How to Get Policy Changes from Syslogs


Article ID: 184817


Updated On:


Management Center


Want to be notified when policy changes are made in Management Center


By default the syslogs does not provide when policy has been modified in Management Center and the syslog setting need to be increase through CLI.

  • # configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    (config)# event-log
    (config-event-log)# level 6
    Event log level set to 6 (info).

Be aware that this will cause additional CPU and HHD usage on the Management Center device.

After the Event-log level has been increase Management Center will populate the Syslogs with records that contain "operation=policy.content_revision"

  • Example: 
    • Dec 19 19:41:38 bccm_2_2-6-x86_64.localdomain Data Change Event [uuid=23F14DDF-47A0-49F8-92A6-3536C1F3A75B, partition=null, createdOn=12/19/19 19:41:38, createdBy=admin, operation=policy.content_revision, target=36688B3F-60B7-484D-9261-D5E0571B1E30, type=PolicyImpl, reference1=Deny rule, reference2=1.2, reference3=1.1, reference4=Test to see what is in the event log., reference5=null]
      • createdOn - Date and Time of the change
      • createdBy - Username of who made the change
      • target - UUID of the policy changed.
      • reference1 - policy name
      • reference2 - policy version created
      • reference3 - old policy version 
      • reference4 - Description of changes made by user

To view changes made use the comparison tool in Management Center: