I have a problem, in the Local Receiver, Data Source, does not generate any event, I configured Devices Data Source according to the information of the devices. Do not know what else to configure.
1) Sending a picture where I show how I configured the Data Source. If there are any mistakes please tell me.
2) In the following image, I show all my devices configured in Local Receiver. None generates events.
El mensaje fue editado por: arfelix on 6/08/13 15:56:35 CDT
Sorry for the basic question, but did you actually configure the Cisco device itself to send the logs? For any type of syslog data source, you actually have to go to that product itself and configure a push from that device to your receiver. What model Cisco device is it exactly? Maybe something along the lines of the instructions found here...
"arfelix" after you check with "Chris LaPole's" suggestion you can check whether the logs are coming via the tcpdump command.
Log into ESM via SSH.
Run the below command
tcpdump -nni eth0 src 10.5.0.240
If you have multiple interfaces change the interface (eth0, eth1etc.)
Thanks for the reply,
But I do not understand, where is the command console. I work with virtual machines, and I can not access to Alt + F2, I have by default the root user and password w3e4r5t6. and tells me "username or password incorrect" and I can not access.
And the ESM interface McAfee, Properties> ESM Management> Maintenance> Terminal. Tcpdump command does not work.
P.S. I have not tested the response of Chris Lapole. I Need support staff networks.
Of course, the root user, in ESM Interface (web) is NGCP, I can open this. But I can't open in the VM with the root user.
I show you.
Just here, in the VM I can't access.
But, in the Interface Web I can access.
And in the web interface, the command console tells me this.
Thanks, for your quick replies.
Arfelix.El mensaje fue editado por: arfelix on 5/09/13 9:15:01 CDT
- Open the web interface
- Go to ESM Properties -> Users and Groups -> NGCP -> "Edit"
- Change the password.
- Putty into ESM and try the same password as above with the root user.
The root password is set with the NGCP user's password. I just tried the same on my system and it worked.
Hi Chris and Jeremy
I was checking the device configuration. In cisco devices send logs to enable IP address McAfee ESM. As Chris Lapole said.
I log into ESM via SSH. Run the command
tcpdump -nni eth0 src 10.5.0.240 (Other IP address) and, I can see how ESM receives syslog registered devices eg. Cisco, ESXi.
The problem is that in the ESM interface, I do not see any events or flow of any device, can help me?
See tcpdump information.
Now, see ESM interface.
Sorry for the delay, If your still not able to see the logs. Just delete all the "Syslog" datasource you have created.