SIEM Elastic - Beta -7.2 - Cisco module - unable to see data

Mons · June 26, 2019, 10:39am

Hi All,

I am trying my hands on SIEM elastic module.

Wanted to configure Cisco network device’s logs using add data option under SIEM. Followed the steps under RPM. Have enabled the filebeat module for cisco as well.

But unfortunately I am not getting any data. What settings I need to modify under /etc/filebeat/modules.d/cisco.yml file?

I am getting following error on kibana while checking module status
No data has been received from this module yet

Please help. Do I need sample cisco-asa logs for the same or filebeat cisco module should be able to transfer the data to my elasticsearch node?

Thanks

rashmi · July 16, 2019, 3:50pm

moved it to SIEM .

Hope to get some response here.

Thanks
Rashmi

andrewkroh · July 17, 2019, 1:51am

It would be helpful for us to see the configuration that you are using. Could you please share that with us. This is how I have mine setup in my filebeat.yml:

filebeat.modules:
  - module: cisco
    asa:
      var:
        input: syslog
        syslog_host: '0.0.0.0'
        syslog_port: 9003

Then I configured the ASA to stream syslog to <filebeat_server_ip>:9003.

system · August 14, 2019, 1:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to load ASA logs in SIEM SIEM	2	582	October 7, 2020
Filebeat Module Problem Beats filebeat	2	12170	March 13, 2020
Need help with configuring cisco module in filebeat Beats beats-module , filebeat	4	2547	August 16, 2019
Cannot get Cisco Filebeat module to work Kibana	14	2158	December 29, 2021
Filebeat Fortinet Module + Kibana SIEM Beats filebeat	11	1632	August 11, 2020

SIEM Elastic - Beta -7.2 - Cisco module - unable to see data

Related topics