Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Sentinel provides two connectors that collect logs from Cisco Secure Firewall devices, depending on whether the devices run the Firewall Threat Defense (FTD) or Adaptive Security Appliance (ASA) software. This article explains when to use each connector and provides links to installation instructions.
Collect Syslog from a Cisco FTD or ASA device
To collect syslog from FTD or ASA devices, use the Cisco ASA/FTD via AMA connector. For information on syslog configuration guidance for Cisco FTD, see the Cisco documentation External Logging Configuration.
Collect CEF logs from a Cisco FTD device
To collect CEF logs from a Cisco FTD device:
Install and configure the eNcore eStreamer client, which collects logs from FTD devices (via the Firewall Management Center) and converts them to Common Event Format (CEF). For more information, see the full Cisco install guide.
Note
The eNcore client is no longer being updated, and Cisco recommends the syslog format for new deployments.
Install CEF via AMA connector.
Next steps
Learn more about Microsoft Sentinel data connectors.