https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036813#M1067077 <P>Query the connection events in FMC (or FDM) is one way.</P> <P>Another is to watch firewall-engine debug from the cli while the client attempts to establish the connection.</P> <P>A third is to run packet-tracer.</P> <P>A fourth is to do packet-capture.</P> Thu, 27 Feb 2020 11:36:24 GMT Marvin Rhoads 2020-02-27T11:36:24Z https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036747#M1067062 <P>Hi all</P><P>&nbsp;</P><P>I am just wondering what other guys are doing, working with Firepower, when they quickly want to log a blocked request from a client? Similar to the ASDM logging windows we have with the ASA firewalls, there where we can simply add the IP address we want to log into the search field and then getting the blocked event (for example because a port is not correct or any other reason). Done within 30 seconds.</P><P>&nbsp;</P><P>What is a pragmatical approach to log such as request without the need of seeting up syslog, syslog servers etc.? Just to log a simple request?</P><P>&nbsp;</P><P>Thanks all of you</P><P>Markus</P> Thu, 27 Feb 2020 09:08:43 GMT https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036747#M1067062 markus.albisser1 2020-02-27T09:08:43Z https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036813#M1067077 <P>Query the connection events in FMC (or FDM) is one way.</P> <P>Another is to watch firewall-engine debug from the cli while the client attempts to establish the connection.</P> <P>A third is to run packet-tracer.</P> <P>A fourth is to do packet-capture.</P> Thu, 27 Feb 2020 11:36:24 GMT https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036813#M1067077 Marvin Rhoads 2020-02-27T11:36:24Z https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036859#M1067090 <P>Hi Marvin</P><P>&nbsp;</P><P>Thanks for this quick answer. The command&nbsp;system support firewall-engine-debug is a great one, really straight forward. Do you have somehow a link which describes your two other options with the packet tracer and packet capture a bit closer?</P><P>&nbsp;</P><P>Thanks</P><P>Markus</P> Thu, 27 Feb 2020 12:55:05 GMT https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036859#M1067090 markus.albisser1 2020-02-27T12:55:05Z https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036989#M1067095 <P>I recommend&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/339519">@Nazmul Rajib</a>'s book on Firepower Threat Defense. It has lots of detailed examples on using FTD's packet-tracer and packet-capture commands.</P> <P>It's available via the usual venues - I use Safari/O'Reilly as part of my ACM membership to access it.</P> <P>You could also check out Cisco Live presentation&nbsp;BRKSEC-3455 Dissecting FTD Architecture and Troubleshooting which can be downloaded for free.</P> Thu, 27 Feb 2020 16:23:46 GMT https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4036989#M1067095 Marvin Rhoads 2020-02-27T16:23:46Z https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4037374#M1067117 <P>Thank you Marvin for your inputs. Very helpful</P> Fri, 28 Feb 2020 08:56:07 GMT https://community.cisco.com/t5/network-security/logging-in-firepower/m-p/4037374#M1067117 markus.albisser1 2020-02-28T08:56:07Z