We have a couple Cisco Firepower management centers and I would rather use syslog-ng over sending directly to splunk so that we may use other integrations like elastic and our NMS. 

I have the eStreamer SDK on my syslog-ng server and wondered if anyone else has worked on this. Search of the user archive says no. 

Thanks 

Scot