Cisco Firepower logs not normalized

Question

Hi!Been struggling with the normalization of Cisco Firepower logs, were I expect better normalization and a better enrichment. The syslog is configured from the Firepower Management Center.Everything should be correct in LogPoint were we’ve put in all the normalization policys for the log source. Compiled Normalizer:-  Cisco FirepowerNormalizer-  CiscoPIXASACompiledNormalizerNormalization Packages:- LP_Cisco Firepower​​​​​​​- LP_Cisco Fiirepower Management Center​​​​​​​- LP_Cisco Fiirepower Management Center v6_2​​​​​​​- LP_Cisco PIX/ASA Generic​​​​​​​- LP_Cisco PIXASAIs there any problem with the format syslog? Had the same issue with CheckPoint FW, but this got solved when we changed the format to CEF. Only the problem that Cisco Firepower only support the format syslog.Is there someone that has any tips on how to move on forward with this?

Nils Krumey · Answer

I have seen Firepower logs work fine in Logpoint, but it was last a couple of years ago. We would probably need to see what actually happens, e.g. a screenshot or copy/paste of your raw logs. When you say “better” normalisation, what do you see vs. what did you expect? Enrichment is independent of the data source, so again it would be a question of what are you getting vs. what did you expect?

Because it might be sensitive data, this might also best be done through a Support ticket.

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded