https://community.cisco.com/t5/network-security/firepower-ips-logging-syslog-vs-estreamer/m-p/4454830#M1083147 <P>Hello,</P><P>&nbsp;</P><P>Is it be possible to collect Firepower IPS connection events via syslog rather than estreamer (FMC)? If yes, is there any info that may be missed (e.g. security intelligence events, any potential interesting fields within the connection event?)</P><P>My understanding is that the FMC/estreamer adds some correlation/enrichments to the connection events.&nbsp;</P><P>&nbsp;</P><P>Thanks,</P> Wed, 25 Aug 2021 16:16:49 GMT sindandoh 2021-08-25T16:16:49Z https://community.cisco.com/t5/network-security/firepower-ips-logging-syslog-vs-estreamer/m-p/4454830#M1083147 <P>Hello,</P><P>&nbsp;</P><P>Is it be possible to collect Firepower IPS connection events via syslog rather than estreamer (FMC)? If yes, is there any info that may be missed (e.g. security intelligence events, any potential interesting fields within the connection event?)</P><P>My understanding is that the FMC/estreamer adds some correlation/enrichments to the connection events.&nbsp;</P><P>&nbsp;</P><P>Thanks,</P> Wed, 25 Aug 2021 16:16:49 GMT https://community.cisco.com/t5/network-security/firepower-ips-logging-syslog-vs-estreamer/m-p/4454830#M1083147 sindandoh 2021-08-25T16:16:49Z https://community.cisco.com/t5/network-security/firepower-ips-logging-syslog-vs-estreamer/m-p/4454977#M1083158 <P>As far as I know you need to use estreamer to get IPS, security intelligence, (etc.) type events.</P> Wed, 25 Aug 2021 20:15:47 GMT https://community.cisco.com/t5/network-security/firepower-ips-logging-syslog-vs-estreamer/m-p/4454977#M1083158 Marius Gunnerud 2021-08-25T20:15:47Z