Tracking changes to CISCO ASA 5510

is there a way to find out a few recents changes a specific user did on a 5510 asa firewall ? i had a user do some changes now and i really wanted to be able to track his last commands or the changes he did to the running config.
ifredAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lruiz52Commented:

You could purchase change management software

You could also configure logging " logging trap debug", configure AAA Authentication and create individual user accounts,  this setup should track the users' actions and command activity and writte into your log file.
0
lruiz52Commented:
Take a look at DeviceExpert from ManageEngine the license fee is $795 for 10 devices.

http://www.manageengine.com/products/device-expert/configuration-management.html

0
ifredAuthor Commented:
Was looking for some
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

ifredAuthor Commented:
Was looking for something to track a user thr was just in my firewall now. He claims he did not do something and I know he did just thought there was a way to track that.
0
lruiz52Commented:
Create individual account, enable AAAauthentication, enable logging, maybe also set up a syslog server. This should track access and commands. Setup regular backups of config and compare.
0
mat1458Commented:
With AAA accounting (TACACS, TACACS+) you can log any command that any user has been performing on your box. There is commercial software as Cisco ACS and free TACACS servers on sourceforge.

HTH
mat
0
lrmooreCommented:
At noted above, there are several things you can do to get this information - in the future.
Unfortunately, what has already been done was most likely not tracked. Check the log buffer if that is even set up. That is the only place you can find anything at this point.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ernie BeekExpertCommented:
Agree with Irmoore. If nothing was set up before, the only thing you can see is that changes where made (when you're lucky). Log buffers and stuff are cleared after a reload. So if nothing was set up (i.e. external logging) it's easy to erase your tracks when changes are made :-~
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.