Cisco Cisco Firepower Management Center 2000

The Audit Log Settings page appears.

Select 

 from the 

 drop-down menu. (The default setting is 

.)

Designate the destination host for the audit information by using the IP address or the fully qualified 
name of the host in the 

 field. The default port (514) is used. 

If the computer you configure to receive an audit log is not set up to accept remote messages, the host 
will not accept the audit log.

Select a syslog facility from the 

 field.

Select a severity from the 

 field. 

Optionally, insert a reference tag in the 

field.

To send regular audit log updates to an external HTTP server, select 

 from the 

 drop-down list. The default setting is 

.

In the 

 field, designate the URL where you want to send audit information. You must enter 

an URL that corresponds to a listener program that expects the HTTP POST variables as listed:

subsystem

actor

event_type

message

action_source_ip

action_destination_ip

result

time

tag

 (if defined, as above)

To allow encrypted posts, you must use an HTTPS URL. Note that sending audit information to an 
external URL may affect system performance.

Click 

.

The system policy is updated. Your changes do not take effect until you apply the system policy to the 
Defense Center and its managed devices. See 

information. 

Any

Normally, when a user logs into an appliance, the appliance verifies user credentials by comparing the 
credentials to a user account stored in the appliance’s local database. However, if you create an 
authentication object referencing an external authentication server, you can apply in the system policy 
to let users logging into the Defense Center or managed device authenticate to that server, rather than 
using the local database.