Hi,

Thanks for your help. If I disable logging for the access control rule, does it cause the intrusion log  not send to Firesight management center? How to enable/disable the intrusion event send to Firesight management center?

Best Regards,

Jackson Ku

Hi Jackson, 

If you have enabled the intrusion policy in inspection tab under any access control rule and 

you are disabling logging on that rule , in that case intrusion events will not come for that traffic in management center GUI but it will come for any other intrusion policy normally which is not in this access control rule.

Please mark and rate helpful posts.

Thanks,

Ankita

Hi,

I have tried if I disable the logging for some access control rule, both connection event and intrusion event not send to management center.

How can I configure per access control rule to send the intrusion event and file event to management center but not send the connect event to management center?

Best Regards,

Jackson Ku

Hello Jackson

Its expected that you dont receive connection events for those intrusion policies called out in the logging disabled AC policy.

Regards

Jetsy

How are you testing? It is highly probably that your intrusion events will be quiet unless you deliberately creating an event.

IPS and File events are handled outside of your ACL policy rule event connections. 
Basically Cisco designed the product that if it invokes an IPS/File event you will want to report and act on it. 

You can tweak how noisy the alerts are via Policy/ACTION/alerts area. However if you want to be quiet for particular networks over others, well i'm waiting to hear back after a couple of months as to the best way to do this (Correlation and IPS rules is not that scale able).

Hello Jackson,

Have you tried the steps and did it worked for you?

Regards

Jetsy