How to connect CISCO switches logs to Sentinel

Question

I have a customer who requires collecting logs from above devices, firewalls and Windows, Linux servers. I'm ok with later components but couldn't figure out a way to collect logs from switches. Do we go with Linux syslog and collect the logs from cisco devices and forward to Sentinel? If that the case how to query them?

susantha silva · Answer

GaryA thank you for the quick response. CISCO connectors available in the Sentinel talk about CISCO firewalls and above. Anyway I found out best option is to setup Linux syslog server and forward switches logs to that and forward to Sentinel. But I still didn't see much documentation about these process and how to query data out of Sentinel. Let me see further since I'm also exploring Sentinel at this stage.

garybushey · Answer

Susantha Silva&nbsp;I am not that familiar with the Cisco naming, but have you looked at the connectors grand list to see if the product is listed there?&nbsp;Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more) - Microsoft Tech Community

rabi_sahu · Answer

Susantha Silva&nbsp;Can you help me with the setup that you did, actually we are looking for some solution.

susantha silva · Answer

Rabi_Sahu&nbsp;sure. Drop me an email to susanthasilva at hotmail dot com. I'll try to help you out in my level best.&nbsp;

sushvik · Answer

Hi&nbsp;Susantha Silva,&nbsp;Have you managed to collect logs from switches to sentinel?&nbsp;

Forum Discussion

How to connect CISCO switches logs to Sentinel

6 Replies

Resources