I am looking for advice on which tools people are using to analyse syslog data from their Firepower modules to get detailed information on user Internet access. I am able to send the data to our syslog server, and have set up the free version of Splunk to search and analyse the data. It seems though that when monitoring multiple firepower modules the amount of log data will be pretty large and could get quite expensive using Splunk quite quickly.
So, what are people's favourite tools for analysing log data from Firepower? Specifically for looking at user Internet activity including which sites have been accessed and when.
FMC has built dashboard for this.
I have used syslog-ng with ElasticStack for Dashboard and reporting, totally custom developped based on the requirement. with opensource tools.
Thanks. We are considering FMC at the moment as well but are wondering whether it is worth the money. I'll take a look at syslog-ng/ElasticStack. We are starting to get a number of Firepower devices that we need to analyse for this type of info now so FMC could be a good option if the info you can get is in a good format.
it all depends how you look, But any way to manage FTD you need FMC with out that you can not manage many FTD in geo location.
Since i have requirement single pane of glass on high level i did syslog. let me know is that make sense ?