Ok so I did some looking through logs. Found some interesting stuff.
- Solarwinds does not appear to be writing to memory:
- I see this: User 'solarwinds', running 'CLI' from IP <ip>, executed 'copy running-config tftp://<ip>/fezg0oqupmi.config'
- So unless that command "writes" the config (like the other tftp thing you mentioned) then i don't see an actual write command being posted.
- So long story short I still don't know why it's commenting in the logs "written by solarwinds" etc.
- Every 30 seconds (on the dot) my ASDM Console adds a syslog entry "Begin Configuration: <ip> reading from http [POST]". Seems to be a heartbeat check of some kind.
- This only happens while ASDM is running - which is only when we're in the firewall making changes.
- This actually triggers my RTCD because the rule matches.
- Is there a better way to set the rule for grabbing actual ASA changes?