Skip to main content

 

 

Cisco Defense Orchestrator

Change Log

About Change Logs

The change log continuously captures configuration changes as they are made in Cisco Defense Orchestrator (Defense Orchestrator). This single view includes changes across devices and services for ASA, ASA FirePOWER, and Umbrella. The benefits of the change log include:

  • Side-by-side comparison of changes made to a device's configuration
  • Plain-English labels for all change log entries.
  • Records onboarding and removal of devices.
  • Detection of policy change conflicts occurring outside of Defense Orchestrator.
  • Answers who, what, and when during an incident investigation or troubleshooting.
  • The full change log, or only a portion, can be downloaded as a CSV file by clicking the Export button.

Change Log Entries

A change log entry reflects changes to a single device configuration, an action performed on a device, or if a change was made to the device outside of Defense Orchestrator.

  • For change log entries that contain a change to configuration, you can expand the change by clicking anywhere in the row. 
  • Defense Orchestrator closes a change log entry after the device's configuration on the Defense Orchestrator is synced with the configuration on the device or when a device is removed from Defense Orchestrator. Configurations are in sync after "reading" the configuration from the device to the Defense Orchestrator or by "writing" the configuration from Defense Orchestrator to the device.
  • Defense Orchestrator creates a new change log entry immediately after closing an existing entry. Additional configuration changes are added to the open change log entry. 
  • Events are displayed for read, write, and delete actions against a device. These actions close the change log.
  • A changelog is closed once CDO is insync with the configuration on the device (either by reading or writing), or when CDO no longer manages the device
  • If a change is made to the device outside of Defense Orchestrator, a "conflict detected" entry is written to the change log. 

Active and Completed Change Log Entries

Change logs have a status of either active or completed. As you make changes to a device's configuration using Defense Orchestrator, those changes are recorded in an active change log entry. Reading a configuration from a device to Defense Orchestrator, writing changes from Defense Orchestrator to a device, or deleting a device from Defense Orchestrator completes (closes) the active change log and creates a new one for future changes.

The following image is of an active change log entry. Note the open circle next to the timestamp at left. 

changelog_asa_open.png

Finding Entries in the Change Log

Change log events are searchable and filterable. Use the search bar to find events that match your keywords. Use the filter filter_icon.png to find the entries that meet all the criteria you specify. You can also combine the operations by filtering the change log and adding a keyword to the search field to find an entry within the filtered results.

Related Topics
  • Was this article helpful?