Enable or Disable Threat Defense Devices to Send Event logs to SAL (SaaS) Using a Direct Connection
Enable or disable the FTD devices managed by the cloud-delivered Firewall Management Center to send events directly to SAL (SaaS). This device-level control allows you to optionally exclude specific FTD devices from sending event logs to the Cisco cloud to reduce traffic or to maintain a combination of SAL and on-premises event log storage.
Note |
|
Before you begin
-
Onboard devices to the cloud-delivered Firewall Management Center, assign licenses to these devices, and configure these devices to send events directly to SAL (SaaS).
-
Enable connection logging on a per-rule basis by editing a rule and choosing the Log at Beginning of Connection and Log at End of Connection options.
Procedure
Step 1 | Log in to CDO. |
Step 2 | In the left pane, click Inventory. |
Step 3 | Click the Devices tab to locate the device. |
Step 4 | Click the FTD tab. |
Step 5 | Choose the FTD devices whose configurations you want to edit, from the inventory list. |
Step 6 | In the Device Management pane, click Cloud Events. |
Step 7 | Click the Send Events to the Cisco Cloud toggle button to enable or disable the configuration. |
Step 8 | Click Save. |