Hello All,

We are collecting logs from FTD via a FMC using E-streamer and I can see that the sample events from the FTD device doesn't contains all the fields. Below is the sample data that we received and comparing it with a managed device, the data looks small. There are only two FTD devices registered with the FMC and both have a base and URL filtering license.

Does anything changes between the logging of FTD vs a managed device. I understand the intrusion data is not applicable in a FTD but for the connection events, all the fields in FTD looks good.

_messageType=4, _recordTypeName=RNA Flow Statistics, _serverTimestamp=xxxx, _subtype=71.1, destination_port=xxx, client_app_version=, event_subtype=1, first_packet_timestamp=xxxx, client_inbound_bytes=xxx, client_outbound_bytes=xxxxx, client_inbound_packets=0, protocol=6, event_type=xxxx, client_outbound_packets=0, client_app_name=xxxx, tcp_flags=xxxxxx, mac_address=xxxx, source_port=xxxx, source_num_ip=xxxx, _recordType=71, event_microsecond=0, service_name=xxxx, ip_address=0, client_app_url=xxxxxx, detection_engine_id=xxxx, event_second=0, last_packet_timestamp=xxxx, logging_device_num_ip=0, destination_num_ip=xxxx, flow_type=0, domain=, _messageLength=186, _messageTypeName=event data message, _subtypeName=Flow Data Mess