Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1555
Views
15
Helpful
5
Replies

URL Reporting on Cisco Firepower

Shocksmith
Level 1
Level 1

‎10-03-2019 09:18 AM - edited ‎02-21-2020 09:33 AM

I am looking for advice on which tools people are using to analyse syslog data from their Firepower modules to get detailed information on user Internet access. I am able to send the data to our syslog server, and have set up the free version of Splunk to search and analyse the data. It seems though that when monitoring multiple firepower modules the amount of log data will be pretty large and could get quite expensive using Splunk quite quickly.

 

So, what are people's favourite tools for analysing log data from Firepower? Specifically for looking at user Internet activity including which sites have been accessed and when.

 

Thanks,

0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎10-03-2019 09:23 AM

FMC has built dashboard for this.

 

I have used syslog-ng with ElasticStack for Dashboard and reporting, totally custom developped based on the requirement. with opensource tools.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Shocksmith
Level 1
Level 1
In response to balaji.bandi

‎10-03-2019 09:30 AM

Thanks. We are considering FMC at the moment as well but are wondering whether it is worth the money. I'll take a look at syslog-ng/ElasticStack. We are starting to get a number of Firepower devices that we need to analyse for this type of info now so FMC could be a good option if the info you can get is in a good format. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Shocksmith

‎10-03-2019 09:34 AM

it all depends how you look, But any way to manage FTD you need FMC with out that you can not manage many FTD in geo location.

 

Since i have requirement single pane of glass on high level i did syslog. let me know is that make sense ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Shocksmith
Level 1
Level 1
In response to balaji.bandi

‎10-03-2019 09:58 AM

So would you say that the syslog-ng/ElasticStack option worked better for you?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Shocksmith

‎10-03-2019 11:14 AM

we only required certain logs, the end we use FMC for real management.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card