Skip to main content



Cisco Defense Orchestrator

Change Log Entries after Reading from an ASA

When Defense Orchestrator detects a change on an ASA it manages, it opens a change log entry and records the time the configuration conflict was detected. This is the kind of change log entry you could see when Defense Orchestrator detects a conflict:


After you read the configuration from the ASA to Defense Orchestrator, that change is added to the change log entry and the entry is completed.


This entry shows the Conflict Detected change and the deletion of a rule that prevents addresses in the engineering network from reaching the HR_network. The change log entry also shows a change with the message "Successfully imported out-of-band changes." If the admin had chosen to reject the out-of-band change, the change log would have displayed the message "Successfully rejected out-of-band changes on the device" along with what was rejected. Out-of-band changes refers to the changes made to the ASA device directly and not using Defense Orchestrator.