https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3340523#M926366 <P>Right, I believe that is correct. The issue is that this works fine on the other FMC going to LR. Its this one particular FMC and LR instance that is refusing to cooperate. any insight is very much appreciated. thanks!</P> Thu, 01 Mar 2018 16:05:07 GMT jerm10201 2018-03-01T16:05:07Z https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3225709#M926364 <P>***ERROR*** Error starting eStreamer source&nbsp;xxxxxx eStreamer: SSL authentication failed - closing the connection: A call to SSPI failed, see inner exception.</P> <P>&nbsp;</P> <P>I am receiving this error on a SIEM when attempting to send logs from the estreamer to SIEM. i have recreated the host and tried the SSL cert with and without a password. Is there any known configuration item needed on the SIEM besides installation of the cert?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 14:53:15 GMT https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3225709#M926364 jerm10201 2020-02-21T14:53:15Z https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3225802#M926365 <P>I believe the SSL authentication is mutual - i.e. FMC must trust the LogRhythm certificate (and signing CA if it's not self-signed) and vice versa.</P> Sat, 02 Dec 2017 02:30:51 GMT https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3225802#M926365 Marvin Rhoads 2017-12-02T02:30:51Z https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3340523#M926366 <P>Right, I believe that is correct. The issue is that this works fine on the other FMC going to LR. Its this one particular FMC and LR instance that is refusing to cooperate. any insight is very much appreciated. thanks!</P> Thu, 01 Mar 2018 16:05:07 GMT https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3340523#M926366 jerm10201 2018-03-01T16:05:07Z https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3404879#M926367 <P>Hey Guys,</P> <P>I need to integrate FMC&nbsp; 4000 with LogRhythm , I have exported the cert from FMC.&nbsp;</P> <P>&nbsp;</P> <P>Can you please brief me on the steps involved , like what all changes we need to make at server end etc?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Prashant</P> <P>&nbsp;</P> Mon, 25 Jun 2018 13:36:49 GMT https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3404879#M926367 prashant dwivedi 2018-06-25T13:36:49Z https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3404946#M926369 <P>It's an eStreamer integration. The general process is the same for eStreamer clients.</P> <P>&nbsp;</P> <P>Here is how you setup the FMC end:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/ConfiguringEstreamer.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/ConfiguringEstreamer.html</A></P> <P>&nbsp;</P> <P>Here is a blog article that is a couple of years old but still relevant covering both sides of a setup (albeit not LogRhythm):</P> <P>&nbsp;</P> <P><A href="https://popravak.wordpress.com/2015/07/29/connecting-sourcefire-to-siem-with-estreamer/" target="_blank">https://popravak.wordpress.com/2015/07/29/connecting-sourcefire-to-siem-with-estreamer/</A></P> Mon, 25 Jun 2018 14:45:43 GMT https://community.cisco.com/t5/network-security/integration-with-logrhythm/m-p/3404946#M926369 Marvin Rhoads 2018-06-25T14:45:43Z