https://community.cisco.com/t5/network-security/logging-amp-malware-events-to-syslog/m-p/3849942#M18125 <P>Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.</P><P>Source is the FMC btw, not the sensors.&nbsp; Same goes for intrusion events.</P><P>Hopefully this helps someone else in the future. lol</P><P>Cheers.</P> Fri, 03 May 2019 15:47:11 GMT N3t W0rK3r 2019-05-03T15:47:11Z https://community.cisco.com/t5/network-security/logging-amp-malware-events-to-syslog/m-p/3849851#M18124 <P>I have tried configure FirePower to log malware events to my syslog server, but I am not seeing the events in logs.</P><P>I have enabled syslog logging for both retrospective events (whatever that means) and all network-based malware events. And, I have enabled email alerts for the latter (which is working btw).</P><P>Is this a bug or is there something else I need to do here to get this to work?&nbsp; Will the malware logs be sourced from the FMC server or from the SFR sensors on the ASA's?</P><P>&nbsp;</P><P>Thanks in advance.</P> Fri, 03 May 2019 13:47:46 GMT https://community.cisco.com/t5/network-security/logging-amp-malware-events-to-syslog/m-p/3849851#M18124 N3t W0rK3r 2019-05-03T13:47:46Z https://community.cisco.com/t5/network-security/logging-amp-malware-events-to-syslog/m-p/3849942#M18125 <P>Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.</P><P>Source is the FMC btw, not the sensors.&nbsp; Same goes for intrusion events.</P><P>Hopefully this helps someone else in the future. lol</P><P>Cheers.</P> Fri, 03 May 2019 15:47:11 GMT https://community.cisco.com/t5/network-security/logging-amp-malware-events-to-syslog/m-p/3849942#M18125 N3t W0rK3r 2019-05-03T15:47:11Z