Cisco FTD/ASA

Realm Security integrates seamlessly with Cisco FTD or Cisco ASA, enabling intelligent routing and analysis of security event logs.

Setup Cisco Firewall Source in Realm

• Login to Realm console
• Add a new Source. Go to Sources > Add > Cisco Fireall
  • Name: Cisco Firewall
  • Description: Cisco Firewall logs
• If a collector is already setup, Go to Collectors > Select your collector. If not, add a new collector
  • To add a new collector, Go to Collectors > Add > Give it a name and description
• Add a Cisco Firewall stream to the Collector.
  • Click on Add Stream
  • Select Product Format: Cisco Firewall
  • From Source drop down: Select Cisco Firewall source
  • Framing Trailer: Select Unspecified
  • Click Add Stream button
• Take note of the port that was assigned to the Cisco Firewall stream. You will need it when configuring Cisco Firewall to forward syslog messages to Realm.

Prerequisites

• Ensure you have administrative access to your Cisco Firewall Management Console.
• Realm collector is setup and running. See Realm Collector install guide for setting up a collector.
• Realm Security syslog collector IP address or FQDN

Setup Cisco Firewall Log Forwarding

If using Cisco FTD, follow these concise steps to configure Cisco FTD Log Forwarding to Realm Security Data Fabric.
If using Cisco ASA follow these concise steps to configure Cisco ASA Log Forwarding to Realm Security Data Fabric.

Notes:

• Do not select the option to send logs in Emblem format. This format is not supported by Realm.
• Choose to send logs via TCP. UDP for Cisco Firewall logs is not supported by Realm.
• When selecting a port, copy the port assigned to the Cisco Firewall stream into your Remote Syslog Server configuration.

Support

For additional details, refer to the official Cisco Firewall documentation.