01-28-2020 08:49 AM - edited 01-28-2020 08:50 AM
We are testing sending connection event data from our managed devices to our SIEM via syslog - rather than using the estreamer solution (long story).
In brief testing I noticed that I don't get some enhanced data - (initiator country for example) in the connection event via syslog.
Is this a limitation in sending via syslog?
FMC & Managed devices: 6.4.0.7
Note: I have only tested on a legacy FirePOWER device - not the newer 2100/4100 platforms.
Thanks in advance for your response!
Bob
Solved! Go to Solution.
01-28-2020 08:56 PM
Hi Bob-
Yes, this is the expected behavior. Some information/data is not going to be available with events sent via syslog and one of those is Geolocation. For more information and details on this, you can reference the FMC's configuration guide:
I hope this helps!
Thank you for rating helpful posts!
01-28-2020 08:56 PM
Hi Bob-
Yes, this is the expected behavior. Some information/data is not going to be available with events sent via syslog and one of those is Geolocation. For more information and details on this, you can reference the FMC's configuration guide:
I hope this helps!
Thank you for rating helpful posts!
02-06-2020 09:18 AM
Ok, that's disappointing but I appreciate the response.
Bob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide