Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
160
Views
0
Helpful
1
Replies

Unable to find FTD deny logs in syslog

noorzahreth
Level 1
Level 1

‎03-02-2025 07:55 PM

Subject: Assistance Required – Missing FTD Deny Logs in Syslog

Hi All,

We are experiencing an issue where FTD deny logs are not appearing in the syslog. Previously, we were able to see blocked attempts in FMC, but the corresponding logs are not found in syslog.

Issue Details:

  • FMC displays blocked results, but syslog only shows connection build and teardown logs.
  • We have deny rules configured for malicious IPs, but no deny logs are visible in syslog.
  • This makes it unclear whether the malicious traffic is successfully blocked.

Request for Assistance:

  1. Confirm the correct Syslog ID for denied inbound access events.
  2. Verify if the Syslog ID is already implemented and troubleshoot why deny logs are missing.

System Information:

  • FTD 4110 Version: v7.0.6.2 (Build 65)
  • FMC 2700 Version: v7.4.2.1 (Build 30)

Kindly advise on the next steps. Your support is much appreciated.

0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎03-04-2025 02:38 PM

Based on the information provided, my understanding is that you want to send blocked Security Intelligence events to syslog. If that is correct, do you have the option "Syslog Server" checked under the Network Block List Logging Option?

nspasov_1-1741127888598.png

 

nspasov_0-1741127875234.png

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card