Firepower - Change Syslog port from default

gamoore · ‎01-28-2022

Hi,

For the Firepower v7.0 platform is it possible to change the Syslog forwarding port from default udp/514 to something else, for FMC, FTD, the Intrusion Policies?

Mark Elsen · ‎01-28-2022

- FYI : https://support.auvik.com/hc/en-us/articles/360048078412-How-to-configure-syslog-on-Cisco-devices-with-Firepower-Management-Center

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Aref Alsouqi · ‎01-29-2022

For the FTD you can change the external Syslog server port through the Platform Setting policy, however, if you are trying to change the forwarding port of the FTD/IPS events to the FMC then in that case you would need to change the secure tunnel port on the FTD. The reason of this is because one of the reasons the FTD uses the secure tunnel port for is to send the connections, IPS, SSL etc events to the FMC. The command to change that port would be "configure network-management port ...".

gamoore · ‎02-01-2022

Hi Aref,

I am trying to change the FTD/IPS events to an external Syslog Server on a port different from udp/514. Is this possible?

Aref Alsouqi · ‎02-01-2022

Hi, you can do that from the Platform Setting policy when you add the Syslog server in the Syslog Servers section, Step 3 in this guide:

Configure Logging on FTD via FMC - Cisco