Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10704
Views
0
Helpful
5
Replies

syslog server in sourcefire/firepower

Go to solution
John
Level 1
Level 1

‎10-07-2016 12:33 AM - edited ‎03-12-2019 06:09 AM

How to configure syslog server in sourcefire/firepower?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
atatistc
Cisco Employee
Cisco Employee
In response to thaungtunzaw

‎05-31-2017 07:17 PM

You are not going to be able to change the built-in syslog format from the UI.  The list of fields available is fixed.  However, the eStreamer API has a much more robust set of fields.  Using an eStreamer client to pull events from the FMC you can get a ton (literally) more data.  If you really, really need it in syslog you could create an eStreamer client that pulls data from the FMC and then sends it via syslog wherever you want.  Then you can pick whatever data you want to send in your syslog message.  The latest integration guide is here 

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/IS-DCRecords.html.  

Also, there is an eStreamer SDK (Perl) you can download that includes some sample code as well as the Integration Guide.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee

‎10-07-2016 12:44 AM

Hello John,

Refer the following link and let us know if that helps you.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html

Rate and mark the answers correct and posts that helps you.

Regards

Jetsy 

0 Helpful

Go to solution
John
Level 1
Level 1
In response to Jetsy Mathew

‎10-07-2016 12:54 AM

we need to create syslog per policy? 

0 Helpful

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee
In response to John

‎10-07-2016 01:14 AM

Hello John,

After configuring the syslog server, you just have to enable the loggings to send the log to Syslog server in Access control - Rules.

Regards

Jetsy 

0 Helpful

Go to solution
thaungtunzaw
Level 1
Level 1
In response to Jetsy Mathew

‎05-24-2017 10:34 PM

Hello,

The intrusion events log received from Syslog server. However, there are not contain interface info. May I know is there any way to configure the Syslog to contain the interface info?

Thanks 

Best Regards,

Thaung

0 Helpful

Go to solution
atatistc
Cisco Employee
Cisco Employee
In response to thaungtunzaw

‎05-31-2017 07:17 PM

You are not going to be able to change the built-in syslog format from the UI.  The list of fields available is fixed.  However, the eStreamer API has a much more robust set of fields.  Using an eStreamer client to pull events from the FMC you can get a ton (literally) more data.  If you really, really need it in syslog you could create an eStreamer client that pulls data from the FMC and then sends it via syslog wherever you want.  Then you can pick whatever data you want to send in your syslog message.  The latest integration guide is here 

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/IS-DCRecords.html.  

Also, there is an eStreamer SDK (Perl) you can download that includes some sample code as well as the Integration Guide.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card