Solved: Policy Deployment Alert for Cisco FMC

NeWGuy1109 · ‎10-24-2019

Hello,

I want to configure alerts for FMC in such a way that every time a policy is deployed the intended recipients should receive an email. Is it possible to configure this functionality in FMC ? I am aware about the IPS/correlation/Health notifications but not sure about policy deployment alerts.

Marvin Rhoads · ‎10-24-2019

As of the current FMC 6.5 we can only do that if the policy deployment was a scheduled task.

Manual deployments cannot currently be highlighted with an email from FMC.

View solution in original post

Marvin Rhoads · ‎10-24-2019

As of the current FMC 6.5 we can only do that if the policy deployment was a scheduled task.

Manual deployments cannot currently be highlighted with an email from FMC.

NeWGuy1109 · ‎10-25-2019

Thank you for the reply Marvin..

Is there any other way to configure email alerts for whatever changes done on the FMC or FTD.. like audit logs that can be sent through email notifications?

Marvin Rhoads · ‎10-25-2019

You can tell FMC to send a daily change reconciliation report but it's really a holdover from the Sourcefire days and only includes changes to the Intrusion Policy - not other bits such as Access Control Policy or Platform Settings changes.

You do get an audit log message and you can tell FMC to send its audit logs to an external syslog server. Depending on the syslog server, you could tell it to watch for certain messages and escalate those as an email. for example, Solarwinds NPM can do this.

Here's an example of the message that's generated as a result of a successful deployment:

(I just pointed FMC auditing syslog destination to a Windows server and ran Wireshark on it with a capture filter of udp/514 (syslog).)