Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
3
Replies

Issue with Cisco Firepower eStreamer Integration to Microsoft Sentinel

zrahim
Level 1
Level 1

‎12-16-2024 02:08 AM

Hello,

We are experiencing an issue with the Cisco Firepower eStreamer integration to Microsoft Sentinel. We successfully integrated the eStreamer and started receiving logs from Cisco Firepower to Microsoft Sentinel. However, after 2 or 3 days, the logs stopped being ingested into Microsoft Sentinel.

When we restarted the eStreamer, the logs resumed flowing into Microsoft Sentinel, but the issue repeats after a few days.

We have been using the Cisco Firepower eStreamer enCore Sentinel Operations Guide and the CiscoSecurity fp-05-microsoft-sentinel-connector GitHub repository for the integration.

However, we are encountering the following error in the logs, which seems to be causing a failure in the log ingestion process:

2024-12-12 09:49:37,014 Subscriber INFO Stop message received
2024-12-12 09:49:37,015 Monitor ERROR Monitor __start: 'TypeError' object has no attribute 'message'
2024-12-12 09:51:37,617 Subscriber INFO Exiting
2024-12-12 09:51:37,617 Controller INFO Process 2000662 (Process-1) exit code: 0
2024-12-12 09:51:37,617 Parser INFO Stop message received

 

How can we resolve the TypeError: 'TypeError' object has no attribute 'message' error and prevent the logs from stopping after a few days in the eStreamer integration with Microsoft Sentinel?

 
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎12-16-2024 02:19 AM

It seem that MS is behind NAT ?

MHM

0 Helpful

zrahim
Level 1
Level 1
In response to MHM Cisco World

‎12-19-2024 01:24 AM

Thank you for your response.

Microsoft Sentinel is not behind NAT in our setup. The eStreamer integration works fine initially, and logs are ingested successfully. However, the issue arises after 2–3 days when the logs stop being ingested, and we have to restart the eStreamer service to restore the flow.

Could there be another configuration or compatibility issue causing this behavior? We’d appreciate any guidance on resolving the error 'TypeError' object has no attribute 'message' and ensuring consistent log ingestion.

Thank you!

0 Helpful

MHM Cisco World
VIP
VIP
In response to zrahim

‎12-19-2024 02:19 AM

https://bst.cisco.com/bugsearch/bug/CSCvp34384?rfs=qvlogin <<- this log message can be bug open TAC as workaround suggest 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card