Configure Network Device - Cisco Firepower

This article will describe the steps required to configure Cisco Firepower to send Syslog messages to the RocketAgent Syslog Server

  1. From the Main Firepower Device Manager screen, select the Logging Settings under the System Settings in the lower right-hand corner of the screen.
    Captura de Pantalla 2022-08-18 a la(s) 3.25.53 p.m.
  2. On the System Settings screen, Select the Logging Settings in the left-hand menu.
    Captura de Pantalla 2022-08-18 a la(s) 4.54.23 p.m.
  3. Set the Data Logging toggle switch, select the + sign under Syslog Servers.
  4. Select Add Syslog Server. Alternatively, you can create the Syslog Server object in Objects - Syslog Servers.
    Captura de Pantalla 2022-08-18 a la(s) 3.34.40 p.m.
  5. Enter the IP Address of your Syslog Server and port number. Select the radio button for Data Interface and select OK.
    Captura de Pantalla 2022-08-19 a la(s) 11.29.01 a.m.
  6. Next, select the new Syslog server and select OK.
    Captura de Pantalla 2022-08-19 a la(s) 11.37.09 a.m.
  7. Select the Severity level to filter with the all events radio button and select your desired logging level.
    Captura de Pantalla 2022-08-19 a la(s) 12.11.23 p.m.
  8. Select Save at the bottom of the screen.
    samsala_4-1658337612881
  9. Verify the settings were successful.
    samsala_5-1658337625577
  10. Deploy the new settings.
    Captura de Pantalla 2022-08-18 a la(s) 5.03.15 p.m.
  11. And
    Captura de Pantalla 2022-08-18 a la(s) 5.16.49 p.m.

Additional information on troubleshooting and access control can be found in the Cisco article: https://www.cisco.com/c/en/us/support/docs/security/firepower-2130-security-appliance/220231-configure-and-verify-syslog-in-firepower.html#toc-hId-1961531250