How to Get Policy Changes from Syslogs
Article ID: 184817
Updated On:
Products
Management Center
Issue/Introduction
Want to be notified when policy changes are made in Management Center
Resolution
By default the syslogs does not provide when policy has been modified in Management Center and the syslog setting need to be increase through CLI.
- # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
(config)# event-log
(config-event-log)# level 6
Event log level set to 6 (info).
Be aware that this will cause additional CPU and HHD usage on the Management Center device.
After the Event-log level has been increase Management Center will populate the Syslogs with records that contain "operation=policy.content_revision"
- Example:
- Dec 19 19:41:38 bccm_2_2-6-x86_64.localdomain com.bluecoat.cm.syslog.audit Data Change Event [uuid=23F14DDF-47A0-49F8-92A6-3536C1F3A75B, partition=null, createdOn=12/19/19 19:41:38, createdBy=admin, operation=policy.content_revision, target=36688B3F-60B7-484D-9261-D5E0571B1E30, type=PolicyImpl, reference1=Deny rule, reference2=1.2, reference3=1.1, reference4=Test to see what is in the event log., reference5=null]
- createdOn - Date and Time of the change
- createdBy - Username of who made the change
- target - UUID of the policy changed.
- reference1 - policy name
- reference2 - policy version created
- reference3 - old policy version
- reference4 - Description of changes made by user
- Dec 19 19:41:38 bccm_2_2-6-x86_64.localdomain com.bluecoat.cm.syslog.audit Data Change Event [uuid=23F14DDF-47A0-49F8-92A6-3536C1F3A75B, partition=null, createdOn=12/19/19 19:41:38, createdBy=admin, operation=policy.content_revision, target=36688B3F-60B7-484D-9261-D5E0571B1E30, type=PolicyImpl, reference1=Deny rule, reference2=1.2, reference3=1.1, reference4=Test to see what is in the event log., reference5=null]
To view changes made use the comparison tool in Management Center:
Feedback
Yes
No
Powered by
