https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4040974#M1067400 <P>I did, and I got as far as having eStreamer write a local .json file. I'd like to be able to pipe the output directly to logstash, though, without having to write a file in the middle. I'm using the Python-based eStreamer client we downloaded from Cisco, and the manual you refer to is showing config for the Perl one. I'm just not clear on how to set up the outputters: section to push the data directly over udp to the logstash listener.</P><P>&nbsp;</P> Thu, 05 Mar 2020 15:12:29 GMT sdkeslar2012 2020-03-05T15:12:29Z https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4040163#M1067316 <P>Trying to get data out of our FMC to our SIEM. How do&nbsp; you set up estreamer.conf to send the data to a tcp port? The operations guide mentions it, but not how to do it.....</P><P>&nbsp;</P> Wed, 04 Mar 2020 13:41:44 GMT https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4040163#M1067316 sdkeslar2012 2020-03-04T13:41:44Z https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4040576#M1067361 <P>Hi<BR /><BR />Did you check this config guide:<BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/estreamer/EventStreamerIntegrationGuide/ConfiguringEstreamer.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/estreamer/EventStreamerIntegrationGuide/ConfiguringEstreamer.html</A><BR /><BR />It explains all the configuration</P> Thu, 05 Mar 2020 03:12:58 GMT https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4040576#M1067361 Francesco Molino 2020-03-05T03:12:58Z https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4040974#M1067400 <P>I did, and I got as far as having eStreamer write a local .json file. I'd like to be able to pipe the output directly to logstash, though, without having to write a file in the middle. I'm using the Python-based eStreamer client we downloaded from Cisco, and the manual you refer to is showing config for the Perl one. I'm just not clear on how to set up the outputters: section to push the data directly over udp to the logstash listener.</P><P>&nbsp;</P> Thu, 05 Mar 2020 15:12:29 GMT https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4040974#M1067400 sdkeslar2012 2020-03-05T15:12:29Z https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4041204#M1067415 Ok you're looking for the config on logstash side?<BR />I didn't do it with logstash yet. I can take a look ove the weekend Thu, 05 Mar 2020 19:45:22 GMT https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4041204#M1067415 Francesco Molino 2020-03-05T19:45:22Z https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4041257#M1067423 <P>No, the LS config seems fine. I'd like to eliminate writing the eStreamer data to disk. Having an issue where it pushes about 1.5GB of data, then just stops writing to the file. Status still shows it thinks it's processing events. I actually got it to try to send over UDP to LS, but then eStreamer was complaining that the data was too large.. arggh.</P><P>&nbsp;</P> Thu, 05 Mar 2020 20:52:12 GMT https://community.cisco.com/t5/network-security/estreamer-config-question/m-p/4041257#M1067423 sdkeslar2012 2020-03-05T20:52:12Z