Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3049
Views
0
Helpful
1
Replies

Logging AMP malware events to syslog

Go to solution
N3t W0rK3r
Level 3
Level 3

‎05-03-2019 06:47 AM

I have tried configure FirePower to log malware events to my syslog server, but I am not seeing the events in logs.

I have enabled syslog logging for both retrospective events (whatever that means) and all network-based malware events. And, I have enabled email alerts for the latter (which is working btw).

Is this a bug or is there something else I need to do here to get this to work?  Will the malware logs be sourced from the FMC server or from the SFR sensors on the ASA's?

 

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
N3t W0rK3r
Level 3
Level 3

‎05-03-2019 08:47 AM

Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.

Source is the FMC btw, not the sensors.  Same goes for intrusion events.

Hopefully this helps someone else in the future. lol

Cheers.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
N3t W0rK3r
Level 3
Level 3

‎05-03-2019 08:47 AM

Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.

Source is the FMC btw, not the sensors.  Same goes for intrusion events.

Hopefully this helps someone else in the future. lol

Cheers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card