1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Firewall
  5. Firepower 4110
  6. Preparative procedures & operational user manual

Auditable Events - Cisco Firepower 4110 Preparative Procedures & Operational User Manual

Firepower 4100 series; firepower 9000 series
Hide thumbs Also See for Firepower 4110:
Table of Contents

Advertisement

Cisco Preparative Procedures & Operational User Guide

4.2 Auditable Events

The appliances that are part of the Cisco FP 4100 and 9300 System generate an audit record for each user
interaction with the web interface, and also record system status messages in the system log. For the CLI,
the appliance also generates an audit record for every action executed.
Each appliance generates an audit event for each user interaction with the web interface and CLI
command executed. Each event includes at least a timestamp, the user name of the user whose action
generated the event, a source IP, and text describing the event. The common fields are described in the
table below. The required auditable events are also provided in the table below.
Name
Creation Time
User
Session ID and ID
Action
Description
Affected Object (if any)
Trigger
Modified Properties (if any)
SFR
Auditable
Event
FAU_GEN.1
Startup and
shutdown
events
FCS_HTTPS_EXT.1 Failure to
establish an
HTTPS
session.
FCS_IPSEC_EXT.1
Failure to
2
Actual date and time are not shown.
© 2016 Cisco Systems, Inc. All rights reserved.
Description
The date and time of the audit event.
The type of user.
The session ID associated with the session.
The type of action.
More information about the audit event including user, component (if
applicable), event type (success or failure), etc. See table below for
examples.
The component that is affected.
The user role associated with the user.
The system properties that were changed by the event.
Actual Audited Event
2
%FPRM-6-AUDIT:
[USERNAME][USERNAME][modification][web_45842_A][1385040][sys/svc-
ext/syslog/client-secondary][adminState(Old:disabled, New:enabled)][] Syslog
Remote Destination IP_ADDRESS modified
%FPRM-6-AUDIT:
[USERNAME][USERNAME][modification][web_42962_A][1383935][sys/svc-
ext/syslog/client-primary][adminState(Old:enabled, New:disabled)][] Syslog
Remote Destination IP_ADDRESS modified
See FCS_TLSS_EXT.1.
%AUTHPRIV-6-SYSTEM_MSG: 05[IKE] IKE_SA test2[3] established
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Firepower 4110

Related Content for Cisco Firepower 4110

This manual is also suitable for:

Firepower 4140Firepower 4120Firepower 9300

Table of Contents