Which Sourcefire logging action should you choose to re…

Which Sourcefire logging action should you choose to record the most detail about a connection?

Which Sourcefire logging action should you choose to record the most detail about a connection?

A.
Enable logging at the end of the session.

B.
Enable logging at the beginning of the session.

C.
Enable alerts via SNMP to log events off-box.

D.
Enable eStreamer to log events off-box.

Explanation:
BD
FirePOWER (former Sourcefire)
Logging the Beginning And End of Connections
When the system detects a connection, in most cases you can log it at its beginning and its end.
For a single non-blocked connection, the end-of-connection event contains all of the information in the
beginning-of-connection event, as well as information gathered over the duration of the session.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepowermodule-user-guide-v541/AC-Connection-Logging.html#15726



Leave a Reply 0

Your email address will not be published. Required fields are marked *