Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1661
Views
0
Helpful
4
Replies

FTD logging to Algosec

Marius Gunnerud
VIP
VIP

‎05-12-2021 05:57 AM

Has anyone here set up logging from FTD to Algosec?  The only documentation I have found on the Algosec site with regards to logging was for ASA and there it stated that syslog message ID 106100 is needed.  This syslog ID is not available in FTD after 6.2. So I am wondering if anyone has successfully set up logging towards Algosec and which syslog message IDs were used?

--
Please remember to select a correct answer and rate helpful posts
1 person had this problem
0 Helpful
4 Replies 4

1_am_r00t
Level 1
Level 1

‎06-29-2023 06:31 AM

Not using Algosec, running into a similar problem though. Have you ever managed to fix/solve it?

0 Helpful

Marius Gunnerud
VIP
VIP
In response to 1_am_r00t

‎06-29-2023 06:37 AM

Yes, solved this by enabling logging to syslog server under each ACP rule.  Once I did this syslog was sent.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

1_am_r00t
Level 1
Level 1
In response to Marius Gunnerud

‎06-29-2023 06:41 AM

Interesting. I have enabled logging for the majority of ACP rules (see screenshot attached), however, 106100 is not being sent. Maybe it is version specific - we're using 6.6.5.2 in this deployment.

Preview file
15 KB
0 Helpful

Marius Gunnerud
VIP
VIP
In response to 1_am_r00t

‎06-29-2023 06:53 AM

FTD doesn't use 106100, it uses the following:

430002 - log at beginning

430003 - log at end

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card