Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3627
Views
5
Helpful
4
Replies

Consolidated Event Logs ESA

AEK
Level 1
Level 1

‎05-14-2020 06:26 AM - edited ‎05-14-2020 10:54 PM

I tried to use CEF logs Consolidated Event Logs on Cisco Esa but  unfortunately ESA only sends the logs that have Accept on Connection Behavior, but I need also logs with Reject Connection Behavior.

When I use normal syslog format, ESA send all logs, the issue is only on Consolidated Event Logs - CEF format.

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

daachary
Cisco Employee
Cisco Employee

‎05-31-2020 04:54 AM

Hello,

We need to review the device configuration and will try to repro the same in our lab environment.

Please open a TAC case to troubleshoot this issue.

Regards,

Dayananda Acharya

0 Helpful

lionel.nicole
Level 1
Level 1

‎05-07-2021 09:27 AM

Hi,

We also have this issue. CEF logs doesn't contain any information about incoming rejected connections. We need this information to be added so that we have all the necessary tracking information in one logs.

It's really painfull to have to keep CEF logs and Mail logs at the same time..

0 Helpful

svgeorgi
Cisco Employee
Cisco Employee

‎05-10-2021 03:30 AM

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu71714

You can subscribe to this enhancement request for the same to get notifications about it.

0 Helpful

marc.luescherFRE
Spotlight
Spotlight

‎05-14-2021 11:13 AM

for reject you need the classical mail logs for now.

If you are using a SIEM you an easily merge the two records by MID and ESAMID field.

Customers Also Viewed These Support Documents