Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
rkent1 Acclaimed Contributor.
Acclaimed Contributor.
786 views

Cisco FireSIGHT Log Collection

Jump to solution

Just wondering if anyone has used the SoureFire eStreamer connector to collect logs from FireSIGHT?

Searched P724 without much luck and FireSIGHT isn't mentioned in the HP Supported Devices link -> http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-3404ENW.pdf

I assume that these logs are probably best supported by the eStreamer connector, but I also see the Cisco documentation indicates the FireSIGHT device can send events via Syslog: Configure a FireSIGHT System to Send Alerts to an External Syslog Server - Cisco

If anyone can share some experience that would be much appreciated.

Labels (1)
0 Likes
1 Solution

Accepted Solutions
tdavoren Contributor.
Contributor.

Re: Cisco FireSIGHT Log Collection

Jump to solution

Hey Richard,

we have plenty of customers sending Sourcefire events to ESM.

FireSight = Sourcefire Defense Center...wo just look for the eStreamer Defense Center connector info.

View solution in original post

0 Likes
3 Replies
tdavoren Contributor.
Contributor.

Re: Cisco FireSIGHT Log Collection

Jump to solution

Hey Richard,

we have plenty of customers sending Sourcefire events to ESM.

FireSight = Sourcefire Defense Center...wo just look for the eStreamer Defense Center connector info.

View solution in original post

0 Likes
rhope Acclaimed Contributor.
Acclaimed Contributor.

Re: Cisco FireSIGHT Log Collection

Jump to solution

eStreamer is the one you want for IPS/IDS, RNA discovery events etc. For syslog you need to configure alerting criteria on the Defense Center to send particular events to s syslog destination.  From memory you can also send health events etc to syslog

0 Likes
rkent1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Cisco FireSIGHT Log Collection

Jump to solution

Awesome, thanks and .

I didn't realise that FireSIGHT is essentially a rebranding of Defense Center (the following link confirms this officially from Cisco): Comparison of Feature Licenses on FireSIGHT Systems - Cisco

EDIT: Follow up question posted: https://protect724.hp.com/message/65340#65340

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.