Troubleshoot a Syslog Integration

Events are not reaching Cisco Security Services Proxy

Make sure your devices can reach Cisco Security Services Proxy on the network.

Problems accessing the cloud

• If you activate your cloud account immediately before attempting to configure this integration and you encounter problems implementing this integration, try waiting an hour or two and then log in to your cloud account.

• Make sure you are accessing the correct URL for the regional cloud associated with your account.

Expected events are missing from the Events list

Check the following:

• Click the Refresh button on the Events page to refresh the list.

• Verify that the expected events appear on the device.

• Check your configurations for automatic deletion (filtering out events) in the Eventing settings on the Cloud Services page in Security Services Exchange.

• Make sure you are viewing the regional cloud to which you are sending your events.

Questions about Syslog Fields

For syslog fields and descriptions, see the Threat Defense Syslog Messages.

Some events are missing from SecureX tiles

If you are using custom Security Intelligence objects in the Firepower Management Center, including global block or allow lists, you must configure Security Services Exchange to auto-promote events that are processed using those objects. See information in the Security Services Exchange online help about promoting events to incidents.