SIEM Elastic - Beta -7.2 - Cisco module - unable to see data

Mons · June 26, 2019, 10:39am

Hi All,

I am trying my hands on SIEM elastic module.

Wanted to configure Cisco network device’s logs using add data option under SIEM. Followed the steps under RPM. Have enabled the filebeat module for cisco as well.

But unfortunately I am not getting any data. What settings I need to modify under /etc/filebeat/modules.d/cisco.yml file?

I am getting following error on kibana while checking module status
No data has been received from this module yet

Please help. Do I need sample cisco-asa logs for the same or filebeat cisco module should be able to transfer the data to my elasticsearch node?

Thanks

rashmi · July 16, 2019, 3:50pm

moved it to SIEM .

Hope to get some response here.

Thanks
Rashmi

andrewkroh · July 17, 2019, 1:51am

It would be helpful for us to see the configuration that you are using. Could you please share that with us. This is how I have mine setup in my filebeat.yml:

filebeat.modules:
  - module: cisco
    asa:
      var:
        input: syslog
        syslog_host: '0.0.0.0'
        syslog_port: 9003

Then I configured the ASA to stream syslog to <filebeat_server_ip>:9003.

Topic		Replies	Views
Unable to load ASA logs in SIEM SIEM	2	603	October 7, 2020
No data from filebeat cisco module Beats filebeat	9	2409	August 5, 2020
Need help with configuring cisco module in filebeat Beats beats-module , filebeat	4	2590	August 16, 2019
Configuration for Cisco ASA logs Beats beats-module , filebeat	4	561	April 2, 2021
Elasticsearch SIEM Dashboard SIEM	2	453	March 29, 2020

SIEM Elastic - Beta -7.2 - Cisco module - unable to see data

Related topics