eNcore is an eStreamer client built for Firepower Management Center 6.x. This CLI version also includes a CEF and JSON plug-in.
Please contact dohurd@cisco.com for the CLI version.
eStreamer client written from scratch in python. CLI version with CEF plugin and JSON plugin. Couple of outstanding bugs. Some non-ascii text showing up in packet payload field. Same code as used in eNcore for Splunk. Send feedback for encore4ce...
I do not currently understand the XFF issue. I’ll do some homework.Please look here for the latest Firepower 6.x to Arcsight CEF solution.Version 3.5.3 fixes a major crash issue.https://github.com/CiscoSecurity/fp-05-firepower-cef-connector-arcsight...
There is a very new and much improved connector available. Please email me at dohurd@cisco.com and I will send you the code. It collects all of the 6.x event types including packet payload samples and writes them to ESM in CEF format. Eventually, ...
If help is still needed on eStreamer and Logstash please email me directly at dohurd@cisco.com. IDS event data as well as AMP and Connection events ARE available directly off the FTD device.