Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
906
Views
0
Helpful
8
Replies

fmc syslog

shaikh.zaid22
Level 1
Level 1

‎01-03-2023 09:32 AM

hi,

i have ftd with fmc running 7.0.1, i have configured the syslog server to send the remote vpn syslogs to a NAC for posture and compliance check. Now the logs are showing up in the NAC, but, in encrypted format not in cleartext.

Kind assistance is required, if anybody knows how to send syslogs in cleartext to external syslog server from fmc.

 

Labels:
0 Helpful
8 Replies 8

marce1000
VIP
VIP

‎01-03-2023 10:14 AM

 

 - Are you sure this is not related to the NAC handling of the logs ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-03-2023 10:15 AM

what NAC here ?

how is your syslog config TCP or UDP ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to balaji.bandi

‎01-03-2023 10:28 AM

Hi marce and balaji,

Yes it is a forescout NAC, we are configuring for VPN events and then apply compliance policy. However, the logs are not readable. I was wondering whether it is the job of the forescout parser or fmc is sending syslogs in unreadable format.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to shaikh.zaid22

‎01-04-2023 01:24 PM

personally, never seen this issue before until we missing something here?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to balaji.bandi

‎01-03-2023 10:29 AM

We are sending UDP 514 ports.

0 Helpful

Marius Gunnerud
VIP
VIP

‎01-04-2023 12:40 PM

Syslog from the FMC should not be encrypted, Are you sure you are not using eStreamer?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to Marius Gunnerud

‎01-04-2023 08:11 PM

We have Forescout NAC, wherein we are capturing VPN logs, which is not showing in plaintext.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to shaikh.zaid22

‎01-05-2023 12:24 AM

That is a bit odd, you should be seeing the permit / deny logs received on the "inside" interfaces.  Do you have sysopt connection permit-vpn enabled?  If you have this enabled you could try disabling it, but then be aware that you need to configure access rules on the outside interface for the VPN traffic, and then enable syslog for those rules.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card