Re: Disabling FTD logging for events: 852001 and 852002

Elpakko · ‎11-04-2020

I'm looking to disable the logging of the following event ids:

FTD-6-852001: Received Lightweight to Full Proxy event from application Snort for TCP flow ip-address/port to ip-address/port

FTD-6-852002: Received Full Proxy to Lightweight event from application Snort for TCP flow ip-address/port to ip-address/port

I have successfully disabled other events in Platform Settings --> Syslog --> Syslog Settings --> Add

For some reason this setup does not recognize these Syslog IDs and I get error "invalid Syslog ID"

What am I missing here?

ASA5525-x with FTD version 6.5.0.4

balaji.bandi · ‎11-04-2020

You want only specific log events you do not want unnecessary Log events to be logged then look at the below guide to remove or add rquired one.

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html

if you have already done please share the screenshot to understand the config you have done.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Elpakko · ‎11-04-2020

Yes, I'm aware of that and that's exactly where I get the error:

Elpakko · ‎11-10-2020

Anyone? I'm a bit lost here. These events are spamming my log server.

Aref Alsouqi · ‎11-10-2020

I would raise a TAC since it looks like your FMC is hitting a bug. Also, I would highly recommend upgrading to version 6.6.1 which is the latest gold release.

Chess Norris · ‎01-12-2023

Same issue here with FMC 7.2.1. Any solutions on how to disable those?

Thanks

/Chess

adamgerber · ‎06-28-2023

I have this same issue.

Elpakko · ‎01-12-2023

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx37329

Cisco TAC opened a bug incidenct for this, but it still seems to be open. So no fix is available still after almost two years.