Create a Syslog Server Object for Cisco Security Analytics and Logging
Create a syslog server object with the IP address, TCP port, or UDP port of the Secure Event Connector (SEC) you want to send events to. You would create one syslog object for every SEC that you have onboarded to your tenant but you would only send events from one rule to one syslog object representing one SEC.
Prerequisite
This task is part of a larger workflow. See Workflow to Implement Cisco Security Analytics and Logging (SaaS) and Send Events through the Secure Event Connector to the Cisco Cloud before you begin.
Procedure
- In the navigation bar, click Objects.
- Click the Create Object button
.
- Select Syslog Server under FTD object types.
- Configure the syslog server object properties. To find these properties of the SEC, click the account menu and click Secure Connectors. Then select the Secure Event Connector you want to configure the syslog object for and look in the Details pane on the right.
- IP Address—Enter the IP address of the SEC.
- Protocol Type—Select TCP or UDP.
- Port Number—Enter port 10125 if you selected TCP or 10025 if you selected UDP.
- Select an interface—Select the interface configured to reach the SEC.
Note: FTD supports one syslog object per IP address so you will have to choose between using TCP and UDP.
- Click Add.
What to do next
Continue with Step 3 of "Workflow to Implement Cisco Security Analytics and Logging (SaaS) and Send Events through the Secure Event Connector to the Cisco Cloud."