https://community.cisco.com/t5/network-security/how-to-export-logs-from-fmc/m-p/3477143#M133067 <HTML><HEAD></HEAD><BODY><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">I have a small question about Firepower</P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">My customer has some attack event last week. He wants us to export the Sourcefire logs that generate last week for them to analyze. They will import it to a new SIEM.</P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">They don’t have any syslog server in their environment.</P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">Do you know how to export all the intrusion events or connection events from FMC?</P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">Brian Li</P></BODY></HTML> Tue, 12 Dec 2017 09:55:49 GMT lanwei Li 2017-12-12T09:55:49Z https://community.cisco.com/t5/network-security/how-to-export-logs-from-fmc/m-p/3477143#M133067 <HTML><HEAD></HEAD><BODY><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">I have a small question about Firepower</P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">My customer has some attack event last week. He wants us to export the Sourcefire logs that generate last week for them to analyze. They will import it to a new SIEM.</P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">They don’t have any syslog server in their environment.</P><P></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">Do you know how to export all the intrusion events or connection events from FMC?</P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;"></P><P style="font-size: 12pt; font-family: Calibri, sans-serif; color: #000000;">Brian Li</P></BODY></HTML> Tue, 12 Dec 2017 09:55:49 GMT https://community.cisco.com/t5/network-security/how-to-export-logs-from-fmc/m-p/3477143#M133067 lanwei Li 2017-12-12T09:55:49Z https://community.cisco.com/t5/network-security/how-to-export-logs-from-fmc/m-p/3477144#M133072 <HTML><HEAD></HEAD><BODY><P>I don't think there is a way to pull existing data out in any format for import into another tool. </P><P></P><P>You will have to just use FMC for analysis of the existing data, and start sending syslog data to the SIEM from this point forward.</P><P></P><P>Ryan</P></BODY></HTML> Fri, 15 Dec 2017 18:28:24 GMT https://community.cisco.com/t5/network-security/how-to-export-logs-from-fmc/m-p/3477144#M133072 Ryan Wolfe 2017-12-15T18:28:24Z https://community.cisco.com/t5/network-security/how-to-export-logs-from-fmc/m-p/3477145#M133079 <HTML><HEAD></HEAD><BODY><P>Hi Brian,</P><P></P><P>In addition to what Ryan mentioned since we cannot export the logs into external tool. FMC does have the option of context explorer which give consolidated time line of what events took place for specific IP address.</P><P></P><P>Raghu</P></BODY></HTML> Wed, 20 Dec 2017 06:35:17 GMT https://community.cisco.com/t5/network-security/how-to-export-logs-from-fmc/m-p/3477145#M133079 Raghunath Kulkarni 2017-12-20T06:35:17Z