https://community.cisco.com/t5/network-security/estreamer-ftd/m-p/3861585#M942740 <P>Hello All,</P><P>&nbsp;</P><P>We are collecting logs from FTD via a FMC using E-streamer and I can see that the sample events from the FTD device doesn't contains all the fields. Below is the sample data that we received and comparing it with a managed device, the data looks small. There are only two FTD devices registered with the FMC and both have a base and URL filtering license.</P><P>&nbsp;</P><P>Does anything changes between the logging of FTD vs a managed device. I understand the intrusion data is not applicable in a FTD but for the connection events, all the fields in FTD looks good.</P><P>&nbsp;</P><P><EM>_messageType=4, _recordTypeName=RNA Flow Statistics, _serverTimestamp=xxxx, _subtype=71.1, destination_port=xxx, client_app_version=, event_subtype=1, first_packet_timestamp=xxxx, client_inbound_bytes=xxx, client_outbound_bytes=xxxxx, client_inbound_packets=0, protocol=6, event_type=xxxx, client_outbound_packets=0, client_app_name=xxxx, tcp_flags=xxxxxx, mac_address=xxxx, source_port=xxxx, source_num_ip=xxxx, _recordType=71, event_microsecond=0, service_name=xxxx, ip_address=0, client_app_url=xxxxxx, detection_engine_id=xxxx, event_second=0, last_packet_timestamp=xxxx, logging_device_num_ip=0, destination_num_ip=xxxx, flow_type=0, domain=, _messageLength=186, _messageTypeName=event data message, _subtypeName=Flow Data Mess</EM></P> Fri, 21 Feb 2020 17:09:46 GMT True Warrior 2020-02-21T17:09:46Z https://community.cisco.com/t5/network-security/estreamer-ftd/m-p/3861585#M942740 <P>Hello All,</P><P>&nbsp;</P><P>We are collecting logs from FTD via a FMC using E-streamer and I can see that the sample events from the FTD device doesn't contains all the fields. Below is the sample data that we received and comparing it with a managed device, the data looks small. There are only two FTD devices registered with the FMC and both have a base and URL filtering license.</P><P>&nbsp;</P><P>Does anything changes between the logging of FTD vs a managed device. I understand the intrusion data is not applicable in a FTD but for the connection events, all the fields in FTD looks good.</P><P>&nbsp;</P><P><EM>_messageType=4, _recordTypeName=RNA Flow Statistics, _serverTimestamp=xxxx, _subtype=71.1, destination_port=xxx, client_app_version=, event_subtype=1, first_packet_timestamp=xxxx, client_inbound_bytes=xxx, client_outbound_bytes=xxxxx, client_inbound_packets=0, protocol=6, event_type=xxxx, client_outbound_packets=0, client_app_name=xxxx, tcp_flags=xxxxxx, mac_address=xxxx, source_port=xxxx, source_num_ip=xxxx, _recordType=71, event_microsecond=0, service_name=xxxx, ip_address=0, client_app_url=xxxxxx, detection_engine_id=xxxx, event_second=0, last_packet_timestamp=xxxx, logging_device_num_ip=0, destination_num_ip=xxxx, flow_type=0, domain=, _messageLength=186, _messageTypeName=event data message, _subtypeName=Flow Data Mess</EM></P> Fri, 21 Feb 2020 17:09:46 GMT https://community.cisco.com/t5/network-security/estreamer-ftd/m-p/3861585#M942740 True Warrior 2020-02-21T17:09:46Z