We need to add two cisco router to the SIEM as a data source we have configured logging host for both router, can anybody help in adding it to the SIEM.
Thanks in advance,
Solved! Go to Solution.
If you created a data source and you know that logs are being sent to the Receiver, perform these steps to check if the data is actually getting to the Receiver.
To determine if you are getting data from a data source:
tcpdump -nni eth0 host <IP_Address of datasource>
If you see data, go to Step 2. If not, there could be a firewall blocking the traffic, or it might be sending to the wrong IP address.
In the output displayed, the first 2 columns will be the packets sent and received, which will enable you to find the IP address of the data source. If there is data, go to step 3.