Solved: Re: FTD 3150 Standby firewall logging issue

adity · ‎03-05-2024

Hi Community expert,

I need your help to under the below requirement.

Current scenario: We have cisco Firepower 3150 manage by FMC, we have seen that the active firewall logs are receiving on syslog server but standby firewall logs are not coming on the syslog.

Old scenario: previously we had ASA 5516 in that firewall I had configured "logging standby" for getting logs from standby firewall.

So kindly help me if we have same configuration in Firepower.

Marius Gunnerud · ‎03-06-2024

What type of logs are you expecting to see from the standby device? Typically you will not see any traffic syslog from the standby device as all traffic is being passed through the primary / active device.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

MHM Cisco World · ‎03-05-2024

there is option to enable logging on the standby unit

MHM

adity · ‎03-05-2024

Thank you for the help, I got the option and I enabled it but yet not receiving the logs

MHM Cisco World · ‎03-06-2024

If you can access to standby

System support diagnostics-cli

Show run log

Check if logging is enable

If it enable then

Syslog setting some message is by defualt not send to server you need to allow ftd send failover message to server.

MHM

adity · ‎03-06-2024

Status of log is enable......

but logs not going

At server end, I have cross checked the configuration too.

Max Jobs · ‎03-05-2024

Hi Adity,

In Cisco FTD on Firepower 4100/9300 Series appliances, you typically don't configure syslog directly on the standby unit like you would on the ASA with the "logging standby" command. Instead, you configure syslog settings at the FMC level, and it synchronizes the settings to both the active and standby Firepower devices.

Marius Gunnerud · ‎03-06-2024

What type of logs are you expecting to see from the standby device? Typically you will not see any traffic syslog from the standby device as all traffic is being passed through the primary / active device.

--
Please remember to select a correct answer and rate helpful posts

adity · ‎03-06-2024

It means if Failover happen and traffic shift on the secondary FW then logs will send via that firewall....

MHM Cisco World · ‎03-06-2024

I already inform you before
""Syslog setting some message is by defualt not send to server you need to allow ftd send failover message to server.""
if you dont see failover log message check Syslog setting
thanks

MHM

Marius Gunnerud · ‎03-07-2024

Correct.

--
Please remember to select a correct answer and rate helpful posts

MHM Cisco World · ‎03-07-2024

FYI

gabriel garciaf · ‎03-07-2024

Hi guy

The reason is becouse in Firepower HA the main set up is in the active and the stanby no receive traffic, its not the same way that in ASA, if you want to do a test change the passive to active and goin to see the logs, but the appliance that now is standby not seeing more logs.

Or what is the reason that you need the stadby logs?