Configuration Locations for Syslogs for Intrusion Events (FTD Devices)
You can specify syslog settings for intrusion policies in various places and, optionally, inherit settings from the access control policy or the Threat Defense Platform Settings or both.
Configuration Location |
Description and More Information |
---|---|
Devices > Platform Settings, Threat Defense Settings policy, Syslog |
Syslog destinations that you configure here can be specified in the Logging tab of an access control policy which can be the default for an intrusion policy. See FTD Platform Settings That Apply to Security Event Syslog Messages and About Syslog and subtopics. |
Policies > Access Control, <each policy>, Logging |
Default setting for syslog destination for intrusion events, if the intrusion policy does not specify other logging hosts. |
Policies > Intrusion, <each policy>, Advanced Settings, enable Syslog Alerting, click Edit |
To specify syslog collectors other than the destinations specified in the access control policy Logging tab, and to specify facility and severity, see Configuring Syslog Alerting for Intrusion Events. If you want to use the Severity or Facility or both as configured in the intrusion policy, you must also configure the logging hosts in the policy. If you use the logging hosts specified in the access control policy, the severity and facility specified in the intrusion policy will not be used. |
|
If you want to send Syslog messages for IPS events. Default syslog settings configured are used for syslog destinations for IPS events. |