cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1139
Views
0
Helpful
12
Replies

Syslog in FMC

shaikh.zaid22
Level 1
Level 1

hi,

i am having ftd's managed via fmc running ver7.0.1 and the FMC is configured too forward vpn logs to syslog server which is a forescout NAC appliance.

Since we are not getting any logs in the destination, i want to know how to verify the vpn logs are being sent by FMC managment interface ip address or the active FTD device??

 

12 Replies 12

@shaikh.zaid22 the syslogs are sent from the FTD to the configured syslog server.

If you are not receiving the logs run a packet capture to confirm the logs are being transmitted and double check the configuration.

Rob can u share the packet capture cpmmand.

Hi rob,

Can u pls provide the command or the doc pls

Can I know ftd  platform you have ?

FTDs model is 2110

Marvin Rhoads
Hall of Fame
Hall of Fame

Adding to what @Rob Ingram said, the syslog message should originate from the management address of the active FTD (assuming you have it setup properly in the platform settings).

Thanks Marvin

I have configured specific ravpn logs only to be forwarded to syslog server. 

Access to mgnt interface of ftd 

Then 

System support diagnostics cli

Then

Ping to syslog server <<- are ping success ?

yes its pingable from ftd.

firepower# sh run logging <<- can I see this

few more tips to check 
are there any  other FW between the Syslog and FTD ? are log UDP port is Open ? are the Syslog listen to UDP or TCP port ?
what is accept log format by Syslog?

Sure will provide the log.

No FW in between. UDP port 514 is open and working for other traffic. Whenever ravpn client connects or disconnects this info is not coming-in to the syslog.

if traffic log is send and only RAVPN is not what is level of logging you use ?

Any VPN syslogs that are displayed have a default severity level ‘ERROR’ or higher (unless changed). VPN logging is managed through FTD platform settings.

Review Cisco Networking for a $25 gift card