cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1822
Views
0
Helpful
1
Replies

Firepower IPS logging - syslog vs estreamer

sindandoh
Level 1
Level 1

Hello,

 

Is it be possible to collect Firepower IPS connection events via syslog rather than estreamer (FMC)? If yes, is there any info that may be missed (e.g. security intelligence events, any potential interesting fields within the connection event?)

My understanding is that the FMC/estreamer adds some correlation/enrichments to the connection events. 

 

Thanks,

1 Reply 1

As far as I know you need to use estreamer to get IPS, security intelligence, (etc.) type events.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card