# Cisco FTD (syslog)

In this guide, you'll configure Cisco FTD, a next-generation firewall and intrusion prevention system (IPS), to forward logs to Radiant Security using the Radiant Agent. Cisco FTD provides more comprehensive security capabilities than Cisco ASA, which is primarily focused on firewall functionality.

### Prerequisites

* [ ] Config user role in Cisco
* [ ] Ability to deploy an Rsyslog configuration within their organization’s infrastructure, and set up networking so that this service can receive and send packets

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**. 
3. Search for and select the **Radiant Agent** option and then click **Data Feeds**.
4. Under **Select your data feeds**, select **Cisco** **FTD** **(syslog)** and click **Credentials**.
5. Under **Credential** **Name**, give the Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`). If you will reuse a Radiant Agent, select it from the drop-down menu.
6. Click **Add Connector**.

### Configure a local Radiant Security Agent

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

### Configure Cisco FTD to forward logs to the Radiant Agent

1. Log into the Cisco FDM UI with a **config** user.
2. Select the desired Cisco FTD device on the top navigation bar.
3. Under **System Settings**, select **Logging Settings.**
4. Enable **Data Logging**.
5. Under **Message Filtering for Firepower Threat Defense,** set the **Severity level for filtering all events** as **Information**.\ <img src="https://20705827.fs1.hubspotusercontent-na1.net/hubfs/20705827/Knowledge%20Base%20Articles/Cisco%20FTD%20(syslog)/Untitled.png" alt="Untitled" data-size="original">
6. Under **Syslog Servers**, click the **+** button to add a new syslog server.
7. Click **Create new Syslog Server.**
8. Enter the IP address of the Radiant Agent deployed to your environment previously.
9. For **Protocol** **Type** select **TCP.**
10. For **Port** **Number** enter `<Radiant Agent Port Configured to Receive Cisco FTD>`.
11. Under **Interface for Device Logs**, select an interface with connectivity to the **Syslog** **Forwarder**.
12. Click **OK** and select the newly created **Syslog** **Server**.
13. Click **SAVE** to save the changes.\
    ![Untitled(2)](https://20705827.fs1.hubspotusercontent-na1.net/hubfs/20705827/Knowledge%20Base%20Articles/Cisco%20FTD%20\(syslog\)/Untitled\(2\).png)
14. Click the deploy button to deploy the changes.\
    ![Untitled(3)](https://20705827.fs1.hubspotusercontent-na1.net/hubfs/20705827/Knowledge%20Base%20Articles/Cisco%20FTD%20\(syslog\)/Untitled\(3\).png)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/cisco-ftd-syslog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.