Cisco Firesight should support syslog

Idea ID 2791016

Cisco Firesight should support syslog

Hi,

One of our customers, ACCELYA WORLD S L U, logged the below with us:

---
We need to handle events from cisco firesight version 6.x, but we see that the specific collector only handles the events of version 5.x and that they do not support receiving events by syslog.

Can you confirm if I set the Cisco eStreamer utility to point to the collector will the connector process events correctly, even if they are from a higher version of firesight?

Do you plan to upgrade the collectors for cisco firesigth 6.x versions?
---


They have this installed:
https://www.netiq.com/support/sentinel/plugins/pre/collectors/Cisco_FireSIGHT-Management-Center_2011.1r4-201609070559-preview.html#ConnectionMethods_section


I had a word with engineering, and they said it works fine with cisco firesigth version 6. They have tested that.
When, engineering plan for the next release, they will update the support matrix.


However regarding syslog requirement, I was asked to log ER in bugzilla.

Only connection methods FILE, and PROCESS are supported.


Thanks,


Henk Tjalsma
3 Comments
Micro Focus Contributor
Micro Focus Contributor
After analyzing this, we have realized that this is going to be a big effort. As it needs syslog support, the entire format of the logs is going to be different than the current one and we need full documentation changes also.
Absent Member.
Absent Member.
I have a large customer using Cisco FMC 6.1. They would like us to support syslog instead of the estreamer collection process. I would like suggest a collector to parse the syslog data from cisco.
Micro Focus Expert
Micro Focus Expert
With the use of the new connection to the ArcSight Smart Connector, we are happy to announce that this interface is now certified and available for use with Sentinel.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.