Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1174
Views
5
Helpful
0
Replies

Firepower traffic syslogs are sent with (null) instead of the hostname or IP address

ZorikM
Level 1
Level 1

‎11-07-2018 11:43 PM - edited ‎03-12-2019 07:04 AM

Hi all,

 

I'm having an issue with Firepower Syslog, for some reason, I get the Syslog from the FMC with (null) in the place where the sender FTD IP or hostname should be.

I'm using a pure Firepower installation (not an upgrade from ASA) version 6.3.0 and I have another setup with the same problem of version 6.2.3.

 

The Syslog is looking like this:

 

Nov  6 15:05:02 (null) : %FTD-7-430002:Protocol: icmp, SrcIP: 10.255.0.130, DstIP: 10.255.0.2, ICMPType: Echo Request, ICMPCode: No Code, Policy: Default, ConnectType: Start, AccessControlRuleName: shay_traffic_test, AccessControlRuleAction: Allow, Prefilter Policy: Default Prefilter Policy, UserName: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 98, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity

Have anyone came across such a problem? Does anybody know how can I fix this?

Labels:
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card