Cisco Cisco Firepower Management Center 2000
2-13
FireSIGHT User Agent Configuration Guide
Chapter 2 Setting up a User Agent
Configuring a User Agent
You must add at least one Defense Center to the agent to report user login and logoff data.
•
.
Configuring User Agent Defense Center Connections
License:
FireSIGHT
You can add connections to up to five Defense Centers from an agent. From the agent, you can also view
the Defense Center status at the time the tab is selected (
the Defense Center status at the time the tab is selected (
available
,
unavailable
, or
unknown
when the
agent first starts) and the last login reported by the agent. Before you add a connection, make sure you
add the agent to the Defense Center configuration. For more information, see
add the agent to the Defense Center configuration. For more information, see
or
.
In a high availability configuration, add both Defense Centers to the agent to enable update of user login
and logoff data to both the primary and the secondary so the data remains current on both.
and logoff data to both the primary and the secondary so the data remains current on both.
To configure Defense Center connections:
Access:
Any
Step 1
Select the
Sourcefire DCs
tab.
Step 2
Click
Add
.
Step 3
Type the hostname or IP address of the Defense Center you want to add.
Step 4
Click
Add
.
The Defense Center connection configuration is added. You cannot add a hostname or IP address more
than once. You should not add a Defense Center by both hostname and IP address. If the Defense Center
is multihomed, you should not add it multiple times using different IP addresses.
than once. You should not add a Defense Center by both hostname and IP address. If the Defense Center
is multihomed, you should not add it multiple times using different IP addresses.
If you have more than one Defense Center connection configured, you can sort on
Host
,
Status
, or
Last
Reported
by clicking on the respective column headers.
Note
If the agent cannot connect to a Defense Center at configuration time, it cannot add that Defense
Center. Check that the agent has TCP/IP access to the Defense Center.
Center. Check that the agent has TCP/IP access to the Defense Center.
Step 5
To save and apply configuration changes to the agent, click
Save
. The updated settings are applied to the
agent.
Step 6
You have the following options:
•
Optionally, to add or remove user names to or from the excluded user name list, select the
Excluded
Usernames
tab. For more information, see
.
•
Optionally, to add or remove IP addresses to the excluded IP address list, select the
Excluded
Addresses
tab. For more information, see
.
•
Optionally, to view the log message and configure logging, select the
Logs
tab. For more information,
see
.
•
Optionally, to configure general agent settings, select the
General
tab. For more information, see