Cisco Firepower Connection Logging - [syslog vs eStreamer]

nuthaponbutsungnoen9037 · ‎03-22-2022

Can I use syslog for collecting connection events [eg. Connection event, IPS event, SI event, Malware event etc] instead of eStreamer ? Are there any connection log events that may be missed if I use syslog ?

My understanding is that the FMC/estreamer adds some correlation/enrichments to the connection events.

Octavian Szolga · ‎03-24-2022

Hi,

You should check this section of user guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/analyze_events_using_external_tools.html#id_85387

BR,

Octavian

tdavoren1 · ‎05-24-2022

Hey there,

Could you share what configuration you ended up deploying? Just syslog or just eStreamer or a combination? It's been hard to get definitive answers from Cisco on the long term future of eStreamer, but it's enriched events are very useful.

Tim.