Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

How to connect CISCO switches logs to Sentinel

Copper Contributor

I have a customer who requires collecting logs from above devices, firewalls and Windows, Linux servers. I'm ok with later components but couldn't figure out a way to collect logs from switches. Do we go with Linux syslog and collect the logs from cisco devices and forward to Sentinel? If that the case how to query them?

6 Replies

@Susantha Silva I am not that familiar with the Cisco naming, but have you looked at the connectors grand list to see if the product is listed there?

 

Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more) - Microsoft Tech ...

@GaryA thank you for the quick response. CISCO connectors available in the Sentinel talk about CISCO firewalls and above. Anyway I found out best option is to setup Linux syslog server and forward switches logs to that and forward to Sentinel. But I still didn't see much documentation about these process and how to query data out of Sentinel. Let me see further since I'm also exploring Sentinel at this stage.

@Susantha Silva 
Can you help me with the setup that you did, actually we are looking for some solution.

@Rabi_Sahu sure. Drop me an email to susanthasilva at hotmail dot com. I'll try to help you out in my level best. 

Hi @Susantha Silva,

 

Have you managed to collect logs from switches to sentinel? 

@Susantha Silva 

 

Hi, I hope you are doing ok, I was wondering if you can help me with the setup you did to send Cisco logs to Linux and then to Azure.

 

thank you in advance for your help, my email email address removed for privacy reasons or email address removed for privacy reasons