Cisco ftd update documentation #15887
Conversation
andrewkroh
added
the
documentation
🚀 Benchmarks reportPackage
|
| Data stream | Previous EPS | New EPS | Diff (%) | Result |
|---|---|---|---|---|
log |
1013.17 | 713.78 | -299.39 (-29.55%) | 💔 |
To see the full report comment with /test benchmark fullreport
andrewkroh
added
the
Team:Integration-Experience
|
Pinging @elastic/integration-experience (Team:Integration-Experience) |
alaudazzi
left a comment
alaudazzi
left a comment
There was a problem hiding this comment.
I left a few editing suggestions.
|
|
||
| ## Troubleshooting | ||
|
|
||
| For help with Elastic ingest tools, check [Common problems](https://www.elastic.co/docs/troubleshoot/ingest/fleet/common-problems). |
There was a problem hiding this comment.
This section sends to a generic list of problems. Is that really helpful? Should we expect troubleshooting tips that are more specific to this integration?
There was a problem hiding this comment.
I like this suggestion, this is what I got from just doing a google search, "troubleshooting cisco ftd forward logs", I don't know if we can reproduce this from the prompts or if it would be useful to the user. But it seems that it might be.
To troubleshoot Cisco FTD log forwarding, first verify your configuration in FMC/FDM, ensure the syslog server is reachable using a ping command, check that the correct interface is selected for logging, and confirm that policy deployments are successful. For more in-depth analysis, use the CLI to enable diagnostic logging or take packet captures to see if logs are being sent.
- Verify FTD/FMC configuration
Enable logging: In Cisco FDM or FMC, go to System Settings > Logging Settings and ensure Data Logging is enabled.
Configure the syslog server: Add the correct IP address, protocol (UDP/TCP), and port (e.g., 514) for your syslog server.
Select the correct interface: Under Interface for Device Logs, select the interface that has a network path to the syslog server.
Deploy policies: After making changes, click Deploy to apply them to the FTD device. - Check network connectivity
Ping the syslog server: Log in to the FTD's management CLI via SSH and use the ping <syslog_server_ip> command to check reachability.
Check interface status: Use the show failover command to verify the status of the interfaces involved in log forwarding, especially in a high-availability (HA) cluster, notes Cisco Systems. - Analyze the logs and traffic
Use the diagnostic CLI: Access the diagnostic CLI with system support diagnostic-cli to see more detailed logs and debugging information, suggests Cisco Systems.
Perform a packet capture: Within the diagnostic CLI, use packet capture commands to verify if traffic is reaching the syslog server.
Check access rules: Ensure that the access control rules you expect to be generating logs have logging enabled, as described in a Cisco Community thread. - Troubleshoot deployment issues
Check deployment status: In FMC, check the deployment status to ensure it completed successfully.
Retry deployment: If a deployment fails, try again. Issues might be temporary, or a retry may be needed after a cluster synchronization.
Review deployment errors: If a deployment repeatedly fails, examine the error messages and consider reaching out to Cisco TAC.
There was a problem hiding this comment.
We have this in the panw README: https://github.com/elastic/integrations/blob/main/packages/panw/_dev/build/docs/README.md?plain=1#L83, so I think that's why it's also being used here.
If we don't want this, we'll have to take it out of the example README
There was a problem hiding this comment.
i think that's the best we can do, since we don't expect anything specific to go sideways
There was a problem hiding this comment.
i copied out the verification steps in the knowledge base directly here. i don't know why that wasn't populated before.
qcorporation
left a comment
qcorporation
left a comment
There was a problem hiding this comment.
overall it's looking much better. Thanks for generating this document.
I agree with the comment that the validation step seems a bit lite. I don't know if we want to add any vendor specific troubleshooting steps in general? I think it's up to the group if this is something we aspire to do at scale.
|
|
||
| ## Troubleshooting | ||
|
|
||
| For help with Elastic ingest tools, check [Common problems](https://www.elastic.co/docs/troubleshoot/ingest/fleet/common-problems). |
There was a problem hiding this comment.
I like this suggestion, this is what I got from just doing a google search, "troubleshooting cisco ftd forward logs", I don't know if we can reproduce this from the prompts or if it would be useful to the user. But it seems that it might be.
To troubleshoot Cisco FTD log forwarding, first verify your configuration in FMC/FDM, ensure the syslog server is reachable using a ping command, check that the correct interface is selected for logging, and confirm that policy deployments are successful. For more in-depth analysis, use the CLI to enable diagnostic logging or take packet captures to see if logs are being sent.
- Verify FTD/FMC configuration
Enable logging: In Cisco FDM or FMC, go to System Settings > Logging Settings and ensure Data Logging is enabled.
Configure the syslog server: Add the correct IP address, protocol (UDP/TCP), and port (e.g., 514) for your syslog server.
Select the correct interface: Under Interface for Device Logs, select the interface that has a network path to the syslog server.
Deploy policies: After making changes, click Deploy to apply them to the FTD device. - Check network connectivity
Ping the syslog server: Log in to the FTD's management CLI via SSH and use the ping <syslog_server_ip> command to check reachability.
Check interface status: Use the show failover command to verify the status of the interfaces involved in log forwarding, especially in a high-availability (HA) cluster, notes Cisco Systems. - Analyze the logs and traffic
Use the diagnostic CLI: Access the diagnostic CLI with system support diagnostic-cli to see more detailed logs and debugging information, suggests Cisco Systems.
Perform a packet capture: Within the diagnostic CLI, use packet capture commands to verify if traffic is reaching the syslog server.
Check access rules: Ensure that the access control rules you expect to be generating logs have logging enabled, as described in a Cisco Community thread. - Troubleshoot deployment issues
Check deployment status: In FMC, check the deployment status to ensure it completed successfully.
Retry deployment: If a deployment fails, try again. Issues might be temporary, or a retry may be needed after a cluster synchronization.
Review deployment errors: If a deployment repeatedly fails, examine the error messages and consider reaching out to Cisco TAC.
qcorporation
left a comment
qcorporation
left a comment
There was a problem hiding this comment.
It looks much better, thanks for addressing the issues
💚 Build Succeeded
History
|
|
Package cisco_ftd - 3.13.0 containing this change is available at https://epr.elastic.co/package/cisco_ftd/3.13.0/ |
6 participants
Proposed commit message
[cisco_ftd] update documentation with LLM
Checklist
I have verified that all data streams collect metrics or logs.I have added an entry to my package'schangelog.ymlfile.I have verified that Kibana version constraints are current according to guidelines.I have verified that any added dashboard complies with Kibana's Dashboard good practicesAuthor's Checklist
How to test this PR locally
Related issues
Screenshots