https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414102#M1081357 <P>No, I using FMC. This screenshot is only example what I mean.</P><P>So if I enable Logging tab in Access Control Policy I also should enable Logging in Access Control Rule, yes ?</P> Mon, 07 Jun 2021 15:26:35 GMT mikiNet 2021-06-07T15:26:35Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4413993#M1081352 <P>Hello Guys,</P><P>I have a question related to logging on Firepower. We have two option to configure it, first via Platform Setting, second via tab in Access Control Policy (this tab is near Security Intelligence, HTTP Response etc.)</P><P>&nbsp;</P><P>Question is: What is difference between logging on Platform Setting vs logging on ACP ? Pros and cons? When using ?</P><P>I can't find any good explanation about it.</P> Mon, 07 Jun 2021 12:41:51 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4413993#M1081352 mikiNet 2021-06-07T12:41:51Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414004#M1081353 <P>As per my understanding. here is what i can describe simple :</P> <P>&nbsp;</P> <P>Platform Setting - Looging is more related to device logging like errors and events, you can select what kind of logs to be generated and logs to syslog server</P> <P>Access Control Policy&nbsp; - Logging - more related to Policy logs ( accept or denined logs ..etc kind). ( you can beging of the connection or ending of the connection, or both)</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 07 Jun 2021 13:01:16 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414004#M1081353 balaji.bandi 2021-06-07T13:01:16Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414009#M1081354 <P>No,</P><P>I mean this tab:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="loggg.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/122002iDAFCECAA6E3A14A0/image-size/large?v=v2&amp;px=999" role="button" title="loggg.png" alt="loggg.png" /></span></P> Mon, 07 Jun 2021 13:09:59 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414009#M1081354 mikiNet 2021-06-07T13:09:59Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414031#M1081355 <P>Hope you are using FDM here ?&nbsp; But yes that is for ACP Logging</P> Mon, 07 Jun 2021 13:55:11 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414031#M1081355 balaji.bandi 2021-06-07T13:55:11Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414102#M1081357 <P>No, I using FMC. This screenshot is only example what I mean.</P><P>So if I enable Logging tab in Access Control Policy I also should enable Logging in Access Control Rule, yes ?</P> Mon, 07 Jun 2021 15:26:35 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414102#M1081357 mikiNet 2021-06-07T15:26:35Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414210#M1081362 <P>The logging tab in your ACP screenshot primarily refers to syslog setting for those things that have associated syslog actions.</P> <P>All ACP entries, including the default action, need to have their settings individually set to log or not - it can be to the FMC Connection events, to syslog server or as an SNMP trap. We also choose to log at beginning or end of connection there.</P> Mon, 07 Jun 2021 17:56:25 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414210#M1081362 Marvin Rhoads 2021-06-07T17:56:25Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414233#M1081363 <P>Ok, so to log ACP entries I need to set syslog in Logging tab globaly in ACP and also set Logging to syslog server on&nbsp;<SPAN>individual rule (ACE) ? This two configuration need to be done to send syslog messages to syslog server ?</SPAN></P> Mon, 07 Jun 2021 18:36:20 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414233#M1081363 mikiNet 2021-06-07T18:36:20Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414243#M1081364 <P>Yes - but only if you want to use a external syslog server. The majority of my customers log primarily (and only) to the FMC.</P> Mon, 07 Jun 2021 19:06:01 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/4414243#M1081364 Marvin Rhoads 2021-06-07T19:06:01Z https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/5245329#M1118662 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PeterKoltl_4-1736448256136.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/237293i3B2EC193A93333AF/image-size/medium?v=v2&amp;px=400" role="button" title="PeterKoltl_4-1736448256136.png" alt="PeterKoltl_4-1736448256136.png" /></span></P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/760/management-center-admin-76/analysis-external-tools.html#id_102487" target="_blank">Best Practices for Configuring Security Event Syslog Messaging</A></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PeterKoltl_0-1736448060462.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/237289i9978B4F2939C3501/image-size/medium?v=v2&amp;px=400" role="button" title="PeterKoltl_0-1736448060462.png" alt="PeterKoltl_0-1736448060462.png" /></span></P> <P>&nbsp;</P> <P>Do not use&nbsp;<STRONG>Policies &gt; Actions &gt; Alerts</STRONG> if it is an FTD:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PeterKoltl_1-1736448060468.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/237290i5894011433C8B0F3/image-size/medium?v=v2&amp;px=400" role="button" title="PeterKoltl_1-1736448060468.png" alt="PeterKoltl_1-1736448060468.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PeterKoltl_2-1736448060476.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/237291iC981EC392BF599CE/image-size/medium?v=v2&amp;px=400" role="button" title="PeterKoltl_2-1736448060476.png" alt="PeterKoltl_2-1736448060476.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PeterKoltl_3-1736448060483.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/237292iFF98267E82C9958F/image-size/medium?v=v2&amp;px=400" role="button" title="PeterKoltl_3-1736448060483.png" alt="PeterKoltl_3-1736448060483.png" /></span></P> <P><STRONG><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/760/management-center-admin-76/events-connect-logging.html#ID-2174-00000094" target="_blank">Beginning vs End-of-Connection Logging</A></STRONG></P> Thu, 09 Jan 2025 18:45:14 GMT https://community.cisco.com/t5/network-security/cisco-firepower-logging/m-p/5245329#M1118662 Peter Koltl 2025-01-09T18:45:14Z