This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 24%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hello,
I have a customer that is configuring the CISCO FTD data connector.
But they say CISCO FTD documentation shows it support only syslog format.
They would like some clarification on the following questions:
I. Clarify whether Cisco FTD supports CEF?
Currently, they are ingesting in syslog format but says the syslog format is not the same even for the same type of logs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@DG001 Thank you for reaching out to us, let me check on your ask and revert back.
There are several connectors provided by Cisco. The Cisco ASA connector covers FTD. This does appear to be CEF-based solution.
Thanks Andrew,
The customer is saying they have the connector configured but are getting garbage output from the parser. Do you know why this output is garbled? See below:
Sample Syslog we are receiving:
message repeated 3 times: [ %FTD-2-106016: Deny IP spoof from (0.0.0.0) to 10.16.96.244 on interface RO_GLOBAL_INT_SEG].
Output they are expecting should look like this:
%FTD-6-430003: EventPriority: High, DeviceUUID: f4787322-9fff-11ed-9ab7-a348479cea01, InstanceID: 4, FirstPacketSecond: 2023-02-13T23:05:46Z, ConnectionID: 55951, AccessControlRuleAction: Block, AccessControlRuleReason: Intrusion Block,SrcIP: 10.0.95.10, DstIP: 2.19.32.89, SrcPort: 62725, DstPort: 80, Protocol: tcp,IngressInterface: corporate, EgressInterface: outside, IngressZone: lan-inside,EgressZone: internet, IngressVRF: Global, EgressVRF: Global,
ACPolicy: NG-Access-Policy, AccessControlRuleName: XYZ-INET
Customer statement:
We are ingesting logs through a normal Syslog for pulling logs. Could you please let me know if it supports new CISCO ASA/ FTD solution-based connector and does it support the CEF format?