logging issues in Cisco FTD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2018 01:08 PM - edited 02-21-2020 07:40 AM
Hello
i have got an issue in FTD logging.
i have configured logging in Cisco Firepower 4110 running FTD 6.2.2 and i have configured logging to log from all connections and sessions.
i have NAT on the FTD and logs of NAT doesn't display the public IP of the users although i can see these public ip addresses from using "show xlate " command.
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2018 01:02 PM
if you look at packet flow through FTD, you can see addition of NAT IP header is after the prefilter/ACP/Snort treatment, so the logs are being sent when it hits the ACP, which is before the NAT IP header addition (xlate table).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2018 10:19 PM
In addition to what @mohanB correctly noted, you do have the option of configuring a Netflow export using FlexConfig. The NSEL format will include the NATted address.
