Skip to main content

 

 

Cisco Defense Orchestrator

Change Log Entries after Writing to an ASA

Here is an explanation of a change log entry. The green circle with a checkmark at the top left of the entry indicates that the change log is complete. The change log displays entries from newest to oldest and sorts changes within the entries newest to oldest.

Clicking the blue Diff link in the change log entry row displays a side by side comparison of the changes in the context of the running configuration file. 

See the explanations of the different changes below.

change_log_asa_write_callout.png

 

Number in illustration Explanation

1

This is the change that admin@example.com made at 10:03:59 AM on September 11, 2018.

  1. The "HR_network" object was added.
  2. The initial network address (10.10.11.0) and subnet mask (255.255.255.0) were added to the HR_network object.
  3. A rule was added to the "engineering_access" network policy denying addresses in the "engineering" network from reaching the "HR_network"
2 The checksum of the running configuration file was recalculated by the ASA and changed. The old value was removed and the new value was added

The ASA moves the object to a different location in the running configuration file than where Defense Orchestrator placed it.

Note: You don't always see this kind of an entry.

4 The record of the last time the running configuration file was updated. The old timestamp is removed and the new timestamp is added. This change was made by the ASA.
5 These are the commands sent by Defense Orchestrator to the ASA to make the configuration changes. 
  • Was this article helpful?