cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
474
Views
0
Helpful
1
Replies
Highlighted
Beginner

splunk estreamer question

The security intelligence event which are ingested in Splunk through eStreamer only has rec_type=280 and 281 (src/dest) records but they do not have action detail going through estreamer, are those details are being fed through syslog? What all other important logs we can send through syslog?

1 REPLY 1
Highlighted
Enthusiast

That is all configurable to get the data you want on both eStreamer and Syslog..  You should be able to configure the FMC to get the data you want into Splunk.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/api/eStreamer/EventStreamerIntegrationGuide/ConfiguringEstreamer.html

 

 

Content for Community-Ad
This widget could not be displayed.