Solved: Enterprise Monitoring for CSPC 2.6

twylyghtcisco · ‎04-19-2017

Management has requested that logging to our SIEM service is enabled for our virtual CSPC appliance. I have the destination IP address and port at the ready for the SIEM server, but I see no configuration options (GUI or otherwise) for this monitoring to take place

I appreciate any and all help that can be offered in this matter.

twylyghtcisco · ‎05-22-2017

My thanks for the reply sir. I ended up logging in with root access for the virtual appliance and modifying the rsyslog.conf file with a modified syntax of two "@"s rather than the single one. Once that was done, the system began forwarding its logs accordingly.

View solution in original post

Jarrett Pomeroy · ‎05-22-2017

Hello,

Would you be able to help provide us with some additional information about your SIEM application? Once we have some additional details, I can help to check and see if this integration is supported by the CSPC.

Please let me know if there are any questions.

Thank you,

Jarrett

twylyghtcisco · ‎05-22-2017

My thanks for the reply sir. I ended up logging in with root access for the virtual appliance and modifying the rsyslog.conf file with a modified syntax of two "@"s rather than the single one. Once that was done, the system began forwarding its logs accordingly.

Jarrett Pomeroy · ‎05-22-2017

Hello,

Glad to hear it's working for you now! And thank you for providing the steps you used to set up this type of monitoring.

Thank you,

Jarrett