These instructions assume:
- You’re running Firepower Management Center (FMC) software version 6.2 or higher.
- Firepower Threat Defence (FTD) devices are connected to your FMC device.
- The date, time and time zone are correctly set on the Firepower devices.
- You have login credentials and admin access to your Firepower Management Center.
- The IP address of your Auvik collector is known. You can find this in the Syslog > Summary tab in the Export Information column
Configure syslog
- Log into your Firepower Managed Center console.
- Click Devices.
- Click Platform settings.
- Navigate to Threat Defense Policy > Syslog > Syslog Servers.
- Click Add.
- Select the IP address that corresponds to the host with the Auvik collector.
- For Protocol, select UDP.
- For Port, enter 514.
- Click OK and Save to save the configuration.
- Click Save to save the platform setting.
- Select Deploy. Choose the FTD appliance where you want to apply the changes and click Deploy in order to start deployment of the platform setting.
For more information:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html
