Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3166
Views
1
Helpful
7
Replies

Cisco Firepower Logging

Go to solution
mikiNet
Level 1
Level 1

‎06-07-2021 05:41 AM

Hello Guys,

I have a question related to logging on Firepower. We have two option to configure it, first via Platform Setting, second via tab in Access Control Policy (this tab is near Security Intelligence, HTTP Response etc.)

 

Question is: What is difference between logging on Platform Setting vs logging on ACP ? Pros and cons? When using ?

I can't find any good explanation about it.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mikiNet

‎06-07-2021 12:06 PM

Yes - but only if you want to use a external syslog server. The majority of my customers log primarily (and only) to the FMC.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-07-2021 06:01 AM

As per my understanding. here is what i can describe simple :

 

Platform Setting - Looging is more related to device logging like errors and events, you can select what kind of logs to be generated and logs to syslog server

Access Control Policy  - Logging - more related to Policy logs ( accept or denined logs ..etc kind). ( you can beging of the connection or ending of the connection, or both)

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
mikiNet
Level 1
Level 1
In response to balaji.bandi

‎06-07-2021 06:09 AM

No,

I mean this tab:

loggg.png

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to mikiNet

‎06-07-2021 06:55 AM

Hope you are using FDM here ?  But yes that is for ACP Logging

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
mikiNet
Level 1
Level 1
In response to balaji.bandi

‎06-07-2021 08:26 AM

No, I using FMC. This screenshot is only example what I mean.

So if I enable Logging tab in Access Control Policy I also should enable Logging in Access Control Rule, yes ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mikiNet

‎06-07-2021 10:56 AM

The logging tab in your ACP screenshot primarily refers to syslog setting for those things that have associated syslog actions.

All ACP entries, including the default action, need to have their settings individually set to log or not - it can be to the FMC Connection events, to syslog server or as an SNMP trap. We also choose to log at beginning or end of connection there.

0 Helpful

Go to solution
mikiNet
Level 1
Level 1
In response to Marvin Rhoads

‎06-07-2021 11:36 AM

Ok, so to log ACP entries I need to set syslog in Logging tab globaly in ACP and also set Logging to syslog server on individual rule (ACE) ? This two configuration need to be done to send syslog messages to syslog server ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mikiNet

‎06-07-2021 12:06 PM

Yes - but only if you want to use a external syslog server. The majority of my customers log primarily (and only) to the FMC.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card