Logs from Cisco SFR (IPS) to Elasticsearch

robertitox · July 28, 2020, 1:03pm

Dear all, I have an ELK 7.8.0 server with Filebeat.

I've enabled cisco module from Filebeat and I have these different syslog listeners:

syslog configured from filebeat.yml file: logging of Linux hosts
asa fileset configured from cisco.yml file: logging of Cisco ASA firewall
ios fileset configured from cisco.yml file: logging of Cisco switches and routers

I also can see there is a ftd fileset (Firepower Threat Defense) in order to catch logs from this type of Cisco IPS.

A month ago we have implemented a Cisco SFR module in our ASA firewall, the SFR is our IPS, so where do I have to send the SFR's logs ??? To filebeat's asa fileset or to filebeat's syslog??? I think I can't send the logs to ftd fileseat because FTD is a diferent type of IPS than SFR.

Special thanks !!!

system · August 25, 2020, 3:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help with configuring cisco module in filebeat Beats beats-module , filebeat	4	2547	August 16, 2019
Incoming logs from Cisco switches don't appear in filebeat-* indexes Beats filebeat	3	458	August 18, 2020
Filebeat cisco module not parsing ASA logs Beats filebeat	1	378	November 6, 2019
Send Cisco ASA Logs to ElasticSearch Elasticsearch	4	2163	February 5, 2020
Firewall cisco ASA and beats Beats filebeat	6	799	August 5, 2020

Logs from Cisco SFR (IPS) to Elasticsearch

Related Topics