Cisco ASA with FirePOWER services

Cisco ASA with FirePOWER services

Creating a Syslog Alert Response

1.  Choose ASA Firepower Configuration > Policies > Actions > Alerts.

2.  From the Create Alert drop-down menu, choose Create Syslog Alert.

3.  Enter a Name for the alert.

4.  In the Host field, enter the hostname or IP address of “Log Collector”.

5.  In the Port field, enter the port the server uses for syslog messages. Please check Appendix A for default port list.

6.  From the Facility list, choose a facility LOCAL7.

7.  From the Severity list, choose a severity INFO.

8.  Click Save.

Configuration for sending the Traffic Events

1. Navigate to ASA Firepower Configuration > Policies > Access Control Policy

2. Edit the access rule and navigate to logging option.

3. Select log at Beginning and End of Connection options.

4. Navigate to Send Connection Events to option , select Syslog, and then select a Syslog alert response.

5. Click Save.

 https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html