02-09-2023 03:10 AM
Any other people using the ELK stack for their network logging infrastructure happen to have a decently complete grok pattern file for Cisco network equipment? As a bonus, does anyone have a set of patterns that support ECS (Elastic Common Schema)?
02-09-2023 10:56 AM - edited 02-09-2023 10:58 AM
Not really you get in hand, depends on logs you build grok patterns.
you can find some example here :
https://github.com/mrjohnson1024/graylog-extractors/blob/master/exported-FirePOWER-extractors.json
i spent good time to undertand the grok, but after long struggle i could able to get from dfferent logs to stream line,. but that is custom requirement.
i was used that it works as expected in graylog.
02-09-2023 11:28 PM
Right, I understand. However, everyone is probably duplicating effort writing their own rules. Also, if someone who is intimately familiar with Cisco logging (someone who works at Cisco perhaps) spent a little time building a complete grok file, it would reduce everyone's toil and probably result in a better overall experience.
Our "grok as your need it" method is fine, but hardly efficient or complete.
02-10-2023 03:33 AM
Agreed - if you go any commercial one Like splunk or any other tools you do not need to do anything (but what cost very important)
as cost effective most people to look for opensource where they can to save lot money (but different requirement)
I am sure cisco do have some products to analyse logs and give you alerts based on that logs.
its all how you want to invest time and money. you can add wish list, or you can contribute to community if you like to (welcome).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide