Dear all, I have an ELK 7.8.0 server with Filebeat.
I've enabled cisco module from Filebeat and I have these different syslog listeners:
- syslog configured from filebeat.yml file: logging of Linux hosts
- asa fileset configured from cisco.yml file: logging of Cisco ASA firewall
- ios fileset configured from cisco.yml file: logging of Cisco switches and routers
I also can see there is a ftd fileset (Firepower Threat Defense) in order to catch logs from this type of Cisco IPS.
A month ago we have implemented a Cisco SFR module in our ASA firewall, the SFR is our IPS, so where do I have to send the SFR's logs ??? To filebeat's asa fileset or to filebeat's syslog??? I think I can't send the logs to ftd fileseat because FTD is a diferent type of IPS than SFR.
Special thanks !!!