Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
1
Replies

Sending Cisco Device Syslog in CEF into Microsoft Sentinel

grant-luong
Level 1
Level 1

‎11-04-2025 11:16 AM

These are the 2 documentations that we followed to ingest Cisco device syslog into our Sentinel instance: 
 
Issue 1: The problem with our current working setup is that the syslog is not in Common Event Format (CEF). What I understand is that the Microsoft Azure Monitoring Agent (AMA) only collects/monitors/ingests syslog into Microsoft Sentinel. The Microsoft AMA does not convert the syslog into CEF. The formatting of Cisco device syslog has always been determined at the Cisco device end.
 
Issue 2: In our case, we want CEF format and Cisco has always utilized the Cisco eStreamer integration to send its Cisco devices' syslog in CEF into 3rd party SIEMs (like Splunk, Sentinel, etc...). The issue is that Cisco eStreamer (eNcore client) solution is EOL and unsupported, is there a plan to replace Cisco's ability to send its device syslog in CEF?
 
Cisco eStreamer (eNcore client) solution is EOL/unsupported and we need a solution to ingest Cisco syslog in CEF into our Microsoft Sentinel. Is there a way to do this?
 
Thanks in advance.
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎11-08-2025 07:13 AM

There are no current plans to support CEF format for Syslog. If this is an important functionality, please reach out to your Cisco account team and request that they file and enhancement request on your behalf. 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card