cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
487
Views
0
Helpful
1
Replies
Participant

Logging AMP malware events to syslog

I have tried configure FirePower to log malware events to my syslog server, but I am not seeing the events in logs.

I have enabled syslog logging for both retrospective events (whatever that means) and all network-based malware events. And, I have enabled email alerts for the latter (which is working btw).

Is this a bug or is there something else I need to do here to get this to work?  Will the malware logs be sourced from the FMC server or from the SFR sensors on the ASA's?

 

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Participant

Re: Logging AMP malware events to syslog

Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.

Source is the FMC btw, not the sensors.  Same goes for intrusion events.

Hopefully this helps someone else in the future. lol

Cheers.

1 REPLY 1
Highlighted
Participant

Re: Logging AMP malware events to syslog

Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.

Source is the FMC btw, not the sensors.  Same goes for intrusion events.

Hopefully this helps someone else in the future. lol

Cheers.