firewall.cisco.fmc_estreamer
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with firewall.cisco.fmc_estreamer identify events generated by Cisco Event Streamer.
Valid tags and data tables
The full tag must have at least 3 levels. The first 3 are fixed as firewall.cisco.fmc_estreamer. The fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|---|---|---|
firewall | cisco | fmc_estreamer |
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
firewall.cisco.fmc_estreamer | firewall.cisco.fmc_estreamer (parent table) |
firewall.cisco.fmc_estreamer.connection | firewall.cisco.fmc_estreamer.connection |
firewall.cisco.fmc_estreamer.correlation | firewall.cisco.fmc_estreamer.correlation |
firewall.cisco.fmc_estreamer.event | firewall.cisco.fmc_estreamer.event |
firewall.cisco.fmc_estreamer.file_malware | firewall.cisco.fmc_estreamer.file_malware |
firewall.cisco.fmc_estreamer.intrusion | firewall.cisco.fmc_estreamer.intrusion |
firewall.cisco.fmc_estreamer.metadata | firewall.cisco.fmc_estreamer.metadata |
firewall.cisco.fmc_estreamer.packet | firewall.cisco.fmc_estreamer.packet |
firewall.cisco.fmc_estreamer.rna | firewall.cisco.fmc_estreamer.rna |
firewall.cisco.fmc_estreamer.connection | firewall.cisco.fmc_estreamer.connection |
How is the data sent to Devo?
Logs sent to the parent table firewall.cisco.fmc_estreamer must be forwarded to the Devo platform via the Devo Relay to secure communication. See the required relay rule below:
Relay rule - firewall.cisco.fmc_estreamer
Source port → 13030
Target tag → firewall.cisco.fmc_estreamer
Select the Stop processing and Sent without syslog tag checkboxes.
For the rest of data tables, Devo provides a collector that you can download and use to send the required events to your Devo domain. You can download the collector and learn how to use it in Cisco eStreamer collector.
Â