https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922148#M18537 <P>Thank you for your quick answer!</P> <P>When I check this documentation I understand it as that this option will be logging exploits attempts from this policy match to a syslog server.</P> <P>What we would like to log is actual user traffic to allowed and denied sites.</P> <P>Like the information found when I go to Analysis-&gt;Connections-&gt;event</P> <P>Or, do I missunderstand the documentation above, will it accomplish this?</P> Wed, 15 Jun 2016 08:37:21 GMT Jacob Jacobson 2016-06-15T08:37:21Z https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922146#M18511 <P>Hi,</P> <P></P> <P>I'm looking into to export the connection -&gt; events from Firesight to another host.</P> <P>What would be the best way to do this? I can not find any clear option in the GUI to export the information.</P> <P>Is this information in mysql or can it be found in a plaintext file on the Sourcefirehost that can be copied to another host?</P> <P>Or can we configure the Sourcefire to send syslog for every connection event to another syslog host?</P> <P></P> <P>We would like to save the information for 3 month+ but unfortunatly atm the log is about 24 hour.</P> <P></P> <P>Regards,</P> <P>//Jacob</P> Tue, 14 Jun 2016 10:46:47 GMT https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922146#M18511 Jacob Jacobson 2016-06-14T10:46:47Z https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922147#M18528 <P>Hi Jacob,</P> <P></P> <P>We can configure firesight to send connection events to syslog server.</P> <P></P> <P>You can refer the document below for the same :</P> <P>http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html</P> <P></P> <P>Rate if it helps.</P> <P></P> <P>Thanks,</P> <P>Ankita</P> <P></P> Tue, 14 Jun 2016 13:32:33 GMT https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922147#M18528 ankojha 2016-06-14T13:32:33Z https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922148#M18537 <P>Thank you for your quick answer!</P> <P>When I check this documentation I understand it as that this option will be logging exploits attempts from this policy match to a syslog server.</P> <P>What we would like to log is actual user traffic to allowed and denied sites.</P> <P>Like the information found when I go to Analysis-&gt;Connections-&gt;event</P> <P>Or, do I missunderstand the documentation above, will it accomplish this?</P> Wed, 15 Jun 2016 08:37:21 GMT https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922148#M18537 Jacob Jacobson 2016-06-15T08:37:21Z https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922149#M18545 <P>Hi Jacob, The access control policy has logging option so if a traffic hits a particular rule in which logging is enabled and it is also set to send the logs to Syslog.</P> <P>You will be able to see all sort of user traffic on the Syslog no matter whether it is exploit traffic or normal traffic,</P> <P></P> <P>Mark it as correct if it helped in resolving your query.</P> <P></P> <P>thanks</P> <P>ankita</P> Wed, 15 Jun 2016 14:34:19 GMT https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922149#M18545 ankojha 2016-06-15T14:34:19Z https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922150#M18553 <P>Yes, this should solve our issue. Thank you very much for your assistance!</P> <P></P> <P>//Jacob</P> Wed, 15 Jun 2016 14:37:11 GMT https://community.cisco.com/t5/network-security/export-logs-events-to-other-host/m-p/2922150#M18553 Jacob Jacobson 2016-06-15T14:37:11Z