https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825766#M1100062 <P>Sure will provide the log.</P><P>No FW in between. UDP port 514 is open and working for other traffic. Whenever ravpn client connects or disconnects this info is not coming-in to the syslog.</P> Mon, 01 May 2023 18:09:09 GMT shaikh.zaid22 2023-05-01T18:09:09Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823029#M1099958 <P>hi,</P><P>i am having ftd's managed via fmc running ver7.0.1 and the FMC is configured too forward vpn logs to syslog server which is a forescout NAC appliance.</P><P>Since we are not getting any logs in the destination, i want to know how to verify the vpn logs are being sent by FMC managment interface ip address or the active FTD device??</P><P>&nbsp;</P> Thu, 27 Apr 2023 13:18:58 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823029#M1099958 shaikh.zaid22 2023-04-27T13:18:58Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823032#M1099959 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/58993">@shaikh.zaid22</a> the syslogs are sent from the FTD to the configured syslog server.</P> <P>If you are not receiving the logs run a packet capture to confirm the logs are being transmitted and double check the configuration.</P> Thu, 27 Apr 2023 13:29:10 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823032#M1099959 Rob Ingram 2023-04-27T13:29:10Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823038#M1099960 <P>Can I know ftd&nbsp; platform you have ?</P> Thu, 27 Apr 2023 13:39:10 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823038#M1099960 MHM Cisco World 2023-04-27T13:39:10Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823214#M1099965 <P>Adding to what <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a> said, the syslog message should originate from the management address of the active FTD (assuming you have it setup properly in the platform settings).</P> Thu, 27 Apr 2023 16:47:38 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823214#M1099965 Marvin Rhoads 2023-04-27T16:47:38Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823319#M1099970 <P>Rob can u share the packet capture cpmmand.</P> Thu, 27 Apr 2023 19:28:22 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823319#M1099970 shaikh.zaid22 2023-04-27T19:28:22Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823320#M1099971 <P>FTDs model is 2110</P> Thu, 27 Apr 2023 19:28:46 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823320#M1099971 shaikh.zaid22 2023-04-27T19:28:46Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823322#M1099972 <P>Thanks Marvin</P><P>I have configured specific ravpn logs only to be forwarded to syslog server.&nbsp;</P> Thu, 27 Apr 2023 19:29:41 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4823322#M1099972 shaikh.zaid22 2023-04-27T19:29:41Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825494#M1100042 <P>Hi rob,</P><P>Can u pls provide the command or the doc pls</P> Mon, 01 May 2023 13:03:30 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825494#M1100042 shaikh.zaid22 2023-05-01T13:03:30Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825522#M1100046 <P>Access to mgnt interface of ftd&nbsp;</P> <P>Then&nbsp;</P> <P>System support diagnostics cli</P> <P>Then</P> <P>Ping to syslog server &lt;&lt;- are ping success ?</P> Mon, 01 May 2023 13:50:35 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825522#M1100046 MHM Cisco World 2023-05-01T13:50:35Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825744#M1100058 <P>yes its pingable from ftd.</P> Mon, 01 May 2023 17:35:04 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825744#M1100058 shaikh.zaid22 2023-05-01T17:35:04Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825748#M1100060 <PRE>firepower# sh run logging &lt;&lt;- can I see this </PRE> <P>few more tips to check&nbsp;<BR />are there any&nbsp; other FW between the Syslog and FTD ? are log UDP port is Open ? are the Syslog listen to UDP or TCP port ?<BR />what is accept log format by Syslog?</P> Mon, 01 May 2023 18:00:04 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825748#M1100060 MHM Cisco World 2023-05-01T18:00:04Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825766#M1100062 <P>Sure will provide the log.</P><P>No FW in between. UDP port 514 is open and working for other traffic. Whenever ravpn client connects or disconnects this info is not coming-in to the syslog.</P> Mon, 01 May 2023 18:09:09 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825766#M1100062 shaikh.zaid22 2023-05-01T18:09:09Z https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825782#M1100063 <P><SPAN>if traffic log is send and only RAVPN is not what is level of logging you use ?</SPAN></P> <P><SPAN>Any VPN syslogs that are displayed have a default severity level ‘<STRONG>ERROR</STRONG>’ or higher (unless changed). VPN logging is managed through&nbsp;</SPAN><SPAN class="ph">FTD</SPAN><SPAN>&nbsp;platform settings.<BR /><BR /></SPAN></P> Mon, 01 May 2023 18:15:39 GMT https://community.cisco.com/t5/network-security/syslog-in-fmc/m-p/4825782#M1100063 MHM Cisco World 2023-05-01T18:15:39Z