Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2733
Views
5
Helpful
12
Replies

Cisco Firepower Chassis 2110 with Virtual ASA - Syslog Query

RG78874
Level 1
Level 1

‎02-19-2021 07:10 AM

Hi, This is my first post, I have a Cisco Firepower Chassis 2110 with Virtual ASA running on it. I am trying to only get the Syslog or realtime logging for any users logging in directly to the Cisco Firepower Chassis 2110. 

 

Can someone help with this, I have a Solarwinds Syslog viewer but I cannot seem to get realtime syslogs from the Cisco Firepower Chassis.

 

The version of the Firepower is 9.14(1)10. On the Firepower GUI I do not get many options at all, it is very limited.

1 person had this problem
0 Helpful
12 Replies 12

balaji.bandi
Hall of Fame
Hall of Fame

‎02-19-2021 07:23 AM

You can do platform setting for the Syslog server config :  ( on the Syslog server you can generate event-based email )

 

https://www.cisco.com/c/en/us/td/docs/security/asa/fxos/config/asa-2100-fxos-config/fcm.html#task_ijj_fgt_51b

 

other references:

 

https://www.cisco.com/c/en/us/support/docs/ip/syslog/213992-configure-syslog-on-firepower-fxos-appli.html

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

RG78874
Level 1
Level 1
In response to balaji.bandi

‎02-19-2021 07:29 AM

can I do it without emails, for instance use a syslog viewer or solarwinds.

 

I only want to capture the syslog log of the Cisco Firepower Chassi 2110 for instance, users logging in, failures and so on.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to RG78874

‎02-19-2021 07:38 AM

yes, the logs will ship to your Syslog server, later you can do whatever you want on that logs.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

RG78874
Level 1
Level 1
In response to balaji.bandi

‎02-19-2021 07:42 AM

ok thanks, I do not have those options on my GUI, I do not have "remote destinations". I will try take a screen shot and show you my options, but there isn't many.

0 Helpful

RG78874
Level 1
Level 1
In response to balaji.bandi

‎02-23-2021 12:40 AM

This is all I see on the GUI Firepower Chassis Manager, the link you provided has "Remote Destinations" and I do not have this and the other options in other screen shots. I have attached what I see.

 

Preview file
6696 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to RG78874

‎02-23-2021 04:59 AM

Syslog remote destinations for the Firepower 2100 series chassis are not supported. As noted in the configuration guide, "You can send syslog messages to the Firepower 2100 console, SSH session, or a local file. "

The link that showed remote destinations was a guide specific to the 4100 and 9300 series.

RG78874
Level 1
Level 1
In response to Marvin Rhoads

‎02-23-2021 05:06 AM

How can I view the messages with this version, what command or file do I need to view the logs?

If there is a file stored in the root disk0 directory that I can view that would be more useful.

I'm completely new to working this way with the Firepower's.

0 Helpful

RG78874
Level 1
Level 1
In response to RG78874

‎02-25-2021 01:28 AM

Hi any updates on how I can view logs for the Firepower 2110 - for example finding out how to see any changes, logins, failed login attempts made using a GUI on the Firepower?

 

Which log file to locate?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-23-2021 03:13 AM

what is the FXOS here ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

RG78874
Level 1
Level 1
In response to balaji.bandi

‎02-23-2021 03:31 AM

I have ran the following Command - show version

 

Version: 2.8(1.108)

Startup-version: 2.8(1.108)

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to RG78874

‎02-23-2021 04:21 AM

May be this feature not available on FPR 21XX i guess here

 

look at the document :

 

https://www.cisco.com/c/en/us/support/docs/ip/syslog/213992-configure-syslog-on-firepower-fxos-appli.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

stephan.ochs
Level 1
Level 1

‎04-15-2021 02:24 AM

With version cisco-asa-fp2k.9.8.2.SPA (delivery version with FXOS 2.2.2.52) it is possible to configure FXOS SYSLog to remote hosts via GUI.
And it works. SYSLogs are sent and I have them at my SYSLog-Server.

See https://www.cisco.com/c/de_de/support/docs/ip/syslog/213992-configure-syslog-on-firepower-fxos-appli.html#anc13

(German version. Don't know whether also in english version. Didn't search for it.)

CLI was not possible.

/monitoring # enable syslog source 
 audits Send audits 
 events Send events 
 faults Send faults

After upgrading the Firepower the to cisco-asa-fp2k.9.12.3.12.SPA (with FXOS 2.6.1.198) the page in the GUI was gone.

In CLI still not possible.

 

Now I have the following situation:

Those I configured SYSLog with 9.8 before upgrading are sending SYSLogs, the others I upgraded before configuring SYSLog are not and it is not possible to configure it.

 

In my opinion it is a bug in FXOS GUI since 9.12 (or any after 9.8.2).

I will open up a ticket... 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card