7 replies to this topic

[Dilip]

HI,

 

We Configured CISCO Add-on of Network Device monitoring, all Events are showing OK in report but Login events are missing. 

 

can any one help how to get login events for CISCO ?

 

please find the attached config files.

 

Attached Files

•  SyslogService.zip   996bytes   1 downloads
•  settings.xml   3.83KB   1 downloads

[Kirill K]

Hi there,

 

1. set debug log level, edit settings.xml and find the following line:

<LogLevel>error</LogLevel>

change it to be like that:

<LogLevel>debug</LogLevel>

2. Restart syslog service on netwrix host

3. Wait for 24 hours

4. Provide updated SyslogService.log

[Dilip]

please find the attached logs.

 

I need Login events and Switch UP/Down Logs

Attached Files

•  SyslogService.zip   54.66KB   1 downloads

[Kirill K]

According to the log there is no rule to parse the login events, you should add the corresponding rule:

2/4/2019 8:41:24 PM [WRITER][DEBUG] No rules found for processing a message from 192.168.123.138. <190>10: 000011: *Jan  2 00:00:30: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.123.43 port 0 CLI Request Triggered

[Dilip]

Can you please guide me how to add this rule and where to add this rule.

[Kirill K]

You should edit:

ciscoasa.xml for Cisco ASA

ciscoios.xml for Cisco IOS

ciscovpn.xml for Cisco VPN

 

Then create rules the similar way as they are specified by default.

[Dilip]

HI, 

 

i am not expert in to this. can you please send me one modified xml file to get login events? 

[Kirill K]

Those xml files are included into archive of add-on, open them by any text editor like notepad, it is better to use notepad++(freeware), because it can parse xml and content becomes more comprehensive.

 

Then take a look at the examples of already working rules and create your custom rule.