I am looking for advice on which tools people are using to analyse syslog data from their Firepower modules to get detailed information on user Internet access. I am able to send the data to our syslog server, and have set up the free version of Splunk to search and analyse the data. It seems though that when monitoring multiple firepower modules the amount of log data will be pretty large and could get quite expensive using Splunk quite quickly.
So, what are people's favourite tools for analysing log data from Firepower? Specifically for looking at user Internet activity including which sites have been accessed and when.
Thanks,