- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Supported OS
Cisco Secure Firewall Threat Defense (FTD) is a threat-focused, next-gen firewall (NGFW) with unified management. It provides advanced threat protection before, during, and after attacks.The Cisco Secure Firewall Management Center (FMC) is the centralized event and policy manager for Cisco Secure Firewall Threat Defense (FTD), both on-premises and virtual.
This integration enrich and ingests the following logs from Cisco Secure FTD using Cisco Secure FMC:
Visualize detailed insights into SNMP requests, identity-based firewall logs, real time threat analysis, security detection and observation, and compliance monitoring with the out-of-the-box dashboards.
To install the Cisco Secure Firewall integration, run the following Agent installation command and the steps below. For more information, see the Integration Management documentation.
Note: This step is not necessary for Agent version >= 7.52.0.
Linux command:
sudo -u dd-agent -- datadog-agent integration install datadog-cisco_secure_firewall==1.0.0
Collecting logs is disabled by default in the Datadog Agent. Enable it in datadog.yaml
:
logs_enabled: true
Add this configuration block to your cisco_secure_firewall.d/conf.yaml
file to start collecting your Cisco Secure Firewall logs.
See the sample cisco_secure_firewall.d/conf.yaml for available configuration options.
logs:
- type: tcp/udp
port: <PORT>
service: cisco-secure-firewall
source: cisco-secure-firewall
Configure Syslog Message Forwarding from Cisco Secure Firewall Management Center:
Run the Agent’s status subcommand and look for cisco_secure_firewall
under the Checks section.
The Cisco Secure Firewall integration collects user authentication, SNMP, failover, transparent firewall, IP stack, application firewall, identity based firewall, threat detection, command interface, security events, OSPF routing, RIP routing, resource manager, VPN failover, and intrusion protection system logs.
The Cisco Secure Firewall integration does not include any metrics.
The Cisco Secure Firewall integration does not include any events.
The Cisco Secure Firewall integration does not include any service checks.
Permission denied while port binding:
If you see a Permission denied error while port binding in the Agent logs, see the following instructions:
Binding to a port number under 1024 requires elevated permissions. Grant access to the port using the setcap
command:
Grant access to the port using the setcap
command:
sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent
Verify the setup is correct by running the getcap
command:
sudo getcap /opt/datadog-agent/bin/agent/agent
With the expected output:
/opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep
Note: Re-run this setcap
command every time you upgrade the Agent.
Data is not being collected:
Make sure that traffic is bypassed from the configured port if the firewall is enabled.
Port already in use:
If you see the Port <PORT-NO> Already in Use error, see the following instructions. The example below is for PORT-NO = 514:
On systems using Syslog, if the Agent listens for Cisco Secure Firewall logs on port 514, the following error can appear in the Agent logs: Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use
.
This error occurs because by default, Syslog listens on port 514. To resolve this error, take one of the following steps:
For any further assistance, contact Datadog support.