Hello
i have got an issue in FTD logging.
i have configured logging in Cisco Firepower 4110 running FTD 6.2.2 and i have configured logging to log from all connections and sessions.
i have NAT on the FTD and logs of NAT doesn't display the public IP of the users although i can see these public ip addresses from using "show xlate " command.
if you look at packet flow through FTD, you can see addition of NAT IP header is after the prefilter/ACP/Snort treatment, so the logs are being sent when it hits the ACP, which is before the NAT IP header addition (xlate table).
In addition to what @mohanB correctly noted, you do have the option of configuring a Netflow export using FlexConfig. The NSEL format will include the NATted address.