Re: Best Cisco Logs for SIEM Nexus OS Switches

kabip7 · ‎12-28-2023

I have been asked by our Security Team to send my Logs to a Syslog server for them to keep data. When i asked them what Logs they would like they said "Send us the Logs" When i asked what Facility logs they wanted they said all the buildings. The Suborn part of me wants to just go set level 7 on all logs and send them to them and fill their Syslog server up. But at the same time it will mess up my logging, What logs do you send to your Security team to keep them happy and at what level?

https://19216801.onl/ https://routerlogin.uno/

balaji.bandi · ‎12-28-2023

Its all depends what you like to achieve, and depends on the device models like router / FW /. Switches / WLC so on the list go on.

SIEM is planning what logs to monitor to get out of the product best to achieve.

exmaple : we setup a all the logs, you may have 1000 of logs, but in between you may have 1 log that is important, so take time to analyse that, instead, first send all logs and then trim down what logs you do not need to send from your syslog to SIEM product.

Example i use Graylog - we do pipeline stream the Logs based on the inputs.

there is good video :

https://www.youtube.com/watch?v=6pEK0rlsCMk

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help