05-03-2019 06:47 AM
I have tried configure FirePower to log malware events to my syslog server, but I am not seeing the events in logs.
I have enabled syslog logging for both retrospective events (whatever that means) and all network-based malware events. And, I have enabled email alerts for the latter (which is working btw).
Is this a bug or is there something else I need to do here to get this to work? Will the malware logs be sourced from the FMC server or from the SFR sensors on the ASA's?
Thanks in advance.
Solved! Go to Solution.
05-03-2019 08:47 AM
Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.
Source is the FMC btw, not the sensors. Same goes for intrusion events.
Hopefully this helps someone else in the future. lol
Cheers.
05-03-2019 08:47 AM
Well, as soon as I posted this, I discovered that the FMC was indeed logging these events to syslog.
Source is the FMC btw, not the sensors. Same goes for intrusion events.
Hopefully this helps someone else in the future. lol
Cheers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide