appl logging to multiple rules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2019 08:40 AM - edited 03-12-2019 07:14 AM
Hi,
looking for some help.
i am working on a firewall with 750 rules. most of these rules are not set to log.
is there any way to apply logging (at end) to a select bunch of rules in one hit. or am i looking at clicking 750 rules one at a time to switch logging on.
also when logging is enabled (to event viewer) is this held in FMC? i want to send all rule hits to a syslog server - do i need to enable this per rule - as above? or will FMC do that for me?
thanks in advance
- Labels:
-
NGIPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2019 09:56 AM
There is no such option to edit multiple rules in a single shot. You need to edit each rule and enable logging.
You can configure syslog server from the Device > Platform Setting > Threat Defense Policy > Syslog
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html
Thanks,
Abheesh
PS: Please don't forget to rate and select as validated answer if this answered your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2023 12:56 AM
There is no such option to edit multiple rules in a single shot, as mentioned by Abheesh. We have the ENH below for the same:
"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32569
"ENH: Add option to enable Syslog on all Access Control Policies rules"
