Activity log/audit trail log on asa

my customer is asking how to have an audit trail log and activity log on there ASA.
I need help please.
Thanks

Use a AAA server such as Cisco ACS (http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html)
Hope that helps.

Similar Messages

  • Error during netlist generation and log audit trail error

    I am not able to run the simulation application on my Multisim 10.  The two following error were generated every time I try to run the simultion:
    Error: log /Audit Trail, C: \document~1\xxx: Permission denied
    Error during netlist generation, C:\document~1\xxx: Permision denied
    Can any body help me fix this problem that make it impossible for me to use the Multisim10 simualtion tool?

    There are two KBs I would like for you to see, since they might have the answer to the problem you are having:
    1. This KB is related to having access to the TEMP directories where Multisim stores temp files for simulation:
    http://digital.ni.com/public.nsf/allkb/15526EB2464F3EDD8625722C00696BB0
    2. This other KB deals with non-Administrator users of Windows, it talks about v9 but the idea is the same for v10, just look for the v10 installation paths:
    http://digital.ni.com/public.nsf/allkb/0DF597C217A235BE862571FB004F24BD
    Nestor
    National Instruments

  • Audit Trail Log for Sharepoint Foundation 2010

    Hi all,
    Does SharePoint Foundation 2010 have the ability to Audit user actions including opening documents, editing permsions, etc ?
    What is the different with audit trail for Sharepoint 2010 and WSS 3.0?
    Thank you
    Rgds,

    I agree with Kamil Jurik. There is no auditing feature in SharePoint Foundation edition. The auditing feature is a SharePoint Enterprise feature. But yes there are free utilities on the web, like on codeplex and other. And if you are good in coding then
    you may develop your own custom solution as given in a tech article:
    http://msdn.microsoft.com/en-us/magazine/cc794261.aspx
    Thanks & Best Regards,
    Zakir Chougle || SharePoint Developer
    Please click "Propose
    As Answer" if a post solves your problem, or "Vote
    As Helpful" if a post has been useful to you

  • Location or file name for Audit Trail Logs in Outlook

    Is it possible to trace down each activity on outlook by it's log file (not sure if it's even generated). For example: If I need to check if my outlook mailbox has been updated with the Exchange Server 6 months back. And if not what was the error message
    came at that point of time.
    I am pretty sure it can be checked through the log file where it keep the track of all the errors for some particular timeline but not sure if it is generated by outlook.
    Thank you.

    Hi ,
    1.If you wanted to know when an particular mailbox user has contacted an exchange server.You can use the below mentioned command to know the status.
    get-mailboxstatistics -identity "nithya" | ft displayname,*logon* -au
    2.In case if you wanted to track down the delegated and mailbox owner related activities for an individual mailbox , you can make use of mailbox audit logs.But by default it will not be enabled we need to enable the audit for the mailboxes manually. 
    3.In case if you wanted to track down the Exchange Admin related activities in exchange oraganisation,you can make use of Admin Audit logs.
    Please feel free to reply me if you have any queries.
    Thanks & Regards S.Nithyanandham

  • Using wliconsole's process instance monitoring and audit trail

    Hello,
    I have couple of questions about wliconsole's process monitoring capabilities to be able to use in real production environments.
    1. Is it possible to add some custom data to the Process Instance Summary table? For example, we would like to show the party that send the initial request, and some internal process type information.
    2. How can we achieve audit trail logging when we have several processes? For example, we have business processes that span over several wli-processes, and our process is split into several re-usable sub-processes. And the audit trail stops at the process boundaries. Finding the corresponding sub-processes is quite a challenge now.
    Thanks,
    Timo Lukumaa
    Reaktor Innovations www.ri.fi

    The WLI version we're about to use is 8.1 sp2.
    One question more:
    3. Is there somekind of metadata or resource directory in wliconsole or some place else?
    We're about use a SOA style architecture where re-usable business logic is modeled as web services.
    So we would like to have one place (a web page) where the available services could be seen and corresponding WSDLs and schemas downloaded.
    Or are we just looking at the wrong product? ;)
    Thanks,
    Timo

  • Turning audit trail off?

    Hi,
    is it possible to turn off audit trail logging, preferably on a per process basis?
    Thanks, Jeroen.
    PS We are using BPEL Server version 2.1.2 with the Eclipse plugin 2.2.

    Thanks, but I am not sure that dehydration is my issue here. Dehydration as I understand it, is storing the state of the process on the database while the process has not yet finished. My question is about keeping a record of the process AFTER it has finished.
    The context is a process we want to call very frequently and that we do not need to keep a record of. Currently, audit trails of finished instances will fill up the database rapidly. We have found a system-wide setting ("auditLevel Off") not to keep these instances around, but this will apply to all processes. What we want to achieve is to apply this to selected processes only (and not having to go repeatedly through a manual action to delete the instances).
    Alternatively, and second best but workable, would be a script that runs periodically and tells the server to delete selected instances.
    Thanks for any suggestions!
    Jeroen.

  • Audit Vault 12.1.1 error creating audit trail with TRANSACTION LOG

    Hi,
    i installed AV 12.1.1 , the DB target is with Data Guard.
    when i run the script oracle_user_setup with the mode REDO_COLL the final message is that was succesfull , but when i go to the AV console and try to create an audit trail with TRANSACTION LOG the AV console shows me an error and the log shows me this :
    [2013-10-16T03:37:18.593-05:00] [collfwk] [ERROR] [] [] [tid: 10] [ecid: 192.168.56.8:78800:1381912639433:0,0] RedoCollector : runSourceScript : Error while running script on source for REDO collector.
    [2013-10-16T03:37:19.528-05:00] [collfwk] [ERROR] [] [] [tid: 10] [ecid: 192.168.56.8:78800:1381912639433:0,0] OAV-8004: Failed to start collector {0}:{1}CollectionFactory : createCollection : Exception while creating collection. [[
    Failed to start collector {0}:{1}
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.runSourceScript(RedoCollector.java:816)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.sourceSetup(RedoCollector.java:579)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.setup(RedoCollector.java:454)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.startCollector(RedoCollector.java:216)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollectorManager.startTrail(RedoCollectorManager.java:199)
                    at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:504)
                    at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:354)
                    at oracle.av.platform.agent.StartTrailCommandHandler.processMessage(StartTrailCommandHandler.java:63)
                    at oracle.av.platform.agent.AgentController.processMessage(AgentController.java:325)
                    at oracle.av.platform.agent.AgentController$MessageListenerThread.run(AgentController.java:1859)
                    at java.lang.Thread.run(Thread.java:679)
    Nested Exception:
    java.sql.SQLSyntaxErrorException: ORA-01031: insufficient privileges
    ORA-06512: at line 1
                    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
                    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:396)
                    at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:879)
                    at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
                    at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
                    at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:531)
                    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:207)
                    at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1044)
                    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1329)
                    at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3584)
                    at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:3685)
                    at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:1376)
                    at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                    at java.lang.reflect.Method.invoke(Method.java:616)
                    at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
                    at oracle.ucp.jdbc.proxy.PreparedStatementProxyFactory.invoke(PreparedStatementProxyFactory.java:124)
                    at $Proxy2.execute(Unknown Source)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.runSourceScript(RedoCollector.java:747)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.sourceSetup(RedoCollector.java:579)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.setup(RedoCollector.java:454)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.startCollector(RedoCollector.java:216)
                    at oracle.av.platform.agent.collfwk.impl.redo.RedoCollectorManager.startTrail(RedoCollectorManager.java:199)
                    at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:504)
                    at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:354)
                    at oracle.av.platform.agent.StartTrailCommandHandler.processMessage(StartTrailCommandHandler.java:63)
                    at oracle.av.platform.agent.AgentController.processMessage(AgentController.java:325)
                    at oracle.av.platform.agent.AgentController$MessageListenerThread.run(AgentController.java:1859)
                    at java.lang.Thread.run(Thread.java:679)
    i don't understand why the issue because the user has the privileges given by the script and i tried with grant as sysdba but without any result
    i don't understand what are the privileges that the collector needs.
    any idea?
    thnks for any help

    Hi
    Just run the script $AV_AGENT/av/plugins/com.oracle.av.plugin.oracle/config/oracle_user_setup.sql  USER_NAME REDO_COLL
    This will grant the user some privileges and roles like DBA and CREATE Database Link
    I hope this answer your question
    Thanks
    Ahmed Moustafa

  • OAV-9016 - Audit Vault 12.1.1 error creating audit trail with TRANSACTION LOG

    Hey guys,
    I bumped into this problem when trying to start an audit trail with TRANSACTION LOG.
    Oracle Audit Vault and Database Firewall 12.1.1.1
    Oracle 11gR2 RAC two nodes, OEL x64.
    Connection String:
    jdbc:oracle:thin:@//192.168.1.139:1521/orcl
    I have already ran the sql setup for a REDO_COLL user.
    Any ideas?
    I have created secure target for each node.
    (host01)(oracle@orcl1):log> pwd
    /u01/app/oracle/agent/av/log
    (host01)(oracle@orcl1):log> cat av.collfwk-8311-0.log
    [2013-12-12T17:16:49.855-02:00] [collfwk] [ERROR] [] [] [tid: 22] [ecid: 192.168.1.109:27132:1386867392018:0,0] OAV-9016: Target database global_name is not correct. global_name must include the domain for transaction log collection. Please configure the target database with the correct global_name.CollectionFactory : createCollection : Exception while creating collection. [[
    Target database global_name is not correct. global_name must include the domain for transaction log collection. Please configure the target database with the correct global_name.
            at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.checkDBName(RedoCollector.java:1480)
            at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.verifySource(RedoCollector.java:1278)
            at oracle.av.platform.agent.collfwk.impl.redo.RedoCollector.startCollector(RedoCollector.java:215)
            at oracle.av.platform.agent.collfwk.impl.redo.RedoCollectorManager.startTrail(RedoCollectorManager.java:199)
            at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:504)
            at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:354)
            at oracle.av.platform.agent.StartTrailCommandHandler.processMessage(StartTrailCommandHandler.java:63)
            at oracle.av.platform.agent.AgentController.processMessage(AgentController.java:325)
            at oracle.av.platform.agent.AgentController$MessageListenerThread.run(AgentController.java:1859)
            at java.lang.Thread.run(Thread.java:722)
    (host01)(grid@+ASM1):~> lsnrctl status
    LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 12-DEC-2013 17:27:34
    Copyright (c) 1991, 2011, Oracle.  All rights reserved.
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))
    STATUS of the LISTENER
    Alias                     LISTENER
    Version                   TNSLSNR for Linux: Version 11.2.0.3.0 - Production
    Start Date                12-DEC-2013 16:58:03
    Uptime                    0 days 0 hr. 29 min. 31 sec
    Trace Level               off
    Security                  ON: Local OS Authentication
    SNMP                      OFF
    Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
    Listener Log File         /u01/app/grid/diag/tnslsnr/host01/listener/alert/log.xml
    Listening Endpoints Summary...
      (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
      (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.109)(PORT=1521)))
      (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.139)(PORT=1521)))
    Services Summary...
    Service "+ASM" has 1 instance(s).
      Instance "+ASM1", status READY, has 1 handler(s) for this service...
    Service "orcl" has 1 instance(s).
      Instance "orcl1", status READY, has 1 handler(s) for this service...
    Service "orclXDB" has 1 instance(s).
      Instance "orcl1", status READY, has 1 handler(s) for this service...
    The command completed successfully
    (host01)(grid@+ASM1):~>
    (host01)(grid@+ASM1):~> cat /u01/app/11.2.0/grid/network/admin/listener.ora
    LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER))))            # line added by Agent
    LISTENER_SCAN3=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN3))))                # line added by Agent
    LISTENER_SCAN2=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN2))))                # line added by Agent
    LISTENER_SCAN1=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1))))                # line added by Agent
    ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN1=ON                # line added by Agent
    ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN2=ON                # line added by Agent
    ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN3=ON                # line added by Agent
    ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent
    (host01)(grid@+ASM1):~>

    Hi
    Just run the script $AV_AGENT/av/plugins/com.oracle.av.plugin.oracle/config/oracle_user_setup.sql  USER_NAME REDO_COLL
    This will grant the user some privileges and roles like DBA and CREATE Database Link
    I hope this answer your question
    Thanks
    Ahmed Moustafa

  • Regarding different logging levels in audit trail

    Hi everyone,
    where to find various logging levels (like 1-10) of audit trail in oracle...if so how to set that logging levels....reply please

    Auditing can be set with below option in oracle.
    AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }
    http://docs.oracle.com/cd/B19306_01/server.102/b14237/initparams016.htm

  • Logging SID to Operating System Auditing Trail

    Greetings,
    In Oracle 10 and 11, is there a way to include the SID in the information that gets logged to the operating system audit trail?
    Thanks,
    Myles

    user13431282 wrote:
    Greetings,
    In Oracle 10 and 11, is there a way to include the SID in the information that gets logged to the operating system audit trail?
    SID as in ORACLE_SID or V$SESSION.SID?

  • How to delete logs in audit trail

    is it possible to delete entries on the audit trail? Let say for example, i want to delete all the entries for the year 2008, what will be the steps/transactions to use?
    thanks in advance for your help.
    regards,
    markee

    Hello Markee,
    I got your point,
    ask your developer to program a small report which would delete content of these tables based on your selection.
    Selection could be time interval based on creation date.
    For example:
    select options: so_date type /SAPSLL/SPLAUD-CRSTP.
    DELETE from /SAPSLL/SPLAUD
    WHERE CRSTP in so_date
    (so_date for example 01.01.2000 - 01.01.2005)
    I am not the best developer but i believe this can be done in 5 minutes.
    Hope this helps,
    Best regards,
    Gabriel.

  • Account locked out events are not getting in active directory security event logs

    Account locked out events are not getting in active directory security event logs for some users. I can see that the user is locked and when i tried to find out the event in sec log at DC but couldnt able to find. It is only happening for some users.
    not for the all users.

    In addition.
    Check the ADDS Audit.
    Active Directory Services Audit - Document references
    Regards~Biswajit
    Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
    MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
    MY BLOG
    Domain Controllers inventory-Quest Powershell
    Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
    Generate a Report for installed Hotfix for Bulk Servers

  • After the IOS7 update, i can no longer use my imessage and facetime. It says "waiting for activation" and tried to log in on my apple id but it turned out to connection error. Please help me guys! Thank you.

    After the IOS7 update, i can no longer use my imessage and facetime. It says "waiting for activation" and tried to log in on my apple id but it turned out to connection error. Please help me guys! Thank you.

    Have you tried to reboot your phone(hold home and lock button simutainiously)?

  • Need detailed info about Active,New and Change log table in BI 7.0

    Dear Experts,
    I am new to this technology. Can you any one explain in very detail about ACTIVE, NEW and CHANGE LOG tables workflows.
    And also i am requesting you all to give tips to how to study BI 7.0
    Regards,
    Ameer.N

    For your first problem solution is this note: 936644
    You might have not mapped the filed in your tarnsfer/update rules?

  • Issue: admin activity is not fully logged to syslog

    Hello!
    cisco 7606, IOS 12.2(33r)SRC3
    For exalmple, while activating ipv6 bgp session, when entering command:
    #neighbour 2001:7F8:S:FF::109 password PASSWD
    Syslog gets such an entry:
    Wed Oct 10 14:20:00 2011 router1  admin  syslogserv stop        cmd=neighbor password *****
    I wonder, why neighbor's IPV6 address is not present in the entry. It makes some difficulties in account activity monitoring.
    #sh run
    <cut>
    logging buffered 2000000
    logging console errors
    logging monitor errors
    aaa authentication username-prompt "login: "
    aaa authentication login default group tacacs+ line enable
    aaa authentication login CONSOLE line none
    aaa authorization exec default local group tacacs+ if-authenticated
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting system default start-stop group tacacs+
    aaa session-id common
    logging event link-status default
    <cut>
    WBR, Alex.

    Hi Lawrence ,
    Yes, I have the answers for your questions, please find the same below.
    1 ) No , I haven't got any 'weblogic.application.ModuleException' at the server or stdout log.
    2 ) While trying to telnet from my window maching, It is not connected to my server.
    C:\Documents and Settings\Administrator>telnet 20.10.5.2 7001
    Connecting To 20.10.5.2...Could not open connection to the host, on port 7001: Connect failed
    C:\Documents and Settings\Administrator>
    3 ) Yes, I have flushed the cache , tmp folder by taken backup of the domain folder and then restarted the weblogic - but no luck , Still not able to accessible.
    Hope , Second question & answer will be the cause for the issue ( But not sure Why it was accessing from the same windows machine earlier ? ).
    Please suggest... Thanks!

Maybe you are looking for