Solved

Need to be able to see who logged in, when and what changes they made on Cisco Routers, Switches and FWs (ASA).

Posted on 2014-10-27
6
175 Views
Last Modified: 2014-10-27
Need to be able to see who logged in, when and what changes they made on Cisco Routers and Switches. I need to keep this information for a long period of time. Is there a way of doing this?

Thank you,
0
Comment
Question by:dsterling
  • 3
  • 2
6 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 40406793
Cisco Network Assistant is a free app that contains a Security Wizard:
Have you installed that?  Take a look at that to see if it does what you want.
Cisco Network Assistant
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40406841
Sounds like what you're looking for is AAA (Authorization, Authentication & Accounting).

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfaaa.html
0
 

Author Comment

by:dsterling
ID: 40406991
This doesn't let me see what changes they may of made for example: A Network Admin logs into a Cisco router and changes an ACL incorrectly, the Network admin goes on vacation or leaves the company. I need to see who made the change and what is was so it can be quickly fixed. Also we have to keep close track of authorized and unauthorized changes to the network.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40407129
This doesn't let me see what changes they may of made
I don't know who this was directed at...

But with AAA and regular configuration backups, it's pretty easy to see who changed the config and what was changed.  You can also use Configuration Change Notification and Logging.
0
 

Author Comment

by:dsterling
ID: 40407190
Couldn't this be viewed in the Cisco ACS server device also?
0
 

Author Closing Comment

by:dsterling
ID: 40407237
What I was looking for, great answer.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now