topic Re: Send Aggregate Logs from FMC to SIEM in Network Security https://community.cisco.com/t5/network-security/send-aggregate-logs-from-fmc-to-siem/m-p/4737736#M1095894 <P>was there any response to this. im looking for the same thing</P> Tue, 13 Dec 2022 10:03:22 GMT michael18 2022-12-13T10:03:22Z Send Aggregate Logs from FMC to SIEM https://community.cisco.com/t5/network-security/send-aggregate-logs-from-fmc-to-siem/m-p/4458978#M1083297 <P>Is there a way to send connection events and IPS logs from the FMC instead of configuring each FTD to send to a SIEM?</P> Thu, 02 Sep 2021 18:08:06 GMT https://community.cisco.com/t5/network-security/send-aggregate-logs-from-fmc-to-siem/m-p/4458978#M1083297 Scott_22 2021-09-02T18:08:06Z Re: Send Aggregate Logs from FMC to SIEM https://community.cisco.com/t5/network-security/send-aggregate-logs-from-fmc-to-siem/m-p/4737736#M1095894 <P>was there any response to this. im looking for the same thing</P> Tue, 13 Dec 2022 10:03:22 GMT https://community.cisco.com/t5/network-security/send-aggregate-logs-from-fmc-to-siem/m-p/4737736#M1095894 michael18 2022-12-13T10:03:22Z Re: Send Aggregate Logs from FMC to SIEM https://community.cisco.com/t5/network-security/send-aggregate-logs-from-fmc-to-siem/m-p/4737923#M1095914 <P>This is possible if SIEM supports eStreamer protocol:</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/analysis-external-tools.html#id_85394" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/analysis-external-tools.html#id_85394</A></P><P>For syslog there always be at least two sources of messages: managed devices and FMC. Further, managed devices send both Lina (ASA) syslogs and Snort syslogs (e.g. connection and intrusion events). As of 6.3 syslog server can be configured in a single place (under Platform Settings) and used by both of them.</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/interfaces-settings-platform.html#task_88952FB807AB4D43B0894F99B215EDD4" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/interfaces-settings-platform.html#task_88952FB807AB4D43B0894F99B215EDD4</A></P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/access-policies.html#AC_Policy_Syslog_Settings" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/access-policies.html#AC_Policy_Syslog_Settings</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 13 Dec 2022 15:14:36 GMT https://community.cisco.com/t5/network-security/send-aggregate-logs-from-fmc-to-siem/m-p/4737923#M1095914 tvotna 2022-12-13T15:14:36Z