10-07-2016 12:33 AM - edited 03-12-2019 06:09 AM
How to configure syslog server in sourcefire/firepower?
Solved! Go to Solution.
05-31-2017 07:17 PM
You are not going to be able to change the built-in syslog format from the UI. The list of fields available is fixed. However, the eStreamer API has a much more robust set of fields. Using an eStreamer client to pull events from the FMC you can get a ton (literally) more data. If you really, really need it in syslog you could create an eStreamer client that pulls data from the FMC and then sends it via syslog wherever you want. Then you can pick whatever data you want to send in your syslog message. The latest integration guide is here
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/IS-DCRecords.html.
Also, there is an eStreamer SDK (Perl) you can download that includes some sample code as well as the Integration Guide.
10-07-2016 12:44 AM
Hello John,
Refer the following link and let us know if that helps you.
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html
Rate and mark the answers correct and posts that helps you.
Regards
Jetsy
10-07-2016 12:54 AM
we need to create syslog per policy?
10-07-2016 01:14 AM
Hello John,
After configuring the syslog server, you just have to enable the loggings to send the log to Syslog server in Access control - Rules.
Regards
Jetsy
05-24-2017 10:34 PM
Hello,
The intrusion events log received from Syslog server. However, there are not contain interface info. May I know is there any way to configure the Syslog to contain the interface info?
Thanks
Best Regards,
Thaung
05-31-2017 07:17 PM
You are not going to be able to change the built-in syslog format from the UI. The list of fields available is fixed. However, the eStreamer API has a much more robust set of fields. Using an eStreamer client to pull events from the FMC you can get a ton (literally) more data. If you really, really need it in syslog you could create an eStreamer client that pulls data from the FMC and then sends it via syslog wherever you want. Then you can pick whatever data you want to send in your syslog message. The latest integration guide is here
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/IS-DCRecords.html.
Also, there is an eStreamer SDK (Perl) you can download that includes some sample code as well as the Integration Guide.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: