cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
770
Views
0
Helpful
2
Replies

SA540 Syslog Setup Problems

doug_counsil
Level 1
Level 1

When I try to enable "Output Blocking Event Log" under Logging Config, the checkbox to send IPS logging entries to the Syslog (Logs Facility And Severity) is automatically disabled.

Is this a known bug?  Is there a workaround.  Or is this by design?

Also, we have noticed that we are no longer getting very many IPS entries in the log after enabling Protectlink Web.  Is this because Protectlink is stopping the *intruders* before they get to the IPS layer?  All we have enabled in under Protectlink is Web Threat Protection (default of medium) and all entries under (Computers/Harmful) in URL Filtering.

Let me know if I'm not making sense.

2 Replies 2

doug_counsil
Level 1
Level 1

I hope the Cisco Engineers are reading these posts.  We really need to send IPS and Protectlink to our syslog server.  Right now they are mutually exclusive.  This is a bug and I don't know if Cisco is aware of it or not.

Best if you raise a ticket with Cisco SBSC and raise your concerns/issues with them and get the to forward them onto the development team. That way it will at least be past on to the relevant team instead of hoping they will read this thread.

Sent from Cisco Technical Support iPad App

Regards Simon