03-19-2018 05:57 AM - edited 02-21-2020 07:31 AM
Hi,
how can I send Syslog messeages of Access Control Rule to an external Syslog Server? I need to see which connections are Blocked or Allowed for specific Rules. In logging settings for Access Controll Rule I can configure Syslog Alert but I don't see any messages on Syslog server. I think that I have problem with selecting the right Facility but can't choose the right one. Thanks in advance!
03-19-2018 08:37 AM
The default facility is normally OK unless your target syslog server has some specific setup.
Have you checked the syslog server to see if it is receiving packets on udp/514 from your FMC?
03-19-2018 09:29 AM
Thanks for reply!
I think i'm hitting some bug. I noticed that in Policies>Actions>Alerts the syslog action was "not in use" even it was selected in few Rules. So I tried to deselect the syslog config from all my Access Control Rules than to deploy that configuration and after selecting the same syslog config on my rules and after deploying the syslog server suddenly it worked!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide