05-14-2020 06:26 AM - edited 05-14-2020 10:54 PM
I tried to use CEF logs Consolidated Event Logs on Cisco Esa but unfortunately ESA only sends the logs that have Accept on Connection Behavior, but I need also logs with Reject Connection Behavior.
When I use normal syslog format, ESA send all logs, the issue is only on Consolidated Event Logs - CEF format.
05-31-2020 04:54 AM
Hello,
We need to review the device configuration and will try to repro the same in our lab environment.
Please open a TAC case to troubleshoot this issue.
Regards,
Dayananda Acharya
05-07-2021 09:27 AM
Hi,
We also have this issue. CEF logs doesn't contain any information about incoming rejected connections. We need this information to be added so that we have all the necessary tracking information in one logs.
It's really painfull to have to keep CEF logs and Mail logs at the same time..
05-10-2021 03:30 AM
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu71714
You can subscribe to this enhancement request for the same to get notifications about it.
05-14-2021 11:13 AM
for reject you need the classical mail logs for now.
If you are using a SIEM you an easily merge the two records by MID and ESAMID field.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide