Configure syslog in Cisco Cyber Vision
Cisco Cyber Vision provides syslog configuration so that events can be exported and used by a SIEM. To configure which machine syslogs will be sent to:
Procedure
Step 1 |
In Cisco Cyber Vision, navigate to Admin > System > Syslog configuration. |
Step 2 |
Click Configure. |
Step 3 |
Select a protocol among UDP, TCP and TCP + TLS. If you select TCP + TLS connection an additional Set certificate button is displayed to import a p12 file. This file is to be provided by the administrator of your SIEM solution to secure communications between the Center and the syslog collector. |
Step 4 |
Enter the IP address of the SIEM reachable from the Administration network interface (i.e. eth0) of the Center. |
Step 5 |
Enter the port on the SIEM that will receive syslogs. |
Step 6 |
Select the variant of syslog format:
|
Step 7 |
Click Save configuration. The syslog configuration is displayed on the Admin System page. |