09-15-2021 11:39 AM
Currently working on a FDM on a 1010 that has content filtering w/ a few categories set to block (is there a way to just do monitoring like you can on an FMC by creating an allow policy and reviewing destinations?) and the rule has logging enabled for the start of connection. Their is a syslog server setup on the LAN that I was hoping to be able to point logs to but not getting the expected behavior. I was hoping to get similar granularity to the FMC logging exported to the syslog server where I would see computer 172.16.25.2 attempted to go to www.website.com and was blocked as a syslog message. Is there something else required to make this work? Current settings for logging on the FTD are as follows:
logging enable
logging timestamp
logging buffer-size 3000000
logging buffered warnings
logging trap warnings
logging host inside 172.16.25.10
09-15-2021 02:30 PM
if you using FMC check this :
https://www.youtube.com/watch?v=cT3aGCBLgvs
On the Logging tab enable looking so you get Log alerts
09-16-2021 06:28 AM
Thanks for the reply and the link. This instance is using the on-box FDM, not the FMC. In FMC you have additional options that aren't present in the FDM which I understand. I wanted to see why logging URLs isn't working on the FDM since you have the option to enable logging directly in the policy item that is blocking them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide