Firepower 1010 FMD with URL Filtering and Logging

mumbles202 · ‎09-15-2021

Currently working on a FDM on a 1010 that has content filtering w/ a few categories set to block (is there a way to just do monitoring like you can on an FMC by creating an allow policy and reviewing destinations?) and the rule has logging enabled for the start of connection. Their is a syslog server setup on the LAN that I was hoping to be able to point logs to but not getting the expected behavior. I was hoping to get similar granularity to the FMC logging exported to the syslog server where I would see computer 172.16.25.2 attempted to go to www.website.com and was blocked as a syslog message. Is there something else required to make this work? Current settings for logging on the FTD are as follows:

logging enable
logging timestamp
logging buffer-size 3000000
logging buffered warnings
logging trap warnings
logging host inside 172.16.25.10

balaji.bandi · ‎09-15-2021

if you using FMC check this :

https://www.youtube.com/watch?v=cT3aGCBLgvs

On the Logging tab enable looking so you get Log alerts

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-access.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mumbles202 · ‎09-16-2021

Thanks for the reply and the link. This instance is using the on-box FDM, not the FMC. In FMC you have additional options that aren't present in the FDM which I understand. I wanted to see why logging URLs isn't working on the FDM since you have the option to enable logging directly in the policy item that is blocking them.