I have tried configure FirePower to log malware events to my syslog server, but I am not seeing the events in logs.
I have enabled syslog logging for both retrospective events (whatever that means) and all network-based malware events. And, I have enabled email alerts for the latter (which is working btw).
Is this a bug or is there something else I need to do here to get this to work? Will the malware logs be sourced from the FMC server or from the SFR sensors on the ASA's?
Thanks in advance.
Solved! Go to Solution.