Manage Change Logs in CDO

The Change Log captures configuration changes made in CDO, providing a single view that includes changes in all supported devices and services. These are some of the features of the change log:

  • Side-by-side comparison of changes made to device configuration.

  • Plain-English labels for all change log entries.

  • Records on-boarding and removal of devices.

  • Detection of policy change conflicts occurring outside of CDO.

  • Answers who, what, and when during an incident investigation or troubleshooting.

  • The full change log, or only a portion, can be downloaded as a CSV file.

Manage Change Log Capacity

CDO retains the change log information for one year and deletes data older than a year.

There is a difference between the change log information stored in CDO's database and what you see in an exported change log. See Export the Change Log for more information.

Change Log Entries

A change log entry reflects changes to a single device configuration, an action performed on a device, or if a change was made to the device outside of CDO.

  • For change log entries that contain a change to configuration, you can expand the change by clicking anywhere in the row.

  • For out-of-band changes made outside of CDO that are detected as a conflict, System User is reported as the Last User.

  • CDO closes a change log entry after the device's configuration on CDO is synced with the configuration on the device or when a device is removed from CDO. Configurations are in sync after "reading" the configuration from the device to CDO or by deploying the configuration from CDO to the device.

  • CDO creates a new change log entry immediately after closing an existing entry. Additional configuration changes are added to the open change log entry.

  • Events are displayed for read, deploy, and delete actions against a device. These actions close a device's change log.

  • A change log is closed once CDO is in sync with the configuration on the device (either by reading or deploying), or when CDO no longer manages the device.

  • If a change is made to the device outside of CDO, a "conflict detected" entry is written to the change log.

Pending and Completed Change Log Entries

Change logs have a status of either pendingor completed. As you make changes to a device's configuration using CDO, those changes are recorded in an pending change log entry. Reading a configuration from a device to CDO, deploying changes from CDO to a device, deleting a device from CDO completes, or running a CLI command that updates the running configuration file completes the pending change log and creates a new one for future changes.

The following image is of an pending change log entry in an ASA. Note the open circle next to the timestamp at left.

Search and Filter Change Log Entries

You can search and filter Change log entries. Use the search bar to find events that match your keywords. Use the filter to find the entries that meet all the criteria you specify. You can also combine the operations by filtering the change log and adding a keyword to the search field to find an entry within the filtered results.