Solved: FMA and FTD logs need s to send in CEF Format

Shine Sudheesh · ‎04-16-2023

Dear All ,

We have a requirement to send the FTD and FMC syslog in CEF format. Is it supported by FTD??

Please let me know how we can configure if its supported for FMC/FTD.

FMC and FTD Version:7.0.5

Br,

Shine Sudheesh

MHM Cisco World · ‎04-17-2023

Cisco Firepower 6 Arc Sight CEF Integration Guide 2020 - Micro Focus Common Event Format Integration - Studocu

check this link

View solution in original post

marce1000 · ‎04-16-2023

- Check available command options when configuring a syslog server through the CLI :
logging host <syslog_server_IP_address> ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Shine Sudheesh · ‎04-17-2023

Dear Marce ,

Thanks for your reply.

But this is for FTD and FMC.

Cant get in to config mode on cli.

Br,

Shine Sudheesh

Marvin Rhoads · ‎04-17-2023

Common Event Format (CEF) is not currently supported by Cisco FTD firewalls or FMC.

MHM Cisco World · ‎04-17-2023

Cisco Firepower 6 Arc Sight CEF Integration Guide 2020 - Micro Focus Common Event Format Integration - Studocu

check this link

Marvin Rhoads · ‎04-17-2023

That's interesting @MHM Cisco World . It appears that, under the covers, eStreamer uses CEF. At least that's how I read that guide.

sean.torgerson@doj.state.or.us · ‎12-14-2023

Yes, you can get CEF formatted logs out of the FMC using the eStreamer integration, but you have to use an external third party python script (eStreamer encore) to PULL the logs from the FMC and the estreamer is what is doing the formatting. It would be much better if we could just natively send from the FMC or FTD in CEF format (PUSH).