Re: Sorry but that is not helpful

Ben Rodriguez · ‎02-08-2017

Hi community,

I have a working Sourcefire system setup with syslog pointing to a Graylog logging server. I am looking to get some test messages into the logging server. How can I trigger a message from the Sourcefire? Ifs there a built in mechanism for that? I highly recommend Graylog. It's free/open source and easy to setup. Thanks for any help.

syeda3 · ‎02-08-2017

After configuring the syslog server, you just have to enable the loggings to send the log to Syslog server in Access control - Rules.

Refer the following link for more information and let us know if that helps you.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html

Hope to help.

Ben Rodriguez · ‎02-08-2017

Hi syeda,

I have logging configured. How do I send a test alert is my question. Any idea?

syeda3 · ‎02-08-2017

Please see the below document for send alters.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html

Hope to help.

Ben Rodriguez · ‎02-08-2017

Sorry but that is not helpful. I already have alerts configured. I need to trigger a test alert.

john.clayton · ‎08-18-2018

Hi, I had this problem too. You need to generate a real event but one which isn't harmful and is easy to identify. In my case I use a powershell script to make a web request with a user-agent which fires an alert. I use a particular site which is one of those set up to allow you to 'hack' it, and you could also use a completely made up site. I'm surprised that Sourcefire/Firepower doesn't have this functionality built in.

Here is the gist of my script

Invoke-WebRequest -Uri (some url) -UserAgent (some value)

Does seem simple I know, but I find it useful.

sourcefire test alert/syslog message