Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1078
Views
1
Helpful
2
Replies

Integrating Cisco Firewall Firepower 3120 to Azure Sentinel Via Syslog

RifqiPrasetio86
Level 1
Level 1

‎04-04-2024 11:18 PM

Hi, Cisco!

I'm Rifqi, an Security Engineer.

I have a case where I haven't found documentation for ingesting logs from Cisco Firewall Firepower 3120 to Azure Sentinel via Syslog Server (Rsyslog). Can you help me find this documentation or guide me through the implementation of ingesting logs from Cisco Firewall Firepower 3120 to Azure Sentinel via Syslog Server (Rsyslog)?

0 Helpful
2 Replies 2

RifqiPrasetio86
Level 1
Level 1
In response to MHM Cisco World

‎04-07-2024 07:56 PM

Hi thank you for your reply..

Yesterday, I tried following the documentation you provided, with the configuration in FMC as the first step to enable sending Audit Logs to syslog and registering the host device on the 'Audit Log' tab. Then, I also added the syslog server device in the 'Devices' menu, along with its port. After that, I made sure to open port 514 (UDP & TCP) on the Syslog Server to allow the logs to come in. However, strangely, after waiting for about 30 minutes, the logs still didn't come into the Syslog Server.

I tried running the following command to check if the Cisco Firewall logs had already come in or not: 'sudo tail /var/log/syslog'. Are there any suggestions regarding the steps that I might have missed?

I am looking forward to hearing from you soon.

Thank you

Regards,

0 Helpful
Customers Also Viewed These Support Documents