Skip to content

Configure a Cisco ASA with firepower to forward syslogs

Creating a Syslog Alert Response

  1. Navigate to Firepower Configuration > Policies > Actions > Alerts
  2. From the Create Alert drop-down menu, choose Create Syslog Alert, input or select the following values:
  3. Name ActZero_Logging
  4. Host The local IP of the ActZero VM
  5. Port 514
  6. Facility LOCAL7
  7. Severity INFO
  8. Click Save.

Update policies to log events.

  1. Navigate to ASA Firepower Configuration > Policies > Access Control Policy
  2. For each access rule, edit the configuration rule and navigate to logging option.
  3. Select at End of Connection options.
  4. In the Send Connection Events to option , select Syslog ensure that the checkbox is on
  5. Then select ActZero_Logging from the dropdown list.
  6. Click Save. Reference Cisco Firepower documentation for further detail.


Was this documentation helpful? Please send us your feedback!