Breadcrumbs

Syslog - Cisco Firepower Threat Defense

Device Details

Vendor

Cisco

Device Type

Threat Defense

Supported Model Name/Number

6.0, 6.2

Supported Software Version(s)

All

Collection Method

Syslog

Configurable Log Output?

Yes

Log Source Type

Syslog – Cisco Firepower Threat Defense

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://itknowledgeexchange.techtarget.com/network-technologies/cisco-firepower-threat-defense-ftd/

Prerequisites

  • VMware vSphere Web Client

  • vSphere standalone client on ESXi

Currently Supported Log Types

Type

Product Version

Supported Schema Fields

Connection Event

All

<vmid>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>

File Malware Event

All

<vmid>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>

Object Exceeded Threshold Rate

All

<vmid>, <severity>, <subject>, <reason>, <action>

System Clock Set

All

<vmid> , <severity>, <object>, <action>, <sip>

TCP Syn Message

All

<vmid> , <severity>, <sip>, <dip>, <sport>, <dport>, <subject>

Parsed Metadata Fields

Product Field Name

LogRhythm Metadata Field

Value/Data Type

N/A

<severity>

Numeric

N/A

<object>

Text/String

N/A

<action>

Text/String

N/A

<sip>

IP Address

N/A

<sport>

Numeric

N/A

<dip>

IP Address

N/A

<dport>

Numeric

N/A

<packetsin>

Numeric

N/A

<packetsout>

Numeric

N/A

<bytesin>

Numeric

N/A

<bytesout>

Numeric