02-18-2019 08:35 AM - edited 03-12-2019 07:17 AM
Is there a way to configure FTD to write syslog messages for changes to the NAT table? We'd like to be able to find which device on our network did a thing based on reports sent from external sources, but we can't without having a record of which device was using which port at a specific time.
Thanks!
02-19-2019 02:41 AM
02-19-2019 10:45 AM
I considered that, but don't see any meaningful Syslog messages relating to NAT. The only NAT related messages I see are like this:
Feb 19 2019 10:22:06 firepower syslog-ng[2115]: Log statistics; processed='source(msgs)=2296389', processed='global(payload_reallocs)=2369603', processed='src.none()=0', stamp='src.none()=0', processed='global(internal_queue_length)=0', processed='global(msg_clones)=0', processed='destination(cron_destination)=2907', processed='src.internal(msgs#2)=15233', stamp='src.internal(msgs#2)=1550596326', processed='global(sdata_updates)=0', processed='destination(messages_destination)=1540934', processed='center(received)=2296389', processed='center(queued)=1543841'
That isn't particularly helpful, since it doesn't say what IP addresses are involved or anything. Do I need to change something to get the information I care about logged?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide