Configuring Cisco Devices - FirePOWER

Firewall Analyzer supports the following versions of various Cisco devices.

• Configuring Cisco ASA with FirePOWER services
• Configure logging for FirePOWER Threat Defense (FTD) via Firepower Management Center (FMC)

Configuring Cisco ASA with FirePOWER services

1.  Choose ASA Firepower Configuration > Policies > Actions > Alerts.
2.  From the Create Alert drop-down menu, choose Create Syslog Alert.
3.  Enter a Name for the alert.
4.  In the Host field, enter the hostname or IP address of Firewall Analyzer server.
5.  In the Port field, enter the port the server uses for syslog messages. By default, this value is 1514 in Firewall Analyzer server.
6.  From the Facility list, choose a facility LOCAL7.
7.  From the Severity list, choose a severity INFO.
8.  Click Save.

1. Navigate to ASA Firepower Configuration > Policies > Access Control Policy
2. Edit the access rule and navigate to logging option.
3. Select log at Beginning and End of Connection options.
4. Navigate to Send Connection Events to option , select Syslog, and then select a Syslog alert response.
5. Click Save.

For detailed configuration of ASA FirePOWER services refer the following documents:

• Configure-Logging-in-Firepower-Module-fo.pdf
• Configuring_External_Alerting.pdf

Configure logging for FirePOWER Threat Defense (FTD) via Firepower Management Center (FMC)

Refer the link given below:

• https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html