Firepower Logging per rule

This blogpost will give you a brief guide to implement per rule logging in Firepower Management Center.

Open the rule you want to forward syslog from. Choose Logging -> Check the ‘Syslog Server’ -> Click Save Choose ‘Logging’ under the Access Control Policy and click the green plus to create a new syslog server (or use the dropdown to choose an existing syslog server). Choose Severity to specific what levels of log you would like. In this case I have choosen informational (INFO), which will give me information on all opened connections. If you have to edit an existing syslog server, use this path: Policies -> Actions -> Alerts using the pencil on the syslog server.