cancel
Showing results for 
Search instead for 
Did you mean: 
socgt
Level 8
Report Inappropriate Content
Message 1 of 3

Configuring Cisco switch in SIEM

Hello Experts,

I am trying to configure data source for "cisco SG300 small bussniss switch". I have configured the syslog settings in the switch to point the syslogs to my ERC Server on port 514.

Following is the data source settings I have configured in the ESM.

Data Source Vendor : Generic

Data Source Model : Advance Syslog Parser

Data Format  : Default

Data Retrieval : Syslog (Default)

Enabled : parsing (Checked)

Name : SW1

IP Address : 192.168.2.6

Syslog Relay : None

Mask : 32

Require Syslog TLS : Unchecked

Port : 514

Support Generic Syslogs : Do Nothing

Generic rule assignment : Greyed Out

Time Zone : Jerusalem

But still I am unable to receive logs from the switch. On the ERC I have checked whether switch is sending syslog messages or not by

tcpdump -nni eth1 host 192.168.2.6

It is showing that the Switch is sending the syslog messages.

Any suggestions

Thanks

2 Replies
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Configuring Cisco switch in SIEM

change Support Generic syslog to log unknown events. Why don't you use Cisco data source types?

Highlighted

Re: Configuring Cisco switch in SIEM

Good Day,

I have the same issues.

Maybe He dont use CISCO profile because dont exist any for Cisco Small Business

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community