1 Reply Latest reply on Jul 4, 2017 5:13 PM by sssyyy

    Configuring Cisco switch in SIEM

    socgt

      Hello Experts,

       

      I am trying to configure data source for "cisco SG300 small bussniss switch". I have configured the syslog settings in the switch to point the syslogs to my ERC Server on port 514.

      Following is the data source settings I have configured in the ESM.

       

      Data Source Vendor : Generic

      Data Source Model : Advance Syslog Parser

      Data Format  : Default

      Data Retrieval : Syslog (Default)

      Enabled : parsing (Checked)

      Name : SW1

      IP Address : 192.168.2.6

      Syslog Relay : None

      Mask : 32

      Require Syslog TLS : Unchecked

      Port : 514

      Support Generic Syslogs : Do Nothing

      Generic rule assignment : Greyed Out

      Time Zone : Jerusalem

       

      But still I am unable to receive logs from the switch. On the ERC I have checked whether switch is sending syslog messages or not by

       

      tcpdump -nni eth1 host 192.168.2.6

       

      It is showing that the Switch is sending the syslog messages.

       

      Any suggestions

       

      Thanks