Dion Stempfley

FireEye CMS Log Parsing

Discussion created by Dion Stempfley on Dec 31, 2018
Latest reply on Jan 26, 2019 by Dion Stempfley

We are trying to import logs from FireEye Central Management System (CMS).  One of the logging formats for FE CM is Common Event Format (CEF).  Has anybody configured custom cef parsing for this device? 

 

When I enabled CEF logging on CMS the device.type came is as ciscorouter even when I configure a parser mapping for the device to the cef parser.  I've read the article on configuration of cef-custom.xml but any push in the right direction would help.

 

/Dion

Outcomes