Jump to content


Photo

Netwrok Device (CISCO Add on) Monitoring Login Events

Netwrok Device Monitoring

  • Please log in to reply
7 replies to this topic

#1 Dilip

Dilip

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 31 January 2019 - 03:12 AM

HI,

 

We Configured CISCO Add-on of Network Device monitoring, all Events are showing OK in report but Login events are missing. 

 

can any one help how to get login events for CISCO ?

 

please find the attached config files.

 

Attached Files



#2 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 94 posts
  • Gender:Male

Posted 31 January 2019 - 05:01 AM

Hi there,

 

1. set debug log level, edit settings.xml and find the following line:

<LogLevel>error</LogLevel>

change it to be like that:

<LogLevel>debug</LogLevel>

2. Restart syslog service on netwrix host

3. Wait for 24 hours

4. Provide updated SyslogService.log


Best regards,
Forum Engineer
 


#3 Dilip

Dilip

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 05 February 2019 - 11:55 AM

please find the attached logs.

 

I need Login events and Switch UP/Down Logs

Attached Files



#4 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 94 posts
  • Gender:Male

Posted 05 February 2019 - 04:18 PM

According to the log there is no rule to parse the login events, you should add the corresponding rule:

2/4/2019 8:41:24 PM [WRITER][DEBUG] No rules found for processing a message from 192.168.123.138. <190>10: 000011: *Jan  2 00:00:30: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.123.43 port 0 CLI Request Triggered


Best regards,
Forum Engineer
 


#5 Dilip

Dilip

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 06 February 2019 - 02:48 AM

Can you please guide me how to add this rule and where to add this rule.



#6 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 94 posts
  • Gender:Male

Posted 06 February 2019 - 11:31 AM

You should edit:

ciscoasa.xml for Cisco ASA

ciscoios.xml for Cisco IOS

ciscovpn.xml for Cisco VPN

 

Then create rules the similar way as they are specified by default.


Best regards,
Forum Engineer
 


#7 Dilip

Dilip

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 07 February 2019 - 10:55 AM

HI, 

 

i am not expert in to this. can you please send me one modified xml file to get login events? 



#8 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 94 posts
  • Gender:Male

Posted 07 February 2019 - 01:47 PM

Those xml files are included into archive of add-on, open them by any text editor like notepad, it is better to use notepad++(freeware), because it can parse xml and content becomes more comprehensive.

 

Then take a look at the examples of already working rules and create your custom rule.


Best regards,
Forum Engineer
 





0 user(s) are reading this topic

0 members, guests, anonymous users