Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3576
Views
5
Helpful
2
Replies

Send Aggregate Logs from FMC to SIEM

Scott_22
Level 1
Level 1

‎09-02-2021 11:08 AM

Is there a way to send connection events and IPS logs from the FMC instead of configuring each FTD to send to a SIEM?

0 Helpful
2 Replies 2

michael18
Level 1
Level 1

‎12-13-2022 02:03 AM

was there any response to this. im looking for the same thing

0 Helpful

tvotna
Spotlight
Spotlight
In response to michael18

‎12-13-2022 07:14 AM

This is possible if SIEM supports eStreamer protocol:

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/analysis-external-tools.html#id_85394

For syslog there always be at least two sources of messages: managed devices and FMC. Further, managed devices send both Lina (ASA) syslogs and Snort syslogs (e.g. connection and intrusion events). As of 6.3 syslog server can be configured in a single place (under Platform Settings) and used by both of them.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/interfaces-settings-platform.html#task_88952FB807AB4D43B0894F99B215EDD4

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/access-policies.html#AC_Policy_Syslog_Settings

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card