annuler
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
890
Visites
0
Compliment
4
Réponses

How to send xlate entries and conn table to syslog

frandolph
Level 1
Level 1

Hi

We have cisco Firepower 4115 running FTD instances. FTD are managed by FMC .

We are trying to archive the xlate  and conn entries to syslog server.

Is that feasible ?

Thanks

1 SOLUTION APPROUVÉE

Solutions approuvées

Marvin Rhoads
Hall of Fame
Hall of Fame

You can do this using a custom event list which is part of a platform policy.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/interfaces-settings-platform.html#task_CD4708B85D4947A19C002141F27B75CF

For NAT creation and teardown, the messages would be:

  • %ASA-6-305009: Built {dynamic|static} translation from interface_name [(acl-name)]:real_address [(idfw_user)] to interface_name:mapped_address
  • %ASA-6-305010: Teardown {dynamic|static} translation from interface_name:real_address [(idfw_user)] to interface_name:mapped_address duration time

For connections, the are separate messages for tcp, udp and icmp respectively. Search for the terms "Built" and "Teardown" in this guide to see them all:

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/messages-listed-by-severity-level.html

 

 


Voir la solution dans l'envoi d'origine

4 RÉPONSES 4

balaji.bandi
Hall of Fame
Hall of Fame

never tried it, May be look Lina logs to send to syslog.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads
Hall of Fame
Hall of Fame

You can do this using a custom event list which is part of a platform policy.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/interfaces-settings-platform.html#task_CD4708B85D4947A19C002141F27B75CF

For NAT creation and teardown, the messages would be:

  • %ASA-6-305009: Built {dynamic|static} translation from interface_name [(acl-name)]:real_address [(idfw_user)] to interface_name:mapped_address
  • %ASA-6-305010: Teardown {dynamic|static} translation from interface_name:real_address [(idfw_user)] to interface_name:mapped_address duration time

For connections, the are separate messages for tcp, udp and icmp respectively. Search for the terms "Built" and "Teardown" in this guide to see them all:

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/messages-listed-by-severity-level.html

 

 


Let me try and get back to you

 

Thank you so much.

it is working fine for me