Manage Change Logs in CDO

A Change Log captures the configuration changes made in CDO, providing a single view that includes changes in all the supported devices and services. These are some of the features of the change log:

  • Provides a side-by-side comparison of changes made to device configuration.

  • Provides labels for all change log entries.

  • Records onboarding and removal of devices.

  • Detects policy change conflicts occurring outside CDO.

  • Provides answers about who, what, and when during an incident investigation or troubleshooting.

  • Enables downloading of the complete change log, or only a portion of it, as a CSV file.

Manage Change Log Capacity

CDO retains the change log information for one year and deletes data older than a year.

There is a difference between the change log information stored in CDO's database and what you see in an exported change log. See Export the Change Log for more information.

Change Log Entries

A change log entry reflects the changes to a single device configuration, an action performed on a device, or the change made to a device outside CDO:

  • For change log entries that contain configuration changes, you can view details about the change by clicking anywhere in the corresponding row.

  • For out-of-band changes made outside CDO and are detected as conflicts, the System User is reported as the Last User.

  • CDO closes a change log entry after a device's configuration on CDO is synced with the configuration on the device, or when a device is removed from CDO. Configurations are considered to be in sync after they read the configuration from the device to CDO or after deploying the configuration from CDO to the device.

  • CDO creates a new change log entry immediately after completing an existing entry, irrespective of whether the change was a success or failure. Additional configuration changes are added to the new change log entry that opens.

  • Events are displayed for read, deploy, and delete actions for a device. These actions close a device's change log.

  • A change log is closed after CDO is in sync with the configuration on the device (either by reading or deploying), or when CDO no longer manages the device.

  • If a change is made to the device outside of CDO, a Conflict detected entry is included in the change log.

Pending and Completed Change Log Entries

Change logs have a status of either Pending or Completed. As you make changes to a device's configuration using CDO, these changes are recorded in a Pending change log entry. The following activities complete a Pending change log, and after this a new change log is created for recording future changes.

  • Reading a configuration from a device to CDO

  • Deploying changes from CDO to a device

  • Deleting a device from CDO

  • Running a CLI command that updates the running configuration file

The following image is a Pending change log entry in an ASA. This is denoted by the open circle next to the timestamp.

Search and Filter Change Log Entries

You can search and filter change log entries. Use the search field to find events. Use the filter () to find the entries that meet the criteria you specify. You can also combine the two tasks by filtering the change log and adding a keyword to the search field to find an entry within the filtered results.