SIEM Elastic - Beta -7.2 - Cisco module - unable to see data

Mons · June 26, 2019, 10:39am

Hi All,

I am trying my hands on SIEM elastic module.

Wanted to configure Cisco network device’s logs using add data option under SIEM. Followed the steps under RPM. Have enabled the filebeat module for cisco as well.

But unfortunately I am not getting any data. What settings I need to modify under /etc/filebeat/modules.d/cisco.yml file?

I am getting following error on kibana while checking module status
No data has been received from this module yet

Please help. Do I need sample cisco-asa logs for the same or filebeat cisco module should be able to transfer the data to my elasticsearch node?

Thanks

rashmi · July 16, 2019, 3:50pm

moved it to SIEM .

Hope to get some response here.

Thanks
Rashmi

andrewkroh · July 17, 2019, 1:51am

It would be helpful for us to see the configuration that you are using. Could you please share that with us. This is how I have mine setup in my filebeat.yml:

filebeat.modules:
  - module: cisco
    asa:
      var:
        input: syslog
        syslog_host: '0.0.0.0'
        syslog_port: 9003

Then I configured the ASA to stream syslog to <filebeat_server_ip>:9003.

system · August 14, 2019, 1:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.