cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
591
Views
5
Helpful
2
Replies

Firepower Access Controll Policy logging

dejan_jov1
Level 1
Level 1

Hi,

 

how can I send Syslog messeages  of Access Control Rule to an external Syslog Server? I need to see which connections are Blocked or Allowed for specific Rules. In logging settings for Access Controll Rule I can configure Syslog Alert but I don't see any messages on Syslog server. I think that I have problem with selecting the right Facility but can't choose the right one. Thanks in advance!

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

The default facility is normally OK unless your target syslog server has some specific setup.

 

Have you checked the syslog server to see if it is receiving packets on udp/514 from your FMC?

Thanks for reply!

 

I think i'm hitting some bug. I noticed that in Policies>Actions>Alerts the syslog action was "not in use" even it was selected in few Rules. So I tried to deselect the syslog config from all my Access Control Rules than to deploy that configuration and after selecting the same syslog config on my rules and after deploying the syslog server suddenly it worked!

Review Cisco Networking for a $25 gift card