Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2140
Views
10
Helpful
7
Replies

cisco sourcefire device

Go to solution
techburn_@hotmail.com
Level 1
Level 1

‎03-15-2019 12:05 AM

Hi all,

i would like to know how a cisco sourcefire device fetches the syslog itself to another syslog server?

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to techburn_@hotmail.com

‎03-16-2019 10:19 PM - edited ‎03-16-2019 10:23 PM

It may be a language issue in your question, but the Sourcefire device does not (and cannot) "fetch logs from a syslog server". It can send log messages to a syslog server.

The link Balaji provided describes how to do that. Any syslog server will work as long as it accepts RFC 5424 standard syslog messages.

As far as how it works, the appliance will simply encapsulate the messages in IP packets with destination address of the configured syslog server and destination port of udp/514.

View solution in original post

7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-15-2019 01:44 AM

if i understand correctly you looking offload the logs to syslog from sourcefire device (if not please correct me)

 

below guide help you to offload the load to external syslog server :

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
techburn_@hotmail.com
Level 1
Level 1
In response to balaji.bandi

‎03-15-2019 02:36 AM

Hi,

i just want the process on how the cisco sourcefire device fetch the log from a syslog server

0 Helpful

Go to solution
techburn_@hotmail.com
Level 1
Level 1
In response to balaji.bandi

‎03-15-2019 02:36 AM

Hi,

i just want the process on how the cisco sourcefire device fetch the log from a syslog server

 

thanks

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to techburn_@hotmail.com

‎03-15-2019 03:08 AM

which syslog server, can you give more explanation ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
techburn_@hotmail.com
Level 1
Level 1
In response to balaji.bandi

‎03-16-2019 09:06 PM

Hi ,

the syslog server can be apache linux server or splunk server

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to techburn_@hotmail.com

‎03-16-2019 10:19 PM - edited ‎03-16-2019 10:23 PM

It may be a language issue in your question, but the Sourcefire device does not (and cannot) "fetch logs from a syslog server". It can send log messages to a syslog server.

The link Balaji provided describes how to do that. Any syslog server will work as long as it accepts RFC 5424 standard syslog messages.

As far as how it works, the appliance will simply encapsulate the messages in IP packets with destination address of the configured syslog server and destination port of udp/514.

Go to solution
techburn_@hotmail.com
Level 1
Level 1
In response to Marvin Rhoads

‎03-18-2019 02:45 AM

Hi Marvin,

 

thanks you very much of your explanation

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card