Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pulling Cisco ASA CX module data to a 3rd party SIEM

Hi all,

We have been deploying ASAs with IPS modules for several years and collecting logs/events from the IPS using a 3rd party SIEM tool via SDEE.  Recently, we started deploying ASAs with CX modules for IPS, content, and application filtering .  The CX module works great but I haven't been able to find a way to pull the data into the 3rd party SIEM via syslog or SDEE.  I found some information regarding the ASA syslog id for CX modules begin with 429xxx but none of the messages appear to show the IPS events in general.  I haven't found any methods for pulling the logs or sending them to a syslog server via the onboard CX module PRSM software or the standalone PRSM software.  Is it even possible to pull the data from the CX module to a 3rd party tool?

Any help or advice on this issue would be appreciated.

Thank you

Everyone's tags (2)
CreatePlease login to create content