debugging
logging message 305009 level debugging
logging message 302015 level debugging
logging message 302014 level debugging
logging message 302013 level debugging
logging message 304001 level debugging
logging message 609002 level debugging
logging message 609001 level debugging
logging message 302016 level debugging
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You mean in my way, I can't send debugging messages or both informational and debugging? and how to relable them as informational?
If I don't have aaa-server, Can I log administrator's actions, such as change FW rules?
If I don't have aaa-server, Can I log administrator's actions, such as change FW rules?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks so much, Decoleur and Voltz-dk, I got it.
http://www.gfi.com/eventsmanager