cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2446
Views
0
Helpful
1
Replies

Send Connection Events to syslog server

lorenzonerimail
Level 1
Level 1

Hello to everybody,

how can I send syslog for connection events (not Intrusion events) to an external syslog server?
Which facility and severity do have I set on Alerts configuration?

Thanks in advance
Lore

1 Reply 1

Ralph Rye
Level 1
Level 1

Lore,

The facility and severity is more relevant to the SYSLOG server than the configuration with FMC.  Usually the default of LOCAL0 and severity of INFO is fine.

You then need to add the SYSLOG server entry you created on each access control policy to have logging set.  Also remember to add it to the default action.

-Ralph

Review Cisco Networking for a $25 gift card