07-28-2016 09:48 AM
I am trying to setup patterns in Logstash(ELK stack) to monitor FirePower logs. I am trying to find a documentation that shows all the syslog messages that FirePower can produce to create a pattern file for them. What I am looking for is similar to this documentation on the ASA.
http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs1.html
Does anything exist like this for the FirePower module?
02-23-2017 02:04 PM
Just stumbled on your post, so sorry for the delay.
Not sure if you made any headway on this (hope so, since it says this post is 7 months old), but, go to: https://grokdebug.herokuapp.com/
And you can build and test any patterns.
03-24-2017 08:31 AM
Did you ever find out if this documentation exists?
03-24-2017 12:23 PM
I ended up using kv(key value) within logstash as a filter. But to answer your question, no it does not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide