Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1701
Views
0
Helpful
3
Replies

FMC Syslog

ccarrionm
Level 1
Level 1

‎12-23-2020 07:14 AM

Hi experts,

I have a ASA in multiple context with Firepower Services .

 

FMC version 6.2

In the FMC :

Analysis --> Connections/Intrusion --> Events : It show me the connections/intrusion for all customer.


Is it possible to only send intrusion events and connection events for one customer (context) to a syslog ?.I dont want to send all connection/intrusion event to this syslog.

Regards.

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-23-2020 09:23 AM

No. The Firepower service module has no information about what context is forwarding the traffic to it for analysis. Thus its events are all combined in FMC.

0 Helpful

ccarrionm
Level 1
Level 1
In response to Marvin Rhoads

‎12-23-2020 10:31 AM

Hi Marin,

Thanks for your time.

 

If I add a syslog in the ACP , can I meet the requirement?

 

Configuration for sending the Traffic Events:

https://www.manageengine.com/products/firewall/help/configure-cisco-firepower-firewalls.html

 

Regards

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ccarrionm

‎12-23-2020 06:47 PM

If a given ACP is specific to a given tenant (rare but one could postulate a use case in which it would apply) then, yes - that specific ACP could send syslog messages.

More commonly though, we don't use ACPs a lot with Firepower service modules in an ASA since the L3/L4 ACLs in the parent ASA (or ASA context) more commonly handle access control and the module is used more as a pure IPS with just an Intrusion policy (and maybe something like Geoblocking).

0 Helpful
Review Cisco Networking for a $25 gift card
Top