Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Cisco CatOS for Catalyst Switches

The JSA DSM for Cisco Catalyst Switches running Cisco CatOS accepts events by using syslog.

JSA records all relevant device events. Before you configure a Cisco CatOS device in JSA, you must configure your device to forward syslog events.

Configuring Syslog Forwarding for Cisco CatOS Devices

Before you configure a Cisco CatOS device in JSA, you must configure your device to forward syslog events.

  1. Log in to your Cisco CatOS user interface.

  2. Type the following command to access privileged EXEC mode:

    enable

  3. Configure the system to timestamp messages:

    set logging timestamp enable

  4. Type the following command with the IP address of JSA:

    set logging server <IP address>

  5. Limit messages that are logged by selecting a severity level:

    set logging server severity <server severity level>

  6. Configure the facility level to be used in the message. The default is local7.

    set logging server facility <server facility parameter>

  7. Enable the switch to send syslog messages to the JSA.

    set logging server enable

You are now ready to configure the log source in JSA.

Syslog Log Source Parameters for Cisco CatOS for Catalyst Switches

If JSA does not automatically detect the log source, add a Cisco CatOS for Catalyst Switches log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Cisco CatOS for Catalyst Switches:

Table 1: Syslog Parameters for the Cisco CatOS for Catalyst Switches DSM

Parameter

Value

Log Source name

Type the name of your log source.

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco CatOS for Catalyst Switch device.

Cisco CatOS for Catalyst Switches Sample Event Messages

Use these sample event messages to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Cisco CatOS for Catalyst Switches sample message when you use the Syslog protocol

Sample 1:The following sample event shows that a user logged in successfully.

Table 2: Highlighted values in the Cisco CatOS for Catalyst Switches Event

JSA field name

Highlighted values in the event payload

Event ID

LOGIN_SUCCESS

Username

user1

Source IP

172.20.40.35

Sample 2: The following sample event shows that a user logged out successfully.

Table 3: Highlighted Values in the Cisco CatOS for Catalyst Switches Sample Event

JSA field name

Highlighted values in the event payload

Event ID

LOGOUT

Username

qradar

Source IP

172.20.40.35