Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
12
Replies

Syslog in FMC

shaikh.zaid22
Level 1
Level 1

‎04-27-2023 06:18 AM

hi,

i am having ftd's managed via fmc running ver7.0.1 and the FMC is configured too forward vpn logs to syslog server which is a forescout NAC appliance.

Since we are not getting any logs in the destination, i want to know how to verify the vpn logs are being sent by FMC managment interface ip address or the active FTD device??

 

0 Helpful
12 Replies 12

Rob Ingram
VIP
VIP

‎04-27-2023 06:29 AM

@shaikh.zaid22 the syslogs are sent from the FTD to the configured syslog server.

If you are not receiving the logs run a packet capture to confirm the logs are being transmitted and double check the configuration.

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to Rob Ingram

‎04-27-2023 12:28 PM

Rob can u share the packet capture cpmmand.

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to shaikh.zaid22

‎05-01-2023 06:03 AM

Hi rob,

Can u pls provide the command or the doc pls

0 Helpful

MHM Cisco World
VIP
VIP

‎04-27-2023 06:39 AM

Can I know ftd  platform you have ?

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to MHM Cisco World

‎04-27-2023 12:28 PM

FTDs model is 2110

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-27-2023 09:47 AM

Adding to what @Rob Ingram said, the syslog message should originate from the management address of the active FTD (assuming you have it setup properly in the platform settings).

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to Marvin Rhoads

‎04-27-2023 12:29 PM

Thanks Marvin

I have configured specific ravpn logs only to be forwarded to syslog server. 

0 Helpful

MHM Cisco World
VIP
VIP

‎05-01-2023 06:50 AM

Access to mgnt interface of ftd 

Then 

System support diagnostics cli

Then

Ping to syslog server <<- are ping success ?

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to MHM Cisco World

‎05-01-2023 10:35 AM

yes its pingable from ftd.

0 Helpful

MHM Cisco World
VIP
VIP
In response to shaikh.zaid22

‎05-01-2023 10:45 AM - edited ‎05-01-2023 11:00 AM 

firepower# sh run logging <<- can I see this

few more tips to check 
are there any  other FW between the Syslog and FTD ? are log UDP port is Open ? are the Syslog listen to UDP or TCP port ?
what is accept log format by Syslog?

0 Helpful

shaikh.zaid22
Level 1
Level 1
In response to MHM Cisco World

‎05-01-2023 11:09 AM

Sure will provide the log.

No FW in between. UDP port 514 is open and working for other traffic. Whenever ravpn client connects or disconnects this info is not coming-in to the syslog.

0 Helpful

MHM Cisco World
VIP
VIP
In response to shaikh.zaid22

‎05-01-2023 11:15 AM

if traffic log is send and only RAVPN is not what is level of logging you use ?

Any VPN syslogs that are displayed have a default severity level ‘ERROR’ or higher (unless changed). VPN logging is managed through FTD platform settings.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card