Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
826
Views
0
Helpful
1
Replies

Firepower syslog - from FMC1000 or direct from ASAs?

Jesserony
Level 1
Level 1

‎04-03-2023 10:00 AM

We have an FMC1000 in our data center. Our office Access Control Policies are configured to log connections and send them to a syslog server with SQL database local to the FMC1000.

Piece-by-piece we are moving our data center to a new location, and want to move the SQL server but arent ready to move the FMC and syslog server just yet. So if we move the SQL server, the syslog server will now be sending data to the SQL server across our WAN to the old data center.

I am wondering how much this will affect performance. So knowing how the SFR modules are currently sending syslog data will help. When someone in Florida accesses a web site, does it send the log info directly to the syslog server in New York, or does it send it to the FMC1000 in New York who in turn sends it to the syslog server?

 

Thanks,

Jesse

Labels:
0 Helpful
1 Reply 1

urathod
Cisco Employee
Cisco Employee

‎05-04-2023 12:05 AM

Based on your description, it seems that the FMC1000 is configured to receive syslog data from the SFR modules and then send it to the local SQL server. If you move the SQL server to a new location and keep the syslog server at the old data center, the syslog data will have to be sent across the WAN from the syslog server to the SQL server.

The impact on performance will depend on the amount of syslog data generated and the available bandwidth of your WAN link. If the amount of syslog data is relatively small and your WAN link has sufficient bandwidth, the impact on performance may be negligible. However, if the amount of syslog data is large and/or your WAN link is relatively slow, the impact on performance may be significant.

Regarding your question about how the SFR modules send syslog data, it depends on how they are configured. They can be configured to send syslog data directly to a syslog server or to send it to the FMC1000, which then sends it to the syslog server. You can check the configuration of your SFR modules to see how they are currently configured to send syslog data.

If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

0 Helpful
Customers Also Viewed These Support Documents