FTD logging to Algosec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2021 05:57 AM
Has anyone here set up logging from FTD to Algosec? The only documentation I have found on the Algosec site with regards to logging was for ASA and there it stated that syslog message ID 106100 is needed. This syslog ID is not available in FTD after 6.2. So I am wondering if anyone has successfully set up logging towards Algosec and which syslog message IDs were used?
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2023 06:31 AM
Not using Algosec, running into a similar problem though. Have you ever managed to fix/solve it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2023 06:37 AM
Yes, solved this by enabling logging to syslog server under each ACP rule. Once I did this syslog was sent.
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2023 06:41 AM
Interesting. I have enabled logging for the majority of ACP rules (see screenshot attached), however, 106100 is not being sent. Maybe it is version specific - we're using 6.6.5.2 in this deployment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2023 06:53 AM
FTD doesn't use 106100, it uses the following:
430002 - log at beginning
430003 - log at end
Please remember to select a correct answer and rate helpful posts
