Enable or Disable Threat Defense Devices to Send Event logs to SAL (SaaS) Using a Direct Connection

Enable or disable the FTD devices managed by the cloud-delivered Firewall Management Center to send events directly to SAL (SaaS). This device-level control allows you to optionally exclude specific FTD devices from sending event logs to the Cisco cloud to reduce traffic or to maintain a combination of SAL and on-premises event log storage.

Note

To enable or disable sending events to the Cisco cloud from the FTD devices, enable the Cisco cloud event global setting in the cloud-delivered Firewall Management Center. For more information on enabling the Cisco cloud event global setting, see Send Cloud-delivered Firewall Management Center-Managed Event Logs to SAL (SaaS) Using a Direct Connection.

Sending events to the Cisco cloud is enabled by default for all FTD devices when the Cisco cloud event global setting is enabled in the cloud-delivered Firewall Management Center.
The option to enable or disable FTD devices to send event logs to the cloud is supported on FTD Version 7.4.1 or later.

Before you begin

Onboard devices to the cloud-delivered Firewall Management Center, assign licenses to these devices, and configure these devices to send events directly to SAL (SaaS).
Enable connection logging on a per-rule basis by editing a rule and choosing the Log at Beginning of Connection and Log at End of Connection options.

Procedure

Step 1	Log in to CDO.
Step 2	In the CDO menu, click Inventory.
Step 3	Click the Devices tab to locate the device.
Step 4	Click the FTD tab.
Step 5	Choose the FTD devices whose configurations you want to edit, from the inventory list.
Step 6	In the Device Management pane, click Cloud Events.
Step 7	Click the Send Events to the Cisco Cloud toggle button to enable or disable the configuration.
Step 8	Click Save.