These instructions assume:
- You’re running Firepower Management Center (FMC) software version 6.2 or higher.
- Firepower Threat Defence (FTD) devices are connected to your FMC device.
- The date, time and time zone are correctly set on the Firepower devices.
- You have login credentials and admin access to your Firepower Management Center.
- The IP address of your Auvik collector is known. You can find this in the Syslog > Summary tab in the Export Information column
- Navigate to Devices
- Click on Platform Settings
- Click New Policy and choose Threat Defence Settings
- Give a name to the policy, select the firewall(s) to apply the configuration hit the Add to Policy button
- Click Save
- In the left bar choose Syslog
- In Logging Setup check the box for Enable Logging
- In the Syslog Servers tab, click on Add
- Enter the IP address of the collector and the interface where the collector is on the firewall
- Click on Save
- Deploy the changes on the firewall(s)
For more information:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html