Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1649
Views
1
Helpful
3
Replies

NAT logs on FTD managed by FMC

Go to solution
Marius Gunnerud
VIP
VIP

‎06-16-2023 02:14 AM

Does anyone know if and where there are NAT log files on the FTD?  I have been going through most of the log files in expert mode but have not been able to find anything related to NAT yet. @Marvin Rhoads @MHM Cisco World @Rob Ingram @Sheraz.Salim  Have any of you come across a log file where this is noted?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎06-16-2023 02:56 AM - edited ‎06-16-2023 02:58 AM

@Marius Gunnerud In order to get the syslog you have to go/configure syslog in LINA. Is your FTD is managed through FMC if so yes in that case you can see the live-log or the syslog logs according to your FMC setting.

but coming back to your question in FTD Expert mode no you wont find the NAT logs.

 

A kind of similar question was ask Here might it help you

please do not forget to rate.

View solution in original post

3 Replies 3

Go to solution
Sheraz.Salim
VIP
VIP

‎06-16-2023 02:56 AM - edited ‎06-16-2023 02:58 AM

@Marius Gunnerud In order to get the syslog you have to go/configure syslog in LINA. Is your FTD is managed through FMC if so yes in that case you can see the live-log or the syslog logs according to your FMC setting.

but coming back to your question in FTD Expert mode no you wont find the NAT logs.

 

A kind of similar question was ask Here might it help you

please do not forget to rate.

Go to solution
Marius Gunnerud
VIP
VIP

‎06-16-2023 03:16 AM

That is what I though, but was hoping there was someone out there that knows something that I do not.

The thing is that due to the amount that is being logged by FMC the traffic that I am looking for has been overwritten in FMC.  I only have the public IP and I need to find the internal IPs that were associated with that IP on a specific day.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Marius Gunnerud

‎06-16-2023 05:18 AM - edited ‎06-16-2023 05:18 AM

Sorry @Marius Gunnerud, what I know is reflected in the other thread which @Sheraz.Salim linked. The NAT is part of the connection event which is stored in that Monetdb database table and not in any flat file (as far as I know).

In addition to syslog, you could also choose to send Netflow off to a collector / system like Secure Network Analytics. SNA has quite extensive data retention and could show you a NAT associated with a given connection or flow from days or weeks ago.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card