Cisco FTD

Cisco FTD Log Forwarding Configuration

Refer to the official Cisco documentation below to configure log forwarding from Cisco FTD.


Supported Log Formats

The Scope application supports ingestion of Cisco FTD logs in the Syslog format.

Sample logs

2019-08-16T09:54:00Z firepower %FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55644, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, GID: 1, SID: 17279

2023-03-27T08:41:37Z %FTD-1-430003: EventPriority: Low, DeviceUUID: 48a00000-8e53-11ec-9a0c-d396ffaa0000, InstanceID: 2, FirstPacketSecond: 2023-03-27T08:41:07Z, ConnectionID: 48101

Aug 14 2019 14:54:25 siem-ftd %FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41522, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe

Jan 1 2019 01:00:27 beats asa[1234]: %FTD-7-999999: This message is not filtered.

<166>Sep 29 2022 15:00:15 hosty : %FTD-6-602303: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xF0079F5A) between 192.168.0.139 and 192.168.0.38 has been created.

<166>: 2024 Dec 18 13:59:59 UTC 120d5caa-81a7-11eb-91b2-705267e934b4 : %FTD-auth-6-113005: AAA user authentication Rejected : reason = AAA failure : server = 10.21.16.9

<13>May 14 17:42:58 10.20.22.24 LOGSTASH[-]: 2025-05-14T17:42:58.119Z 10.20.22.24 <190>May 14 2025 17:42:47: %FTD-6-805002: UDP Flow is no longer offloaded for connection 2745582050

2026-02-23T19:08:28.140Z 10.20.13.52 <190>Feb 23 2026 19:08:28: %FTD-6-302020: Built inbound ICMP connection for faddr 2620:0:3c0:de20:79bd:cd3f:ccfd:c0df/0

<14>Aug 14 2019 13:56:30 platformSettingEdit.cgi: siem-management: admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=AuditLog, Page View

2025-05-05T10:39:20+00:00 REDACTEDHOST SF-IMS[5961]: [23931] sftunneld:control_services [INFO] Interface tap_nlp (10.10.10.10) from 10.10.10.10 is up