Configure Cisco FTD for syslog forwarding to Radiant Security.
Overview
Cisco FTD is a next-generation firewall and intrusion prevention system (IPS) solution. Cisco FTD offers a more complete security solution than Cisco ASA, which focuses on firewall functionality. This guide will walk you through the steps needed to configure Cisco FTD to forward logs to Radiant Security via syslog TLS.
In this guide, you’ll complete the following steps:
- Add the data connector in Radiant Security
- Configure a local Radiant Security Syslog Collector
- Configure Cisco FTD to forward logs to the Radiant Security Log Collector
Prerequisites
- The user must have the config role in Cisco
- User must be able to deploy an Rsyslog configuration within their organization’s infrastructure, and set up networking so that this service can receive and send packets
Add the data connector in Radiant Security
|
1. Log in to Radiant Security. |
|
| 2. From the navigation menu, click Settings > Data Connectors and click + Add Connector. |
|
| 3. Search for and select the Cisco FTD (syslog) vendor from the list and click Data Feeds. | /Screenshot%202024-04-04%20at%2013.33.17.png?width=688&height=1207&name=Screenshot%202024-04-04%20at%2013.33.17.png)
|
| 4. Under Select your data feeds, select Cisco FTD and click Credentials. | /Screenshot%202024-04-04%20at%2013.34.13.png?width=688&height=1196&name=Screenshot%202024-04-04%20at%2013.34.13.png)
|
5. Under Credential Name, give the credential an identifiable name (e.g. Cisco FTD Credentials). |
|
| 6. Under Required Credentials, add a Connector tag value. This value can be random and will be used as a salt to generate the unique connector Token which you’ll download in the next step. | /Screenshot%202024-04-04%20at%2013.36.58.png?width=688&height=1235&name=Screenshot%202024-04-04%20at%2013.36.58.png)
|
| 7. Click Add Connector. | |
| 8. Copy and save the Token value. | /Screenshot%202024-04-04%20at%2013.38.28.png?width=688&height=1197&name=Screenshot%202024-04-04%20at%2013.38.28.png)
|
| 9. Click Done to save your changes. | |
Configure a local Radiant Security Syslog Collector
Refer to the Deploy a Radiant Security Syslog Collector guide to set up a local Radiant Syslog Collector.
Configure Cisco FTD to forward logs to the Radiant Security Log Collector
-
Log into the Cisco FDM UI with a config user.
-
Select the desired Cisco FTD device on the top navigation bar.
-
Under System Settings, select Logging Settings.
-
Enable Data Logging.
-
Under Message Filtering for Firepower Threat Defense, set the Severity level for filtering all events as Information.
/Untitled.png?width=527&height=569&name=Untitled.png)
- Under Syslog Servers, click the + button to add a new syslog server.
- Click Create new Syslog Server.
- Enter the IP address of the Syslog Forwarder deployed to your environment previously.
- For Protocol Type select UDP.
- For Port Number enter 6514.
- Under Interface for Device Logs, select an interface with connectivity to the Syslog Forwarder.
- Click OK and select the newly created Syslog Server.
- Click SAVE to save the changes.
/Untitled(2).png?width=484&height=213&name=Untitled(2).png)
- Click the deploy button to deploy the changes.
/Untitled(3).png?width=416&height=57&name=Untitled(3).png)
We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai
Last updated: 2024-08-23