Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2459
Views
0
Helpful
2
Replies

Firepower URL Logging to Syslog

darreng
Level 1
Level 1

‎04-06-2016 09:51 AM - edited ‎03-10-2019 06:35 AM

Would appreciate if someone could give me a pointer.

I have a 5525X running Firepower (Protection, URL, Malware and Control licence). I have a basic Access Contol policy with a few URL's Categories defined and a seperate URL I defined for testing. I have a default policy underneath that calls a base Intrusion policy. The URL policy and Base Intrusion policy are set to Log to a syslog server.

I don't see URL's logged on the syslog although they do appear in the Management Centre. The IPS policies log to the syslog.

The Access Control policy does have the syslog defined and the box for 'log at the beginning of the connection' is checked. I went thought the config guide (v6.X) and picked out those items that referred to syslog. I'm not sure why the URL logging isn't working.

All I want to see is the URL's (IP and URL info) information on the syslog, currently syslog is set to facility: Local 1 and severity: info as requested by my Linux admin.

Note the device is in monitor mode only at present.

Regards

Darren

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Dennis Perto
Level 5
Level 5

‎11-17-2016 09:55 AM

Try making a rule at the very top of your access control policy with the action of "Monitor". 

Under the URL tab you add a single URL like "dummy.url". 

Remember to log to both event viewer and syslog. :) 

0 Helpful

dncl
Level 1
Level 1

‎06-26-2018 05:28 AM

Was there ever a solution found for this?

We are experiencing the same problem... basically only blocked traffic is being sent to our Syslog server, and our Defense Center logs roll fairly quickly so troubleshooting is nearly impossible.

0 Helpful
Review Cisco Networking for a $25 gift card
Top