forum.tufin.com
Open in
urlscan Pro
2606:4700:10::ac43:1ae2
Public Scan
URL:
https://forum.tufin.com/support/kc/latest/Content/Suite/12108.htm
Submission: On May 20 via manual from QA — Scanned from DE
Submission: On May 20 via manual from QA — Scanned from DE
Form analysis 1 forms found in the DOM
#
<form class="search" action="#">
<div class="search-bar search-bar-container needs-pie search-version">
<input class="search-field needs-pie" type="search" aria-label="Search Field" placeholder="Looking for something?">
<div class="search-filter-wrapper"><span class="invisible-label" id="search-filters-label">Filter: </span>
<div class="search-filter" aria-haspopup="true" aria-controls="sf-content" aria-expanded="false" aria-label="Search Filter" title="All" role="button" tabindex="0">
</div>
<div class="search-filter-content" id="sf-content">
<ul>
<li>
<button class="mc-dropdown-item" aria-labelledby="search-filters-label filterSelectorLabel-00001"><span id="filterSelectorLabel-00001">All</span>
</button>
</li>
</ul>
</div>
</div>
<div class="search-submit-wrapper" dir="ltr">
<div class="search-submit" title="Search" role="button" tabindex="0"><span class="invisible-label">Submit Search</span>
</div>
</div>
</div>
<div class="version-dropdown"><select class="version-data" onchange="this.options[this.selectedIndex].value != '-1' && (window.parent.location = '' + '/support/kc/' + this.options[this.selectedIndex].value);">
<option value="-1">Select KC ...</option>
<option value="R24-1">R24-1 Aurora (latest)</option>
<option value="R23-2">R23-2 Aurora</option>
<option value="R23-1">R23-1 Aurora</option>
<option value="R22-2">R22-2 Aurora</option>
<option value="R21-3">R21-3 Classic (EOL)</option>
<option value="ReleaseNotes">Release Notes</option>
<option value="mkt/parent">Extensions (was Marketplace)</option>
</select></div>
</form>Text Content
* Knowledge Center Home Page
* R24-1 Release Notes
* Product Lifecycle
* Getting Started
* Installing and Upgrading
* TOS Maintenance and Configuration
* SecureTrack User Guide
* SecureTrack User Guide
* SecureTrack Features by Vendor
* Logging into TOS Aurora
* Managing Device Connections
* Managing Device Connections
* Managing Monitored Devices
* Device Monitoring
* Managing Devices in TOS Aurora
* Define Internet Object
* Importing Administrative Domains and Managed Devices
* Managing Device Groups
* Sending Additional Information using Syslog
* Sending Additional Information using Syslog
* Configuring Check Point Syslogs
* Configuring Cisco Syslogs
* Configuring Cisco Syslogs
* Configuring a Cisco ASA to Send Syslogs
* Configuring a Cisco IOS Router or Switch to Send Syslogs
* Configuring a Cisco Nexus Switch to Send Syslogs
* Configuring a Cisco Firewall Management Center (FMC) to Send Syslogs
* Configuring Fortinet Syslogs
* Configuring Juniper Syslogs
* Configuring VMware Syslogs
* Configuring Palo Alto Syslogs
* Verifying Communication
* Offline Analysis
* Dashboard and Browsers
* Change Browser
* Cleanup Browser
* Rule Viewer
* Device Viewer
* Comparing Revisions
* Analyzing Policies
* Auditing and Compliance
* Reporting Module
* Reporting Essentials
* Network Mapping
* Configuring SecureTrack Settings
* Worksheets
* Troubleshooting SecureTrack
* About Tufin Extensions (formerly Tufin Marketplace)
* SecureChange User Guide
* SecureApp User Guide
* Technical Notes
* The TOS Developers Guide
* Patents and Trademarks
Skip To Main Content
Account
Settings
--------------------------------------------------------------------------------
Logout
* Knowledge Center Home Page
* R24-1 Release Notes»
* Product Lifecycle»
* Getting Started»
* Installing and Upgrading»
* TOS Maintenance and Configuration»
* SecureTrack User Guide»
* SecureChange User Guide»
* SecureApp User Guide»
* Technical Notes»
* The TOS Developers Guide»
* Patents and Trademarks
Account
Settings
--------------------------------------------------------------------------------
Logout
Filter:
* All
Submit Search
Select KC ... R24-1 Aurora (latest) R23-2 Aurora R23-1 Aurora R22-2 Aurora R21-3
Classic (EOL) Release Notes Extensions (was Marketplace)
Tufin Orchestration Suite (TOS) Aurora
R24-1 Knowledge Center.
> SecureTrack User Guide > Managing Device Connections > Sending Additional
Information using Syslog > Configuring a Cisco Firewall Management Center (FMC)
to Send Syslogs
* Knowledge Center Home Page
* R24-1 Release Notes R24-1 Release Notes
* Product Lifecycle
* Getting Started
* Installing and Upgrading Installing and Upgrading
* TOS Maintenance and Configuration TOS Maintenance and Configuration
* SecureTrack User Guide SecureTrack User Guide
* SecureTrack Features by Vendor SecureTrack Features by Vendor
* Logging into TOS Aurora
* Managing Device Connections Managing Device Connections
* Managing Monitored Devices
* Device Monitoring
* Managing Devices in TOS Aurora Managing Devices in TOS Aurora
* Define Internet Object
* Importing Administrative Domains and Managed Devices
* Managing Device Groups
* Sending Additional Information using Syslog Sending Additional
Information using Syslog
* Configuring Check Point Syslogs Configuring Check Point Syslogs
* Configuring Cisco Syslogs Configuring Cisco Syslogs
* Configuring a Cisco ASA to Send Syslogs
* Configuring a Cisco IOS Router or Switch to Send Syslogs
* Configuring a Cisco Nexus Switch to Send Syslogs
* Configuring a Cisco Firewall Management Center (FMC) to Send Syslogs
* Configuring Fortinet Syslogs Configuring Fortinet Syslogs
* Configuring Juniper Syslogs Configuring Juniper Syslogs
* Configuring VMware Syslogs Configuring VMware Syslogs
* Configuring Palo Alto Syslogs Configuring Palo Alto Syslogs
* Verifying Communication
* Offline Analysis Offline Analysis
* Dashboard and Browsers Dashboard and Browsers
* Change Browser
* Cleanup Browser Cleanup Browser
* Rule Viewer Rule Viewer
* Device Viewer Device Viewer
* Comparing Revisions Comparing Revisions
* Analyzing Policies Analyzing Policies
* Auditing and Compliance Auditing and Compliance
* Reporting Module Reporting Module
* Reporting Essentials
* Network Mapping Network Mapping
* Configuring SecureTrack Settings Configuring SecureTrack Settings
* Worksheets Worksheets
* Troubleshooting SecureTrack Troubleshooting SecureTrack
* About Tufin Extensions (formerly Tufin Marketplace)
* SecureChange User Guide SecureChange User Guide
* SecureApp User Guide SecureApp User Guide
* Technical Notes
* The TOS Developers Guide The TOS Developers Guide
* Patents and Trademarks
On This Page
* Configuring a Cisco Firewall Management Center (FMC) to Send Syslogs
* Enable Syslog in FMC (Accountability)
* Enable a Syslog Device ID on the FTDs (Data Usage)
* Create a new Syslog alert
* Edit an FMC policy to send syslogs using the new alert
CONFIGURING A CISCO FIREWALL MANAGEMENT CENTER (FMC) TO SEND SYSLOGS
If you want to collect usage from Cisco Firewall Threat Defense (FTD) devices
managed by an FMC, you can configure a policy in the FMC to send syslogs to
SecureTrack. This configuration will apply to all the policy's rules that send
syslogs to SecureTrack.
Configuring the FMC comprises the following stages:
1. Enable Syslog in FMC (Accountability)
2. Enable a Syslog Device ID on the FTDs (Data Usage)
3. Create a new Syslog alert
4. Edit an FMC policy to send syslogs using the new alert
ENABLE SYSLOG IN FMC (ACCOUNTABILITY)
1. In the FMC, navigate to the System > Configuration tab.
2. Select Audit Log.
3. Configure the following parameters:
* Set Send Audit Log to Syslog to Enabled.
* In the Host field, enter the IP address of the syslog VIP.
* Set Facility to LOCAL7.
* Set Severity to NOTICE.
* In the Tag field, enter the Log Tag defined in the Syslog Authentication
window (Stage 3 of 5) when the device was configured.
This tag will be used in SecureTrack under “Syslog Authentication” as the
Tag ID. The tag must be unique per FMC device.
4. Click Save.
ENABLE A SYSLOG DEVICE ID ON THE FTDS (DATA USAGE)
After the FMC device is configured, in SecureTrack, you can configure the device
to collect usage data.
1. In the FMC, navigate to the Devices > Platform Settings tab.
2. To create a new policy: (If you are configuring an existing policy, skip to
step 3)
1. Click New Policy > Threat Defense Settings.
The New Policy dialog box appears.
2. In the Name field, enter a name for the new policy.
3. Select an FTD device to add to the policy, and click Add to Policy.
4. Click Save.
3. In the row of the policy you want to configure, click the Edit() button.
4. In the navigation pane, select Syslog.
5. Select the Syslog Settings tab.
1. Select the Enable Syslog Device ID option.
2. From the drop-down menu, select User Defined ID.
3. Enter an ID for the device syslogs. This ID will be used when
configuring the device in SecureTrack.
6. In the FMC for the required domain, navigate to the Policies > Access
Control > RULE_IN_THE_POLICY > Logging tab.
1. Select one of these options:
* Log at Beginning of Connection
* Log at End of Connection
2. Select Syslog Server.
7. Click Save.
CREATE A NEW SYSLOG ALERT
1. In the FMC, navigate to Policies > Actions > Alerts.
2. Click Create Alert > Create Syslog Alert.
The Edit Syslog Configuration dialog box appears.
1. In the Name field, enter a name for the new alert.
2. In the Host field, enter the IP address of the syslog VIP.
3. In the Facility field, select Syslog.
4. Click Save.
3. In the Enable column, enable the alert.
EDIT AN FMC POLICY TO SEND SYSLOGS USING THE NEW ALERT
1. In the FMC, navigate to Policies.
2. In the row of the policy which you want to use to send syslog alerts to
SecureTrack, click the Edit () button.
3. Go to the Logging tab.
4. Select Send using specific syslog alert.
5. In the Syslog alert field, select the new syslog alert you created.
6. Click Save.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
★★★★★
Send Feedback in email
Send this page to a colleague
nonetruetruetruetrue
alexander.htm
Tufin Orchestration Suite (TOS) Aurora