Create a Remote Log Source - Cisco ISR

Owned by Aaron Gabriel (Deactivated)

Last updated: 13 December 2023 by Aaron Gabriel (Deactivated)

2 min read

Topics Discussed

1 Pre-Deployment Considerations
2 Update Your Cisco ISR Device

You can use this document to send Cisco Integrated Services Router (ISR) logs to Armor's Security Information & Event Management (SIEM).

This document only applies to:

Cisco Integrated Services Router (ISR) (IOS)

Pre-Deployment Considerations

To create a remote Log Relay, you must already have:

A Log Relay server on your account
- To learn how to add Log Relay to your account, see Obtain Log Relay for Remote Log Collection
Configured the system clock

Update Your Cisco ISR Device

Log into your Cisco ISR device.
Access the privileged EXEC mode:
hostname> enable
Access the global configuration mode:
hostname# configure terminal
Enable logging:
hostname(config)# logging on
Configure the global logging settings:
Configure the logs to be sent to a designated Armor Log Relay device:
Exit the configuration:
Save the changes:
Review the logging configuration:

Troubleshooting

Verify that logs are formatted correctly, similar to the following example: