Real time FTD logging for troubleshooting similar to ASDM

babiojd01 · ‎04-02-2020

HI Community, i am curious how everyone else is handling the realtime logging of FTD traffic to assist in troubleshooting a deployment? We already have a siem but I am more interested in the immediate feedback like ASDM gave you. My initial thought was local syslog server installed on your pc. I then thought it might be easier to use a central server that everyone has access to in order to see real time logs.

balaji.bandi · ‎04-02-2020

How are you managing FTD using FMC, if your Access rule enabled the Logging, you can view real time on FMC ?

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html#anc8

you can also do with FDM :

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/fdm/fptd-fdm-config-guide-620/fptd-fdm-monitor.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

babiojd01 · ‎04-02-2020

I meant more so that permit deny behavior that ASDM gave you in the asdm log viewer. It would be managed by an FMC not FDM.

balaji.bandi · ‎04-03-2020

From FMC you can view the Log events, not as expected like ASDM, it was small delay that was designed to work for now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

giovanni.augusto · ‎04-02-2020

Hi,

I think this is a very good question, even if it's true that there are other options to inspect logs it's also true that these methods are not as immediate as ASDM real time view is.

Also connection events in FMC are not realtime and FMC is much slower than ASDM and the question is about troubleshooting so it means you need something fast like 1...2...3 check :)

I wish there would be an option for local log view directly on the FTD, just to offload the FMC