Cisco Preparative Procedures & Operational User Guide
© 2016 Cisco Systems, Inc. All rights reserved.
4.2 Auditable Events
The appliances that are part of the Cisco FP 4100 and 9300 System generate an audit record for each user
interaction with the web interface, and also record system status messages in the system log. For the CLI,
the appliance also generates an audit record for every action executed.
Each appliance generates an audit event for each user interaction with the web interface and CLI
command executed. Each event includes at least a timestamp, the user name of the user whose action
generated the event, a source IP, and text describing the event. The common fields are described in the
table below. The required auditable events are also provided in the table below.
The date and time of the audit event.
The session ID associated with the session.
More information about the audit event including user, component (if
applicable), event type (success or failure), etc. See table below for
examples.
The component that is affected.
The user role associated with the user.
Modified Properties (if any)
The system properties that were changed by the event.
Startup and
shutdown
events
2
%FPRM-6-AUDIT:
[USERNAME][USERNAME][modification][web_45842_A][1385040][sys/svc-
ext/syslog/client-secondary][adminState(Old:disabled, New:enabled)][] Syslog
Remote Destination IP_ADDRESS modified
%FPRM-6-AUDIT:
[USERNAME][USERNAME][modification][web_42962_A][1383935][sys/svc-
ext/syslog/client-primary][adminState(Old:enabled, New:disabled)][] Syslog
Remote Destination IP_ADDRESS modified
Failure to
establish an
HTTPS
session.
%AUTHPRIV-6-SYSTEM_MSG: 05[IKE] IKE_SA test2[3] established
Actual date and time are not shown.
To Next Page
Loading...
Need help?
General