cancel
Showing results for 
Search instead for 
Did you mean: 

Configuracion de Equipos Cisco IOS en SIEM

Hola...

por favor su ayuda, estoy configurando routers cisco en el SIEM pero no he tenido suerte visualizando la recepcion de los syslog.

ya realice la configuracion en la parte de los equipos cisco activando la parte del envio de syslog al siem por favor su ayuda... hay alguna configuracion extra??

Esta configuracion esta realizada en el equipo cisco.

Router#


Router#config terminal
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#logging192.168.0.2

Router(config)#servicetimestamps debug datetime localtime show-timezone msec

Router(config)#servicetimestamps log datetime localtime show-timezone msec

Router(config)#loggingfacility local3

Router(config)#loggingtrap warning

Router(config)#end

Router#showlogging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 79messages logged
    Monitor logging: level debugging, 0messages logged
    Buffer logging: disabled
    Trap logging: level warnings, 80message lines logged
        Logging to 192.168.0.2, 57message lines logged

asi esta el data source

2 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 3

Re: Configuracion de Equipos Cisco IOS en SIEM

Discussion moved from Community Interface Help to Security Information and Event Management (SIEM) for better support.

rth67
Level 12
Report Inappropriate Content
Message 3 of 3

Re: Configuracion de Equipos Cisco IOS en SIEM

Possible changes to your Data Source configuration to resolve the issue:

Set the Mask to '32'

Set Support Generic Syslogs to 'Log "unknown syslog" event'

If you are using a Radius/TACACS Server for AAA you may see system changes from that Data Source.

You can use the TCPDUMP from the Event Receiver to verify you are receiving the logs. (tcpdump src xx.xx.xx.xx)

You can also try enabling "Auto Learn" and configre "Auto adding data sources" on the Receiver.