1 Reply Latest reply on Jul 4, 2017 5:13 PM by sssyyy

    Configuring Cisco switch in SIEM


      Hello Experts,


      I am trying to configure data source for "cisco SG300 small bussniss switch". I have configured the syslog settings in the switch to point the syslogs to my ERC Server on port 514.

      Following is the data source settings I have configured in the ESM.


      Data Source Vendor : Generic

      Data Source Model : Advance Syslog Parser

      Data Format  : Default

      Data Retrieval : Syslog (Default)

      Enabled : parsing (Checked)

      Name : SW1

      IP Address :

      Syslog Relay : None

      Mask : 32

      Require Syslog TLS : Unchecked

      Port : 514

      Support Generic Syslogs : Do Nothing

      Generic rule assignment : Greyed Out

      Time Zone : Jerusalem


      But still I am unable to receive logs from the switch. On the ERC I have checked whether switch is sending syslog messages or not by


      tcpdump -nni eth1 host


      It is showing that the Switch is sending the syslog messages.


      Any suggestions