02-08-2017 05:49 AM - edited 03-10-2019 06:45 AM
Hi community,
I have a working Sourcefire system setup with syslog pointing to a Graylog logging server. I am looking to get some test messages into the logging server. How can I trigger a message from the Sourcefire? Ifs there a built in mechanism for that? I highly recommend Graylog. It's free/open source and easy to setup. Thanks for any help.
02-08-2017 06:11 AM
After configuring the syslog server, you just have to enable the loggings to send the log to Syslog server in Access control - Rules.
Refer the following link for more information and let us know if that helps you.
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html
Hope to help.
02-08-2017 06:26 AM
Hi syeda,
I have logging configured. How do I send a test alert is my question. Any idea?
02-08-2017 06:30 AM
Please see the below document for send alters.
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html
Hope to help.
02-08-2017 06:32 AM
Sorry but that is not helpful. I already have alerts configured. I need to trigger a test alert.
08-18-2018 03:13 AM
Hi, I had this problem too. You need to generate a real event but one which isn't harmful and is easy to identify. In my case I use a powershell script to make a web request with a user-agent which fires an alert. I use a particular site which is one of those set up to allow you to 'hack' it, and you could also use a completely made up site. I'm surprised that Sourcefire/Firepower doesn't have this functionality built in.
Here is the gist of my script
Invoke-WebRequest -Uri (some url) -UserAgent (some value)
Does seem simple I know, but I find it useful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide