Solved: Cicso B2B router logs on QRadar SIEM

saif505 · ‎07-03-2023

I am looking for the details of which type of logs of CISCO B2B router are logged in QRadar SIEM.

Regards,

ahollifield · ‎07-05-2023

Still not enough information, Cisco B2B? What model? What version of software? What are you looking to log from it? Is Syslog enabled today? What SIEM? What do you think would be missing? What are trying to capture?

View solution in original post

ahollifield · ‎07-03-2023

Huh? B2B? What model? I would suspect whatever you can export with syslog which on a Cisco device is typically everything...

https://community.cisco.com/t5/security-knowledge-base/how-to-ask-the-community-for-help/ta-p/3704356

saif505 · ‎07-05-2023

Basically the only information I have is that its Cisco B2B Router I have to identify the gaps in terms of logging level.

ahollifield · ‎07-05-2023

Huh? This is not enough information for anyone to help out unfortunately. Logging gaps in what way?

saif505 · ‎07-05-2023

I am SOC analyst. I have been assigned with the task to identify what are logs that are currently received by QRadar SIEM from log source Cisco B2B router and in actual what types of logs this device generates. Comparing these to identify what are the logging gaps in my SIEM environment and what type of logs are important for me as an analyst to monitor

ahollifield · ‎07-05-2023

Still not enough information, Cisco B2B? What model? What version of software? What are you looking to log from it? Is Syslog enabled today? What SIEM? What do you think would be missing? What are trying to capture?