https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369764#M44664 <P>I've a table comparing syslog vs estreamer options. But not sure if I can paste that into splunk answers. Let me try finding a place I can put it or a screenshot</P> Mon, 30 Apr 2018 16:25:59 GMT koshyk 2018-04-30T16:25:59Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369761#M44661 <P>Do Cisco ASA NGFWs aka X-series and firepower series sending logs to FMC and collecting via estreamer provide equal or greater logging within Splunk over syslog from the ASA?</P> <P>Meaning everything event visible in syslog can be seen in the estreamer feed in some way. </P> <P>One of the other concerning issues is the size of the events syslog is 200bytes/event while estreamer is 2000bytes for connection events.</P> Fri, 27 Apr 2018 20:42:16 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369761#M44661 kevinmanson 2018-04-27T20:42:16Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369762#M44662 <P>Hi, kevinmanson,</P> <P>Is there a question here that needs answering?</P> Sat, 28 Apr 2018 21:54:49 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369762#M44662 Richfez 2018-04-28T21:54:49Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369763#M44663 <P>Reformatted sentence into question.</P> Mon, 30 Apr 2018 14:42:54 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369763#M44663 kevinmanson 2018-04-30T14:42:54Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369764#M44664 <P>I've a table comparing syslog vs estreamer options. But not sure if I can paste that into splunk answers. Let me try finding a place I can put it or a screenshot</P> Mon, 30 Apr 2018 16:25:59 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369764#M44664 koshyk 2018-04-30T16:25:59Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369765#M44665 <P>Koshyk,</P> <P>Any luck on being able to send over that table?</P> Tue, 01 May 2018 12:54:16 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369765#M44665 kevinmanson 2018-05-01T12:54:16Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369766#M44666 <P>Thx. I sort of figured that was the question, but wanted to make sure.</P> <P>I'm not an expert, and my memory might be foggy, but IIRC the new firewalls we deployed at $job-1 we still collected both data - there were some pieces of estreamer that weren't there even though generally it's a better, higher quality data stream. </P> <P>I've love to reinvestigate - as I was leaving there we were finally getting the rest of the new FW infrastructure into place, so we'd have ISE, AMP, all NGFWs and a lot of other things. I may ping some folks back there to find out how that went, or maybe give them a hand getting it sorted out.</P> Tue, 01 May 2018 13:07:39 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369766#M44666 Richfez 2018-05-01T13:07:39Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369767#M44667 <P>hi Kevin,<BR /> I've put a screenshot here. Also put into <A href="https://github.com/getkub/SplunkScriplets/blob/master/notes/estreamer_vs_syslog.md">github</A> with details. Please note, this is from my experience and may have changed</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/4860iB655412E0BD400FD/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Wed, 02 May 2018 08:30:03 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369767#M44667 koshyk 2018-05-02T08:30:03Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369768#M44668 <P>i've attached below</P> Wed, 02 May 2018 13:17:10 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Estreamer-vs-syslog-from-ASA-firewalls/m-p/369768#M44668 koshyk 2018-05-02T13:17:10Z