Cisco ASA 5500x with FirePower logging & syslog Format/reference

prevathipraba · ‎04-14-2015

Hello everyone,

Can anyone explain how Cisco ASA 5500x Firepower logging works?

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/white_paper_c11-532091.html

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-smart-business-architecture/sbaSIEM_deployG.pdf

I referred above links and found syslog for botnet filtering.

ASA-4-338002: Dynamic filter permitted black listed TCP traffic from inside: 10.1.1.45/6798 (209.165.201.1/7890) to outside: 209.165.202.129/80 (209.165.202.129/80), destination 209.165.202.129 resolved from dynamic list: bad.example.com

It is cisco asa 5500 log. is it same for Firepower? If yes, is Firepower generate syslog for all events like this?

Please refer me syslog reference guide for Cisco ASA 5500x Firepower if exist.

Thanks & Regards

Revathi