Skip to main content



Cisco Defense Orchestrator

Change Log

The change log continuously captures application and network policy change events as they are performed in CDO. This single view includes changes across devices and services for ASA, FirePOWER, and Umbrella OpenDNS. The benefits of the change log include:

  • Before and after inline incremental view (diff) of a network and application policy change (new, edited, and deleted rule; on-boarded or deleted devices and services, and more).
  • Detection of policy change conflicts occurring outside of CDO, and overwriting to or from a device or service.
  • Answers who, what, and when during an incident investigation or troubleshooting.
  • The full change log can be downloaded as a CSV file by clicking the Export button.

Each change log describes the changes for a given device as they were performed within CDO. Reading a configuration from a device or writing policy changes to a device closes the active change log and create a new one for future changes.

A change log event reflects changes to device configurations, an action performed on a device, or if a conflict was detected.

  • For events that contain a change to configuration, the event row can be expanded by clicking anywhere in the row. A network change is displayed as a text based difference. Application changes to devices results in a tabular display of the change.
  • Events are displayed for read, write, and delete actions against a device. These actions close the change log.
  • If a conflict is detected while the change log is active, an event is written to the change log.

Change logs have a status of either Active or Completed. Active change logs contain the set of changes that have not yet been written to a device. Once writing changes to or reading from a device, the active change log is set to Completed. Note that the Last Description column header indicates the last change made to the device.

Change log events are searchable and filterable. Use the search bar to find events that match the desired criteria. The filter panel allows for filtering of event by device and type of change.

Note that existing devices with pending changes as of the release date will create a new change log for that device once the device is read or written.

Related Topics

Change request management allows you to associate a change request and its business justification, opened in a third-party ticketing system, with an event in the change log. 


  • Was this article helpful?