Cisco FirePOWER

This article describes the steps to configure log forwarding for Cisco FirePOWER

  1. Log into the web user interface of your Sourcefire Management Center.
  2. Navigate to Policies > Intrusion > Intrusion Policy.
  3. Click Edit next to the policy you want to apply.
  4. Click Advanced Settings.
  5. Locate Syslog Alerting in the list and set it to Enabled.

  6. Click Policy Information near the top left of this screen.
  7. Click Commit Changes.
  8. Reapply your Intrusion Policy.

  9. Click Edit next to the right of Syslog Alerting.
  10. Type the IP address of EventTracker on the Logging Hosts field.
  11. Choose an appropriate Facility and Severity from the drop-down menu. These can be left at the default values unless a Syslog server is configured to accept alerts for a certain facility or severity.
  12. Click Policy Information near the top left of this screen.
  13. Click Commit Changes.
  14. Reapply your Intrusion Policy.

Official Documentation: Click here