topic Hello, in Network Security

syslog server in sourcefire/firepower

John — Tue, 12 Mar 2019 13:09:16 GMT

How to configure syslog server in sourcefire/firepower?

Hello John,

Jetsy Mathew — Fri, 07 Oct 2016 07:44:33 GMT

Hello John,

Refer the following link and let us know if that helps you.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html

Rate and mark the answers correct and posts that helps you.

Regards

Jetsy

we need to create syslog per

John — Fri, 07 Oct 2016 07:54:29 GMT

we need to create syslog per policy?

Hello John,

Jetsy Mathew — Fri, 07 Oct 2016 08:14:14 GMT

Hello John,

After configuring the syslog server, you just have to enable the loggings to send the log to Syslog server in Access control - Rules.

Regards

Jetsy

Hello,

thaungtunzaw — Thu, 25 May 2017 05:34:18 GMT

Hello,

The intrusion events log received from Syslog server. However, there are not contain interface info. May I know is there any way to configure the Syslog to contain the interface info?

Thanks

Best Regards,

Thaung

You are not going to be able

atatistc — Thu, 01 Jun 2017 02:17:04 GMT

You are not going to be able to change the built-in syslog format from the UI. The list of fields available is fixed. However, the eStreamer API has a much more robust set of fields. Using an eStreamer client to pull events from the FMC you can get a ton (literally) more data. If you really, really need it in syslog you could create an eStreamer client that pulls data from the FMC and then sends it via syslog wherever you want. Then you can pick whatever data you want to send in your syslog message. The latest integration guide is here

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/IS-DCRecords.html.

Also, there is an eStreamer SDK (Perl) you can download that includes some sample code as well as the Integration Guide.