cancel
Showing results for 
Search instead for 
Did you mean: 
kmc
Level 12
Report Inappropriate Content
Message 1 of 4

Configuring router data source

Jump to solution

Hi All,

We need to add two cisco router to the SIEM as a data source we have configured logging host for both router, can anybody help in adding it to the SIEM.

Thanks in advance,

Kotresha

1 Solution

Accepted Solutions

Re: Configuring router data source

Jump to solution

Please follow the Steps below:

CISCO_IOS_1.png

CISCO_IOS_2.png

3 Replies

Re: Configuring router data source

Jump to solution

Please follow the Steps below:

CISCO_IOS_1.png

CISCO_IOS_2.png

kmc
Level 12
Report Inappropriate Content
Message 3 of 4

Re: Configuring router data source

Jump to solution

Thanks for the reply yassin,

I have already refereed to that document and configured in the same way but still it's not working..

Re: Configuring router data source

Jump to solution

If you created a data source and you know that logs are being sent to the Receiver, perform these steps to check if the data is actually getting to the Receiver.

To determine if you are getting data from a data source:

  1. 1. Run the following command:

tcpdump -nni eth0 host <IP_Address of datasource>

If you see data, go to Step 2. If not, there could be a firewall blocking the traffic, or it might be sending to the wrong IP address.

  1. 2. Run the following command:

iptables -nvL

In the output displayed, the first 2 columns will be the packets sent and received, which will enable you to find the IP address of the data source. If there is data, go to step 3.

  1. 3. In the ESM console, select the data source in question, then from the View drop-down, select Device Status. If you see data, the data has been received. If you see data but you are still not seeing events, verify the vendor and model. If the vendor and model are correct, call technical Support.