05-29-2019 03:15 PM - edited 02-21-2020 09:39 PM
Community,
Has anyone been able to successfully get syslog messages from an FTD device for successful or failed authentication attempts via SSH? I have my FTD appliances (FirePOWER 2130 and FTD Cisco ISA 3000s) sending logs to a remote syslog server. I see the intrusion and acl logs but not user authentication logs. Any feedback would be appreciated.
Solved! Go to Solution.
07-02-2019 05:28 AM
@PETER AGENGO thanks for keeping the community updated.
07-18-2019 06:19 AM
Worked with Cisco Engineers to check out their proposed solution to this issue. The solution will be included in their patch release or maintenance release slated for end of August.
10-23-2020 01:33 PM
After working with support did the original solution work?
08-07-2019 07:33 AM
Thanks so much for posting this! I have been pulling my hair out! I can't believe this isn't a simple feature that would be included on day ONE!
08-08-2023 07:25 PM
FYI. This has never been resolved. Same issues in 7.3.0. They say the syslog for Authentacation only works when running ASA code. If running FTD image then you have to look for the SSHD messages. They have opened a Firestarter Feature Enhancement.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide