Cisco Cisco Firepower Management Center 4000

For more information on searching, including how to load and delete saved searches, see 

Admin

Select 

.

The Search page appears.

From the 

 drop-down list, select 

.

The Audit Log search page appears.

To search the database for a different kind of event, select it from the 

 drop-down list.

Optionally, if you want to save the search, enter a name for the search in the 

 field.

If you do not enter a name, one is created automatically when you save the search.

Enter your search criteria in the appropriate fields, as described in the 

table. 

If you enter multiple criteria, the search returns only the records that match all the criteria.

If you want to save the search so that other users can access it, clear the 

 check box. 

Otherwise, leave the check box selected to save the search as private.

If you want to use the search as a data restriction for a custom user role, you must save it as a private 
search.

You have the following options:

Click 

 to start the search.

Your search results appear in the default audit log workflow, constrained by the current time range. 
To use a different workflow, including a custom workflow, click 

. For information 

on specifying a different default workflow, see 

. 

Time

Specify the date and time the audit record was 
generated. See 

 for the syntax for entering 

time.

> 2006-01-15 13:30:00

 returns all audit 

records generated after January 15, 2006 at 1:30 
PM.

Source IP

Enter the IP address of the host that you want to 
view audit records for. 

You must type a specific IP address. 
You cannot use IP ranges when 
searching audit logs.

172.16.1.37

 returns all audit records generated 

by a user from the 172.16.1.37 IP address.

Configuration Change

Specify whether or not you want to view audit 
records of configuration changes.

yes

 returns audit records of configuration 

changes.