Open for Voting

Please show inline result on the log for Firepower threat logs.

Will you please add a row in your Firepower logs that shows Inline Result?

the Firepower logs are useless unless they tell you whether or not the connection was dropped.

See attached PNG.

I've attached another picture of the log.

  • I've attached a couple more pictures. The Firepower.png is a firepower log in LEM. It doesn't say whether the connection was dropped or not. Which is a big deal for this type of log. I don't want to open up my SourceFire console to see if they dropped or not. The point of having a SIEM is to have a central location for these alerts. It's a waste of my time if I have to open up SourceFire every time I see these logs. If you could add a feature that parses the Inline Result saying whether it was dropped or not that would be awesome.

    Thank you for your time.

  • Are you able to provide a log sample from your Firepower logs? I can take a look at the connector and confirm if we can amend it to include the inline result.