Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
995
Views
0
Helpful
1
Replies

splunk estreamer question

craneman1
Level 1
Level 1

‎03-13-2020 05:17 AM

The security intelligence event which are ingested in Splunk through eStreamer only has rec_type=280 and 281 (src/dest) records but they do not have action detail going through estreamer, are those details are being fed through syslog? What all other important logs we can send through syslog?

Labels:
0 Helpful
1 Reply 1

rickgardner
Level 4
Level 4

‎09-23-2020 09:13 PM

That is all configurable to get the data you want on both eStreamer and Syslog..  You should be able to configure the FMC to get the data you want into Splunk.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/api/eStreamer/EventStreamerIntegrationGuide/ConfiguringEstreamer.html

 

 

0 Helpful
Customers Also Viewed These Support Documents