Cisco Cisco ASA 5506W-X with FirePOWER Services Manual Técnica
ASA Firepower modules (ASA 5506X/5506H-X/5506W-X, ASA 5508-X, ASA 5516-X )
running software version 5.4.1 and above
running software version 5.4.1 and above
●
ASA Firepower module (ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X) running
software version 6.0.0 and above.
software version 6.0.0 and above.
●
ASDM 7.5(1) and above.
●
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Background Information
Type of Events
Firepower Module events can be categorized in two types:-
Traffic Events (Connection events/Intrusion Events/Security Intelligence Events/SSL
Events/Malware/File Events).
Events/Malware/File Events).
1.
System Events (Firepower Operating System (OS) events).
2.
Configure
Configuring an Output Destination
Step 1. Syslog Server Configuration
To configure a Syslog Server for traffic events, Navigate to Configuration > ASA Firepower
Configuration > Policies > Actions Alerts and click the Create Alert drop-down menu and
choose option Create Syslog Alert. Enter the values for the Syslog server.
Configuration > Policies > Actions Alerts and click the Create Alert drop-down menu and
choose option Create Syslog Alert. Enter the values for the Syslog server.
Name: Specify the name which uniquely identifies the Syslog server.
Host:Specify the IP address/hostname of Syslog server.
Port: Specify the port number of Syslog server.
Facility: Select any facility that is configured on your Syslog server.
Severity: Select any Severity that is configured on your Syslog server.
Tag: Specify tag name that you want to appear with the Syslog message.