Cisco Cisco Firepower Management Center 2000
50-11
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
The Audit Log Settings page appears.
Step 4
Select
Enabled
from the
Send Audit Log to Syslog
drop-down menu. (The default setting is
Disabled
.)
Step 5
Designate the destination host for the audit information by using the IP address or the fully qualified
name of the host in the
name of the host in the
Host
field. The default port (514) is used.
Caution
If the computer you configure to receive an audit log is not set up to accept remote messages, the host
will not accept the audit log.
will not accept the audit log.
Step 6
Select a syslog facility from the
Facility
field.
Step 7
Select a severity from the
Severity
field.
Step 8
Optionally, insert a reference tag in the
Tag (optional)
field.
Step 9
To send regular audit log updates to an external HTTP server, select
Enabled
from the
Send Audit Log to
HTTP Server
drop-down list. The default setting is
Disabled
.
Step 10
In the
URL to Post Audit
field, designate the URL where you want to send audit information. You must enter
an URL that corresponds to a listener program that expects the HTTP POST variables as listed:
•
subsystem
•
actor
•
event_type
•
message
•
action_source_ip
•
action_destination_ip
•
result
•
time
•
tag
(if defined, as above)
Caution
To allow encrypted posts, you must use an HTTPS URL. Note that sending audit information to an
external URL may affect system performance.
external URL may affect system performance.
Step 11
Click
Save Policy and Exit
.
The system policy is updated. Your changes do not take effect until you apply the system policy to the
Defense Center and its managed devices. See
Defense Center and its managed devices. See
information.
Configuring Authentication Profiles
License:
Any
Normally, when a user logs into an appliance, the appliance verifies user credentials by comparing the
credentials to a user account stored in the appliance’s local database. However, if you create an
authentication object referencing an external authentication server, you can apply in the system policy
to let users logging into the Defense Center or managed device authenticate to that server, rather than
using the local database.
credentials to a user account stored in the appliance’s local database. However, if you create an
authentication object referencing an external authentication server, you can apply in the system policy
to let users logging into the Defense Center or managed device authenticate to that server, rather than
using the local database.