Using Cisco Fleet Integration

helferlein · June 16, 2021, 7:27am

Hi Elastic Users and Team.

I managed to install the fleet-server on prem and added the Cisco Fleet Integration to the fleet-server itself.

ELK Stack and also the fleetserver is on one virtual machine.

So my thought was now to tell our networking team to send the Cisco IOS Logs to the FQDN of that ELK Stack Server on Port 9002.

Am I correct with this?
What I am missing?

It seems that there are no logs shipped from that test Cisco Switch into Elasticsearch.

On the Configuration of the Cisco module I have just changed from localhost to the FQDN.
Left the ports as is.
Is there another config to do?
Or where I can check that logs actually?

Thank you for any answers.
Regards
Peter

helferlein · June 16, 2021, 9:41am

Well I found it... the port 9002/UDP wasn't open.
Opened it and now in the DataStreams I can see cisco.ios.

But there is no dashboard to see those informations.
And if I search within metrics or logs for the trap informations sent by the cisco switch it does not find anything out of it...

Where is this data now?

system · July 14, 2021, 9:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cisco IOS logging - help required Elasticsearch fleet , integrations	9	2460	June 13, 2022
Cisco FTD Integration Dashboard Missing Elastic Observability integrations	3	496	June 8, 2022
Fleet server & integrations does not provide log/data Elasticsearch docker , fleet	4	776	December 19, 2022
Cisco FTD Integration Elastic Agent	0	13	August 14, 2024
Not understading how Integrations mappings work Elasticsearch fleet	3	331	March 25, 2022

Using Cisco Fleet Integration

Related topics