Firepower syslog alerts > Elastic SEIM

Praveen Kumar · ‎12-17-2023

I am currently working on sending Syslog alerts (events from the FTD rules) to Elastic SIEM, and I've been tasked with using TCP for this purpose. However, I couldn't find the TCP option in the FMC settings.

I thoroughly checked the official Cisco documentation at the following link: Cisco Documentation, specifically in Step 5 under "Creating a Syslog Alert Response" where you define the port number. Unfortunately, the documentation does not provide information on whether TCP is an available option.

I would greatly appreciate your assistance in clarifying whether TCP is indeed an option for Syslog alerts and, if so, how to configure it. Your insights and guidance on this matter would be invaluable.

Thank you in advance for your help.

Kasun Bandara · ‎12-17-2023

@Praveen Kumar hi, check this guide. when you adding syslog server, select the protocol.

Configure Logging on FTD via FMC - Cisco

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Praveen Kumar · ‎12-19-2023

Sorry, the link in my post was broken which I have already fixed. You can check that document then it will make more sense. These settings are for the firewall rules and not the platform. Thanks for your response.

Marius Gunnerud · ‎12-18-2023

Are you trying to send syslog from the FMC or from the FTD? If you are sending from FTD then the configuration is in platform settings under the syslog tab. When setting up syslog server destination there you will have the option to choose UDP or TCP for transport.

--
Please remember to select a correct answer and rate helpful posts

Praveen Kumar · ‎12-19-2023

Sorry, the link in my post was broken which I have already fixed. You can check that document then it will make more sense. These settings are for the firewall rules and not the platform. Thanks for your response.