Cisco Cisco Firepower Management Center 4000

Select 

, 

, 

, or a combination of these options to specify which ports you want to enable 

for these IP addresses.

Click 

.

The Access List page appears again, reflecting the changes you made. 

Click 

.

The system policy is updated. Your changes do not take effect until you apply the system policy. See 

 for more information.

Any

You can configure the system policy so that the appliance streams an audit log to an external host.

You must ensure that the external host is functional and accessible from the appliance sending the audit 
log.

The sending host name is part of the information sent. You can further identify the audit log stream with 
a facility, a severity, and an optional tag. The appliance does not send the audit log until you apply the 
system policy.

After you apply a policy with this feature enabled, and your destination host is configured to accept the 
audit log, the syslog messages are sent. The following is an example of the output structure:

Date Time Host [Tag] Sender: [User_Name]@[User_IP], [Subsystem], [Action]

where the local date, time, and hostname precede the bracketed optional tag, and the sending device 
name precedes the audit log message. 

For example:

Mar 01 14:45:24 localhost [TAG] Dev-DC3000: admin@10.1.1.2, Operations > Monitoring, Page 

View

Admin

Select 

.

The System Policy page appears.

You have the following options:

To modify the audit log settings in an existing system policy, click the edit icon (

) next to the 

system policy.

To configure the audit log settings as part of a new system policy, click 

.

Provide a name and description for the system policy as described in 

, and click 

.

In either case, the Access List page appears.

Click 

.