Create a Remote Log Source - Cisco ISR
- Aaron Gabriel (Deactivated)
- Former user (Deleted)
- Luke Fritz (Unlicensed)
Topics Discussed
You can use this document to send Cisco Integrated Services Router (ISR) logs to Armor's Security Information & Event Management (SIEM).
This document only applies to:
Cisco Integrated Services Router (ISR) (IOS)
Pre-Deployment Considerations
To create a remote Log Relay, you must already have:
A Log Relay server on your account
To learn how to add Log Relay to your account, see Obtain Log Relay for Remote Log Collection
Configured the system clock
Update Your Cisco ISR Device
Log into your Cisco ISR device.
Access the privileged EXEC mode:
hostname> enableAccess the global configuration mode:
hostname# configure terminalEnable logging:
hostname(config)# logging onConfigure the global logging settings:
hostname(config)# no logging console hostname(config)# logging trap warning hostname(config)# logging origin-id hostnameConfigure the logs to be sent to a designated Armor Log Relay device:
hostname(config)# logging source-interface <interface> hostname(config)# logging host <ipaddress> transport <protocol> port <port>Exit the configuration:
hostname(config)# exitSave the changes:
hostname# write memoryReview the logging configuration:
hostname# show run all logging logging enable logging timestamp logging hide username logging buffer-size 4096 logging asdm-buffer-size 100 logging buffered warnings logging trap warnings logging asdm warnings logging device-id hostname logging host inside 100.64.0.10 17/5140 logging flash-minimum-free 3076 logging flash-maximum-allocation 1024
Troubleshooting
Verify that logs are formatted correctly, similar to the following example: