Cisco eStreamer Firepower FMC eStreamer issues…


There are 3 types of streamer issues in the Cisco Firepower FMC and in different releases.

The first is the enforcement of TLS, which was introduced in 6.1. That broke the most integrations.
The second issue is eStreamer documentation requires a two-way SSL authentication. At some point, the client part of authentication started failing because of a bug.
The third issue is connected to how NetAMP works on FirePower. The short of this problem is the integration is not fully baked.
You can access the eStreamer information from System>Integration>eStreamer:
Supposedly, there is a fix coming out this week or next, but Cisco has planned to depreciate eStreamer in interactions over the next 24 months in favor of a syslog protocol.


    1. I haven’t had time to work on this lately, and I know that eStreamer will go away, but I don’t know when

  1. Hi Todd, what´s the source of this information below?
    “but Cisco has planned to depreciate eStreamer in interactions over the next 24 months in favor of a syslog protocol.”
    Knowing that via syslog we’re not receiving (yet) a lot of important informations (such the event has been dropped or not) via syslog it is frustrating to know that we will develop under a solution that will be depreciated soon.
    Another perspective is the breadth of each one. eStreamer will populate more dashboard as bellow :
    1- Intrusion Detection, 2- Network Traffic. 3- Malware
    while syslog give you only Malware.

    1. Robert, let me get an update on this post…it is still true, but I haven’t followed up lately and need to…standby

      1. Okay, here is what a very knowledgable Cisco Firepower within cisco person said:

        In the words of Mark Twain. News of eStreamer’s death was an exaggeration. That is, it’s still there and will likely be for years. Yes, new logging options are coming and are here with enhanced syslog in 6.3 and 6.4. But eStreamer remains an option.

        1. Thank´s Todd, I appreciate for sharing with us this updated information. It looks like we’ll have a transition time until syslog´s features will be good enough to supplant eStreamer.

Leave a Reply

Your email address will not be published. Required fields are marked *