| Insert excerpt |
|---|
| ESLP:Permissions for Log Relay and Remote Log Collection (snippet) |
|---|
| ESLP:Permissions for Log Relay and Remote Log Collection (snippet) |
|---|
| nopanel | true |
|---|
|
You can use this document to send Cisco Integrated Services Router (ISR) logs to Armor's Security Information & Event Management (SIEM).
This document only applies to:
...
- A Log Relay server on your account
- Configured the system clock
Update Your Cisco ISR Device
...
- Log into yourCisco ISR device.
Access the privileged EXEC mode:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname> enable |
Access the global configuration mode:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname# configure terminal |
Enable logging:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname(config)# logging on |
Configure the global logging settings:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname(config)# no logging console
hostname(config)# logging trap warning
hostname(config)# logging origin-id hostname |
Configure the logs to be sent to a designated Armor Log Relay device:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname(config)# logging source-interface <interface>
hostname(config)# logging host <ipaddress> transport <protocol> port <port> |
| Note |
|---|
- In <interface>, enter the name of the Cisco ISR interface, such as GigabitEthernet 1.
- In <ipaddress>, enter the IP address of the designated Armor Log Relay device.
- To locate your IP address in AMP, in the left-side navigation, click Infrastructure, click Virtual Machines, and then review the Primary IP column for the corresponding virtual machine.
- For <protocol> and <port>,
- For UDP, enter transport udp port 10117.
- Armor recommends that you use UDP.
- For TCP, enter transport tcp port 10117.
|
Exit the configuration:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname(config)# exit |
Save the changes:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname# write memory |
Review the logging configuration:
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
|
hostname# show run all logging
logging enable
logging timestamp
logging hide username
logging buffer-size 4096
logging asdm-buffer-size 100
logging buffered warnings
logging trap warnings
logging asdm warnings
logging device-id hostname
logging host inside 100.64.0.10 17/5140
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024 |
| Note |
|---|
If present, logging standby enables logging on a standby unit with failover enabled. As a result, this option causes increases traffic on the syslog server. |
...