Solved: Too many syslog configurations

rosarra · ‎03-30-2022

Sorry for the perhaps obvious question but I got slightly lost. What is the difference between the syslog configuration set under FMC-Devices-Platform Settings and the one that is done under FMC-Policies-Logging?
My goal is to get the Policies log like on the old ASA firewalls. Is a stupid question but I don't understand the scope of a multiple settings.

FMC v. 7.1.0.1 FTD v. 7.0.1.84

Udupi Krishna. · ‎03-30-2022

Logging option under policies is meant to generate connections events. These events in turn are visible when using "search" events on FMC for historical data/actions taken by FTD etc.

Syslog in the platform settings on the other hand is meant to send device, system or network delated information to a centralised server.

More info here - https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/platform_settings_for_firepower_threat_defense.html#concept_8637BBD154854CA498A2DA66D55A115E

Here's a guide to setting up syslog on FTD via FMC - https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html

View solution in original post

Udupi Krishna. · ‎03-30-2022

Logging option under policies is meant to generate connections events. These events in turn are visible when using "search" events on FMC for historical data/actions taken by FTD etc.

Syslog in the platform settings on the other hand is meant to send device, system or network delated information to a centralised server.

More info here - https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/platform_settings_for_firepower_threat_defense.html#concept_8637BBD154854CA498A2DA66D55A115E

Here's a guide to setting up syslog on FTD via FMC - https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html