Hi, New to graylog… got it working for my cisco asa 5508-x with firepower however, it is not working with the intrusion events. (works great for rule events)
I have configured the firepower intrusion policy to do SNMP to my graylog server and to use syslog (just trying to get one or the other working)… In graylog I have 2 inputs, one for SNMP which is using port 162 and one for syslog udp 514. I did use the authbind to allow the ports to be used on my ubuntu box. All the configuration looks right as far as I can tell, just when I generate an intrusion event it shows in the real time monitoring of the Cisco Firepower box, but no logs show up in either of those inputs in graylog.
Any help would be much appreciated.