Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3625
Views
0
Helpful
3
Replies

FirePower Syslog messages ID's

tsiemers1
Spotlight
Spotlight

‎07-28-2016 09:48 AM

I am trying to setup patterns in Logstash(ELK stack) to monitor FirePower logs.  I am trying to find a documentation that shows all the syslog messages that FirePower can produce to create a pattern file for them.  What I am looking for is similar to this documentation on the ASA.

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs1.html

Does anything exist like this for the FirePower module?

2 people had this problem
Labels:
0 Helpful
3 Replies 3

Jason Kopacko
Level 4
Level 4

‎02-23-2017 02:04 PM

Just stumbled on your post, so sorry for the delay.

Not sure if you made any headway on this (hope so, since it says this post is 7 months old), but, go to: https://grokdebug.herokuapp.com/

And you can build and test any patterns.

0 Helpful

Greg Gizinski
Level 1
Level 1

‎03-24-2017 08:31 AM

Did you ever find out if this documentation exists?

0 Helpful

tsiemers1
Spotlight
Spotlight
In response to Greg Gizinski

‎03-24-2017 12:23 PM

I ended up using kv(key value) within logstash as a filter.  But to answer your question, no it does not.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card