Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1066
Views
0
Helpful
2
Replies

appl logging to multiple rules

stuart.rock
Level 1
Level 1

‎01-22-2019 08:40 AM - edited ‎03-12-2019 07:14 AM

Hi,

looking for some help.

i am working on a firewall with 750 rules. most of these rules are not set to log.

is there any way to apply logging (at end) to a select bunch of rules in one hit. or am i looking at clicking 750 rules one at a time to switch logging on.

also when logging is enabled (to event viewer) is this held in FMC? i want to send all rule hits to a syslog server - do i need to enable this per rule - as above? or will FMC do that for me?

thanks in advance

Labels:
0 Helpful
2 Replies 2

Abheesh Kumar
VIP Alumni
VIP Alumni

‎01-22-2019 09:56 AM

Hi,
There is no such option to edit multiple rules in a single shot. You need to edit each rule and enable logging.
You can configure syslog server from the Device > Platform Setting > Threat Defense Policy > Syslog
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html

Thanks,
Abheesh
PS: Please don't forget to rate and select as validated answer if this answered your question.

0 Helpful

iabualna
Cisco Employee
Cisco Employee

‎08-29-2023 12:56 AM

There is no such option to edit multiple rules in a single shot, as mentioned by Abheesh. We have the ENH below for the same:

"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32569

"ENH: Add option to enable Syslog on all Access Control Policies rules"

 
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card