Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco Prime Integration into SIEM

Hi

I'm about to deploy 2x ASA5585-X Firewalls (with AVC and WSE). Management and configuration will be done via PRSM.

The client has read (I don't know where, I cant find any corroboration), that the information (user tracking, exceptions, etc) that AVC and WSE log to PRSM is in a proprietary format.

We are also deploying an SIEM solution (LogRhythm) and the ASA's will be exporting syslogs into that solution.

My Questions are;

1. Will the WSE and AVC events also be logged to Syslog? Is there a reference for the corresponding syslog message ID?

2. If not will PRSM export that information into SIEM? If so how?

 

Thanks

Pete

www.petenetlive.com 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

The AVC/WSE events are sent

The AVC/WSE events are sent to PRSM via a proprietary format - the collateral I have seen describes it as "reliable binary logging". I'd compare it to SDEE as used by the legacy IPS sensors. The events are not reflected as ASA syslog messages,

PRSM is positioned as the top level collector of those logs. It does not have any provision for external SIEM integration. It's reports are either viewed via PRSM itself or via a manually generated PDF.

2 REPLIES
Hall of Fame Super Silver

The AVC/WSE events are sent

The AVC/WSE events are sent to PRSM via a proprietary format - the collateral I have seen describes it as "reliable binary logging". I'd compare it to SDEE as used by the legacy IPS sensors. The events are not reflected as ASA syslog messages,

PRSM is positioned as the top level collector of those logs. It does not have any provision for external SIEM integration. It's reports are either viewed via PRSM itself or via a manually generated PDF.

Community Member

Hi Marvin,While its not what

Hi Marvin,

While its not what I wanted to hear, sometimes the answer is 'it can't be done', unfortunately. As Cisco ISE integration with SIEM is so good (depending on the SIEM vendor!) Maybe that will change in the future. At least now I'm armed with some more information.

Thanks for you time, I hope I get to return the favour some day.

Regards Pete (www.petenetlive.com)

910
Views
0
Helpful
2
Replies
CreatePlease to create content