Cisco Cisco Firepower Management Center 4000

Protection

You can configure syslog alerting in an intrusion policy. After you apply the policy as part of an access 
control policy, the system notifies you of any intrusion events it detects via the syslog. For more 
information on syslog alerting, see 

.

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

You have two choices, depending on whether 

under External Responses is enabled:

If the configuration is enabled, click 

.

If the configuration is disabled, click 

, then click 

.

The Syslog Alerting page appears.

A message at the bottom of the page identifies the intrusion policy layer that contains the configuration. 
See 

 for more information.

Optionally, in the 

 field, enter the remote access IP address you want to specify as logging 

host. Separate multiple hosts with commas.

Select facility and priority levels from the drop-down lists.

See 

 for details on facility and priority options.

Save your policy, continue editing, discard your changes, revert to the default configuration settings in 
the base policy, or exit while leaving your changes in the system cache. See the 

 table for more information.

Protection

Email alerts are notifications of intrusion events by email. Email alerts include the following 
information:

total number of alerts in the database