Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
0
Helpful
2
Replies

Firepower Intrusion Event Alerting

ChristopherCraddock66504
Level 1
Level 1

‎04-27-2022 07:15 AM - edited ‎04-27-2022 07:15 AM

Dear Community,

We have IPS (Inspection) enabled on several of our rules in our Access Control Policy. Eventhough we can see the intrusion events in Analysis -> Intrusions-> Events, we do not see any of these intrusion events in our syslog files. I was doing some reading and came across this article which intimates that the syslog settings are set under the intrusion policy itself:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/external_alerting_for_intrusion_events.html#ID-2212-00000110

 

However, when I look at the intrusion policy, I don't have an "Advanced option" or see anywhere I can enable syslog alerting for intrusion events.

 

Where do I need to go in the FMC to make sure intrusion events are sent to syslog? We are already sending Connection Events to syslog and have syslog enabled under the platform settings.

 

Thank you. 

0 Helpful
2 Replies 2

ChristopherCraddock66504
Level 1
Level 1
In response to balaji.bandi

‎04-27-2022 10:17 AM

Balaji,

 

Thank you for the response. For the life of me I cannot find this section. Can you tell me the exact path of where to find the advanced setting? I am looking at the Advanced settings of the ACP but cannot find this option. I am also not seeing any Advanced settings in the Intrusion Policy either. Running code 7.0.1.1.

 

Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card