Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1356
Views
0
Helpful
4
Replies

How To Check What is Being Alerted on Firepower

SMAKT
Level 1
Level 1

‎03-31-2020 10:06 AM

All,

 

I know this is a simple question. I know that logging is enabled on the Firepower but unsure of how to check "what" is being alerted on?  Any help?

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-31-2020 11:00 AM

Depends on what Event Log you were refering.  are you looking directly on FTD or using FMC?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SMAKT
Level 1
Level 1
In response to balaji.bandi

‎03-31-2020 11:27 AM

 

I am looking at the FMC, but I am not looking at the log. I know we are sending events to syslog but specifically what events is what I am trying to find out.

0 Helpful

dewey89
Level 1
Level 1
In response to SMAKT

‎03-31-2020 02:20 PM

I would like to get more information on day to day monitoring of the FMC output, but I'll let you know the few things I'll monitor.

  One place I found was to review the output under Analysis> Connections> Events

 

  You can narrow your search to any specifics you want that are listed.  Select "Edit Search" in the upper left corner.  From the menu I mainly use the networking section.

 

  I used this tool once the suite was online to review anything that was being blocked or allowed that shouldn't.  Obviously this is a manual search, but I've found uses for it.

0 Helpful

SMAKT
Level 1
Level 1
In response to dewey89

‎04-02-2020 11:12 AM

 

I actually found what I was looking for under Policy --> Action --> Alerts --> AMP Alerts and Policy --> Access Control ---> Intrusion.

Thanks for your response.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card