Solved: Re: Syslog warning on FMC when deploying changes

ABaker94985 · ‎12-01-2021

Whenever a change is deployed, the following warning is displayed:

Access Policy: Logging: FTD-XXXXX
Warning: Access Control Policy Logging configuration is invalid. Access Control rules have syslog configured to use Access Control policy's logging configuration. Configure a valid syslog destination to avoid syslogs not being sent.

Syslog is configured under Devices | Platform Settings | Syslog | Syslog Servers, so I presume there is another setting elsewhere?

The following settings are also configured.

Under "Logging Setup" tab the following are checked: Enable Logging, Enable Logging on the failover standby unit, and Enable Logging to FMC (under VPN Logging Settings)

I appreciate any info associated with this warning. I get 0 hits when doing a Google search for this.

ABaker94985 · ‎12-01-2021

I believe I found the problem. Under Policies | Access Control, there was a Logging tab with nothing set. Once I entered the Syslog Alert and Severity, and also checked the box for "File and Malware Settings," the warning no longer pops up. I'll consider this closed. Thanks for your input.

View solution in original post

Rob Ingram · ‎12-01-2021

@ABaker94985 do you have syslogging enabled on one of the specific Access Control rules?

ABaker94985 · ‎12-01-2021

Yes, there are multiple rules with syslog.

ABaker94985 · ‎12-01-2021

I believe I found the problem. Under Policies | Access Control, there was a Logging tab with nothing set. Once I entered the Syslog Alert and Severity, and also checked the box for "File and Malware Settings," the warning no longer pops up. I'll consider this closed. Thanks for your input.

abalasekaran · ‎09-14-2023

Uncheck send to syslog on the default policy logging