Which Sourcefire logging action should you choose to record the most detail about a connection?
A.
Enable logging at the end of the session.
B.
Enable logging at the beginning of the session.
C.
Enable alerts via SNMP to log events off-box.
D.
Enable eStreamer to log events off-box.
Explanation:
BD
FirePOWER (former Sourcefire)
Logging the Beginning And End of Connections
When the system detects a connection, in most cases you can log it at its beginning and its end.
For a single non-blocked connection, the end-of-connection event contains all of the information in the
beginning-of-connection event, as well as information gathered over the duration of the session.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepowermodule-user-guide-v541/AC-Connection-Logging.html#15726