First, it sure looks like Sourcefire's documentation has gone down-hill since Cisco bought them. I spent a couple hours today trying to find an admin guide or something for Defense Center, and I got nothing.
Still, it appears that the Defense Center can be configured to send syslog. If that's true, and you can send it to the LEM, then we could have you send in that data as a sample and send it up to our developers as a new connector request.
If I'm reading this all wrong, and the eStreamer API is the only way to pull data from the device...I'm not sure what it would take to make that work, but I will ask around.
Thank you for your reply.
Yes, they can send syslog. Having a custom connector made by SW would be fantastic. Any idea how quickly they could do this?
1 of 1 people found this helpful
Once we have the sample logs from the device, the next steps are:
You may also post your request to the Thwack forum for the SolarWinds product you wish to see improved. Thwack Feature Request forums are here: http://thwack.solarwinds.com/community/feature-request_tht. Create a post titled “FEATURE REQUEST - Name of the Feature Request” and detail your request including case number. These forums are monitored by our Product Managers. This will allow other customers to voice their opinions as to whether they would find the feature useful.
"How To Create Ideas and Feature Requests"
"Ideation Process & FAQ"
Please be aware that:
* Developers will decide on whether or not to go ahead with implementation of the feature
* Developers will decide on the timeline of the release (if they decided to implement the feature)
* Support does not update you on whether the feature has been implemented, and you will have to check the Release Notes: http://www.solarwinds.com/documentation/documentation.aspx
Usually it's within a couple weeks of getting the logs, but that can vary greatly if we have other projects that are more urgent/requested by customers or if the connector is going to be unusually complicated. If all we have to do is tokenize and parse logs, and we have a tool that's already close, it can be really quick. If it's something more complex, like accessing a database or running queries for data through an API, it may take a while.
Was this connector ever implemented?
We tried using "Cisco FirePower Modeul (Sourcefire 3D System)", but it didnt work so I assume that is from the Firepower device itself and not the Management Center\Defense Center.
I only see the one SourceFire/Firepower connector still, you will want to reach out to Support and generally follow the process outline by Curtis as before to submit for the connector.