05-27-2017 10:29 PM - edited 02-21-2020 06:05 AM
Hi Guys, I am trying to add syslog servers in logging of a specific access policy rule. I have created an new syslog server for the same. I want to add multiple syslog servers for the same. Please let know if this is a limitation from FMC. since i am not able to find if we can have multiple syslog servers configured for the rules.
Thanks,
Arjun
05-28-2017 12:37 PM
Hello Arjun,
unfortunately this is not possible at the moment. You can consider to configure eStreamer for Connection events towards multiple clients, so you can have same information on multiple-servers. Probably that would fit your requirement the best. Many of available syslogs servers act as eStreamer client, so most likely you dont need to deploy separate machines.
There is option for multiple syslog servers for Data-path/ASA logging part on FTD appliance. But for Firepower/Snort part applies above what I have mentioned.
Best regards,
Veronika
05-28-2017 12:49 PM
Additionally here is enhancement request for your requirement:
CSCuz17592 - [ENH] Send syslog messages to more than one client.
You can keep track of it, by saving bug. you will get notification when status changes(get resolved) or if this is something critical to your business to have it implemented, please reach out to your Cisco Account team representative.
Best regards,
Veronika
11-21-2017 07:51 AM
We have two syslog servers managed by two different teams and they both need the same syslog data. This feature would be very nice to have.
06-25-2018 02:29 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide