Finding Your Device's TCP, UDP, and NSEL Port Used for Secure Logging Analytics (SaaS)

Secure Logging Analytics (SaaS) allows you to send events from your ASA or FDM-managed devices to certain UDP, TCP, or NSEL ports on the Secure Event Connector (SEC). The SEC then forwards those events to the Cisco cloud.

If these ports aren't already in use, the SEC makes them available to receive events and the Secure Logging Analytics (SaaS) documentation recommends using them when you configure the feature.

  • TCP: 10125

  • UDP: 10025

  • NSEL: 10425

If those ports are already in use, before you configure Secure Logging Analytics (SaaS), look at your SEC device details to determine what ports it is actually using to receive events.

To find the port numbers the SEC uses:

Procedure


Step 1

From the left pane, click Administration > Firewall Management Center and then click the Secure Connectors tab.

Step 2

In the Secure Connectors page, select the SEC you want to send events to.

Step 3

In the Details pane, you will see the TCP, UDP, and NetFlow (NSEL) port you should send events to.