Hi,
One of our customers, ACCELYA WORLD S L U, logged the below with us:
---
We need to handle events from cisco firesight version 6.x, but we see that the specific collector only handles the events of version 5.x and that they do not support receiving events by syslog.
Can you confirm if I set the Cisco eStreamer utility to point to the collector will the connector process events correctly, even if they are from a higher version of firesight?
Do you plan to upgrade the collectors for cisco firesigth 6.x versions?
---
They have this installed:
https://www.netiq.com/support/sentinel/plugins/pre/collectors/Cisco_FireSIGHT-Management-Center_2011.1r4-201609070559-preview.html#ConnectionMethods_section
I had a word with engineering, and they said it works fine with cisco firesigth version 6. They have tested that.
When, engineering plan for the next release, they will update the support matrix.
However regarding syslog requirement, I was asked to log ER in bugzilla.
Only connection methods FILE, and PROCESS are supported.
Thanks,
Henk Tjalsma
by: Srinivas R. | over a year ago | Integrations
Comments
After analyzing this, we have realized that this is going to be a big effort.
As it needs syslog support, the entire format of the logs is going to be
different than the current one and we need full documentation changes also.
I have a large customer using Cisco FMC 6.1. They would like us to support syslog instead of the estreamer collection process. I would like suggest a collector to parse the syslog data from cisco.
With the use of the new connection to the ArcSight Smart Connector, we are happy to announce that this interface is now certified and available for use with Sentinel.