Cisco FTD/ASA

Realm Security integrates seamlessly with Cisco FTD or Cisco ASA, enabling intelligent routing and analysis of security event logs.

Setup Cisco Firewall Source in Realm

1. Go to Sources > Add > Cisco Firewall
2. Fill out the source details:

   Name: Cisco FirewallDescription: Cisco Firewall logs

3. If a collector is already set up, go to Collectors > Select your collector. If not, add a new collector:
   • Go to Collectors > Add and give it a name and description
4. Add a Cisco Firewall stream to the collector:
   • Click Add Stream
   • Product Format: Cisco Firewall
   • Source: Select Cisco Firewall from the dropdown
   • Framing Trailer: Unspecified
   • Click Add Stream
5. Note the port assigned to the Cisco Firewall stream — you will need it when configuring Cisco Firewall to forward syslog messages to Realm

Prerequisites

• Ensure you have administrative access to your Cisco Firewall Management Console
• Realm collector is set up and running. See Realm Collector install guide for setting up a collector.
• Realm Security syslog collector IP address or FQDN

Setup Cisco Firewall Log Forwarding

If using Cisco FTD, follow these steps to configure Cisco FTD Log Forwarding to Realm Security Data Fabric.

If using Cisco ASA, follow these steps to configure Cisco ASA Log Forwarding to Realm Security Data Fabric.

Note: Do not select the option to send logs in Emblem format — this format is not supported by Realm.

Note: Choose to send logs via TCP. UDP for Cisco Firewall logs is not supported by Realm.

Note: When selecting a port, copy the port assigned to the Cisco Firewall stream into your Remote Syslog Server configuration.

Support

For additional details, refer to the official Cisco Firewall documentation.