Forum Discussion

Consultant1520's avatar
Consultant1520
MCT
Jun 16, 2020

Cisco IronPort .

We are trying to collect "CEF" logs from Cisco IronPort using Azure Sentinel. Syslog forwarder is configured on RHEL machine. we do get data for "syslog". However nothing under the "CommonSe...
Ofer_Shezaf's avatar
Ofer_Shezaf
Icon for Microsoft rankMicrosoft
Jun 18, 2020

Consultant1520 : Cisco IronPort and Cisco ASA are unrelated products and behave differently. My answer and I blieve your original question was about IronPort. 

Consultant1520's avatar
Consultant1520
MCT
Jun 18, 2020

Ofer_Shezaf 

 

Thanks. I was under impression that IronPort is kind of cisco ASA. 

We actually got the syslog for facility  and auth. 

  • tomfoucha's avatar
    tomfoucha
    Copper Contributor
    Aug 16, 2021
    Cisco Secure Email Gateway (aka IronPort) does support CEF formatted logs but you have to add a New Log Subscription and select the fields you want in single log line format. These logs can be delivered via syslog or AWS S3 buckets.