cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


676
Views
0
Helpful
0
Replies
Highlighted
Beginner

FMC eStreamer: How to identify the device source ?

FMC is sending eStreamer logs to Qradar, when we look at the logs, source is being seen as FMC, how to identify the original FTD device that is sending the logs? Looking at the eStreamer payload, I see the field flowStatistics.deviceId=3  but I am not sure if it correlates to exact device or not, quick test using the flow on the event viewer showed id 1 and 3 to same Cluster member, if it does correlate, where to look that id and device correlation.

Any comments/suggestions are welcome. Thank You.