cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1354
Views
0
Helpful
4
Replies

How To Check What is Being Alerted on Firepower

SMAKT
Level 1
Level 1

All,

 

I know this is a simple question. I know that logging is enabled on the Firepower but unsure of how to check "what" is being alerted on?  Any help?

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Depends on what Event Log you were refering.  are you looking directly on FTD or using FMC?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

 

I am looking at the FMC, but I am not looking at the log. I know we are sending events to syslog but specifically what events is what I am trying to find out.

I would like to get more information on day to day monitoring of the FMC output, but I'll let you know the few things I'll monitor.

  One place I found was to review the output under Analysis> Connections> Events

 

  You can narrow your search to any specifics you want that are listed.  Select "Edit Search" in the upper left corner.  From the menu I mainly use the networking section.

 

  I used this tool once the suite was online to review anything that was being blocked or allowed that shouldn't.  Obviously this is a manual search, but I've found uses for it.

 

I actually found what I was looking for under Policy --> Action --> Alerts --> AMP Alerts and Policy --> Access Control ---> Intrusion.

Thanks for your response.

Review Cisco Networking for a $25 gift card