cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2558
Views
2
Helpful
6
Replies

FMA and FTD logs need s to send in CEF Format

Shine Sudheesh
Level 1
Level 1

Dear All , 

 

We have a requirement to send the FTD and FMC syslog in CEF format. Is it supported by FTD??

Please let me know how we can configure if its supported for FMC/FTD.

FMC and FTD Version:7.0.5

Br,

Shine Sudheesh

1 Accepted Solution
6 Replies 6

marce1000
VIP
VIP

 

  - Check available command options when configuring a syslog server through the CLI :
                   logging host <syslog_server_IP_address> ?

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Dear Marce ,

Thanks for your reply.

But this is for FTD and FMC.

Cant get in to config mode on cli.

 

Br,

Shine Sudheesh

Common Event Format (CEF) is not currently supported by Cisco FTD firewalls or FMC.

That's interesting @MHM Cisco World . It appears that, under the covers, eStreamer uses CEF. At least that's how I read that guide.

Yes, you can get CEF formatted logs out of the FMC using the eStreamer integration, but you have to use an external third party python script (eStreamer encore) to PULL the logs from the FMC and the estreamer is what is doing the formatting.  It would be much better if we could just natively send from the FMC or FTD in CEF format (PUSH).

Review Cisco Networking for a $25 gift card