10-27-2014 04:09 PM - edited 03-10-2019 06:16 AM
Anyone know how Cisco ASA 5500x firepower logging works?
Based on the cisco manuals: " For ASA FirePOWER-related syslog messages, see the syslog messages guide. ASA FirePOWER syslog messages start with message number 434001"
That suggests it just talks syslog.
Anyone know if that's all it does? Or does it do SDEE like the old Cisco IPS modules?
10-30-2014 10:39 PM
Firepower logging is to a Firesight management center (FMC) via https. It does not use SDEE.
Just like the old IPS, syslog messages are only about the module status, not about actual IPS events.
11-03-2014 01:49 PM
Thanks Marvin, do you know what the data retention is on the FMC? Can it be set to unlimited? (assuming unlimited storage on the FMC server)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide