Cyfin - Cisco Firepower Support

Cyfin - Cisco Firepower Support

Cyfin - Cisco Firepower Configuration

Cisco Firepower

Cyfin is installed on a server, not on the Cisco Firepower appliance.


Log File Setup

Log File Type:  Cisco Firepower


Cisco Firepower Configuration Steps

The following steps pertain to Cisco Firepower Threat Defense and are required to forward these logs to Cyfin Syslog Server:

  1. Select Devices - Platform Settings and create or edit a Firepower Threat Defense policy.
  2. Select Syslog - Syslog Server.
  3. Check the Allow user traffic to pass when TCP syslog server is down check box to allow traffic if any syslog server that is using the TCP protocol is down.
  4. Enter a size of the queue for storing syslog messages on the security appliance when syslog server is busy in the Message queue size (messages) field. The minimum is 1 message. The default is 512. Specify 0 to allow an unlimited number of messages to be queued (subject to available block memory).
  5. Click Add to add a new syslog server.
    • In the IP Address drop-down list, select a network host object that contains the IP address of the syslog server.
    • Choose the protocol (either TCP or UDP) and enter the port number for communications between the Firepower Threat Defense device and Cyfin syslog server.
    • The default ports are 514 for UDP and 1470 for TCP. Valid nondefault port values for either protocol are 1025 through 65535.
    • Check the Log messages in Cisco EMBLEM format (UDP only) check box to specify whether to log messages in Cisco EMBLEM format (available only if UDP is selected as the protocol).
    • Add the zones that contain the interfaces used to communicate with the syslog server. For interfaces not in a zone, you can type the interface name into the field below the Selected Zones/Interface list and click Add. These rules will be applied to a device only if the device includes the selected interfaces or zones.

      Note:  If the syslog server is on the network attached to the physical Management interface, you must type the name of that interface into the Interface Name field below the Selected Security Zones list and click Add. You must also configure this name (if not already configured), and an IP address, for the Diagnostic interface (edit the device from the Device Management page and select the Interfaces tab).

    • Click OK.
  6. Click Save.

    You can now click Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them.

Click here for more information from Cisco.


Cyfin Configuration Steps

Cyfin Syslog Server listens for syslog messages from your Cisco Firepower device. Both UDP-based and TCP-based messages are supported.

  1. Select the Cisco Firepower log file configuration in Cyfin for your Cisco Firepower device.
  2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log.
  3. Select Enable Syslog Server.
  4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
  5. In the Listening Port field, the default port number is 1455. The listening port will be used by your Cisco Firepower device to transfer the data. You may change this number if necessary.
  6. At your Cisco Firepower device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
  7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
  8. If you have many of the same Cisco Firepower devices, use one log file configuration with one listening port, and point each Cisco Firepower device to the same listening port.
© Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.

Trusted Worldwide

Call toll-free: 1-877-442-9346
International: 001-321-953-5351
LEGAL PRIVACY | © Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.
Facebook Twitter Linkedin Blog Google+ YouTube Knowledge Base