Solved: Re: Cisco FTD Various Logging Configuration Differences

peymansarayeli · ‎01-20-2022

Hi Guys, I hope you are doing fine.

I have a question regarding Logging configuration in FTD.

As you may have observed, in Policy section there are two possibilities where you can edit Loggings:

1- Policy > Access Control > Logging

2- In each specific Access Rule there is a Logging section between "Comments" and "Inspection"

I could not find any proper documents that explains these separate sections clearly. Could you please help me understand them and the differences between them?

Best,

Peyman

peymansarayeli · ‎01-25-2022

Hi all,

I found this video very useful.

https://www.youtube.com/watch?v=q8zrQ-2PUXk

Thanks @balaji.bandi

View solution in original post

balaji.bandi · ‎01-20-2022

If you looking Logging for ACP basis, then you need to choose the below one : ( rather using main logging)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

peymansarayeli · ‎01-20-2022

Dear @balaji.bandi,

Thanks for your response.

Basically I want to to know what is the difference between Logging here:

and here:

Best

balaji.bandi · ‎01-20-2022

The main Logging to do with syslog

Settings for access control policy logging allow you to configure default syslog destinations and syslog alert for the current access control policy. The settings are applicable to the access control policy and all the included SSL, prefilter, and intrusion policies unless the syslog destination settings are explicitly overridden with custom settings in included rules and policies.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

peymansarayeli · ‎01-24-2022

Dear @balaji.bandi

Thanks for your explanation.

Correct me if I am wrong; If we configure logging in the general page of ACP, it will be applied to all rules until we change logging configuration on a specific rule?

Best,

Peyman