Cisco Cisco FirePOWER Appliance 7020
50-10
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
Step 6
Select
SSH
,
HTTPS
,
SNMP
, or a combination of these options to specify which ports you want to enable
for these IP addresses.
Step 7
Click
Add
.
The Access List page appears again, reflecting the changes you made.
Step 8
Click
Save Policy and Exit
.
The system policy is updated. Your changes do not take effect until you apply the system policy. See
Configuring Audit Log Settings
License:
Any
You can configure the system policy so that the appliance streams an audit log to an external host.
Note
You must ensure that the external host is functional and accessible from the appliance sending the audit
log.
log.
The sending host name is part of the information sent. You can further identify the audit log stream with
a facility, a severity, and an optional tag. The appliance does not send the audit log until you apply the
system policy.
a facility, a severity, and an optional tag. The appliance does not send the audit log until you apply the
system policy.
After you apply a policy with this feature enabled, and your destination host is configured to accept the
audit log, the syslog messages are sent. The following is an example of the output structure:
audit log, the syslog messages are sent. The following is an example of the output structure:
Date Time Host [Tag] Sender: [User_Name]@[User_IP], [Subsystem], [Action]
where the local date, time, and hostname precede the bracketed optional tag, and the sending device
name precedes the audit log message.
name precedes the audit log message.
For example:
Mar 01 14:45:24 localhost [TAG] Dev-DC3000: admin@10.1.1.2, Operations > Monitoring, Page
View
To configure the audit log settings:
Access:
Admin
Step 1
Select
System > Local > System Policy
.
The System Policy page appears.
Step 2
You have the following options:
•
To modify the audit log settings in an existing system policy, click the edit icon (
) next to the
system policy.
•
To configure the audit log settings as part of a new system policy, click
Create Policy
.
Provide a name and description for the system policy as described in
, and click
Save
.
In either case, the Access List page appears.
Step 3
Click
Audit Log Settings
.