10-03-2019 09:18 AM - edited 02-21-2020 09:33 AM
I am looking for advice on which tools people are using to analyse syslog data from their Firepower modules to get detailed information on user Internet access. I am able to send the data to our syslog server, and have set up the free version of Splunk to search and analyse the data. It seems though that when monitoring multiple firepower modules the amount of log data will be pretty large and could get quite expensive using Splunk quite quickly.
So, what are people's favourite tools for analysing log data from Firepower? Specifically for looking at user Internet activity including which sites have been accessed and when.
Thanks,
10-03-2019 09:23 AM
FMC has built dashboard for this.
I have used syslog-ng with ElasticStack for Dashboard and reporting, totally custom developped based on the requirement. with opensource tools.
10-03-2019 09:30 AM
Thanks. We are considering FMC at the moment as well but are wondering whether it is worth the money. I'll take a look at syslog-ng/ElasticStack. We are starting to get a number of Firepower devices that we need to analyse for this type of info now so FMC could be a good option if the info you can get is in a good format.
10-03-2019 09:34 AM
it all depends how you look, But any way to manage FTD you need FMC with out that you can not manage many FTD in geo location.
Since i have requirement single pane of glass on high level i did syslog. let me know is that make sense ?
10-03-2019 09:58 AM
So would you say that the syslog-ng/ElasticStack option worked better for you?
10-03-2019 11:14 AM
we only required certain logs, the end we use FMC for real management.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide