Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3018
Views
0
Helpful
4
Replies

FTD logging to Algosec

Marius Gunnerud
VIP
VIP

‎05-12-2021 05:57 AM

Has anyone here set up logging from FTD to Algosec?  The only documentation I have found on the Algosec site with regards to logging was for ASA and there it stated that syslog message ID 106100 is needed.  This syslog ID is not available in FTD after 6.2. So I am wondering if anyone has successfully set up logging towards Algosec and which syslog message IDs were used?

--
Please remember to select a correct answer and rate helpful posts
1 person had this problem
0 Helpful
4 Replies 4

1_am_r00t
Level 1
Level 1

‎06-29-2023 06:31 AM

Not using Algosec, running into a similar problem though. Have you ever managed to fix/solve it?

0 Helpful

Marius Gunnerud
VIP
VIP
In response to 1_am_r00t

‎06-29-2023 06:37 AM

Yes, solved this by enabling logging to syslog server under each ACP rule.  Once I did this syslog was sent.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

1_am_r00t
Level 1
Level 1
In response to Marius Gunnerud

‎06-29-2023 06:41 AM

Interesting. I have enabled logging for the majority of ACP rules (see screenshot attached), however, 106100 is not being sent. Maybe it is version specific - we're using 6.6.5.2 in this deployment.

acp_rule.PNG
Preview file
15 KB
0 Helpful

Marius Gunnerud
VIP
VIP
In response to 1_am_r00t

‎06-29-2023 06:53 AM

FTD doesn't use 106100, it uses the following:

430002 - log at beginning

430003 - log at end

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Review Cisco Networking for a $25 gift card
Top