• Support
  • Forums
  • Blogs

Cisco switch logs are in cisco-router.log and .../alienvault/devices/x.x.x.x/ but not in syslog

kb0odlkb0odl

I have a new router with a cisco switch module inside it that runs its own IOS as a completely separate IP/device.  The new router shows up in the SIEM console view automatically but the switch module logs are only showing up in cisco-router.log and the devices/ip.address directory, not in /var/log/syslog.  This means I am not seeing the logs being processed for the switch module in the Security events (SIEM) console. 
The cisco router plugin is being used for processing logs from this switch IP but something isn't processing the logs to be sent to /var/log/syslog.
What is missing?

Share post:

Comments

  • Also, it shows up as an Asset, so I'm not allowed to add it because it's already there.  I can see Asset Details but it still doesn't show up in the SIEM
  • Another also, it is assigned to the same sensor as the router chassis that is working properly.
Sign In or Register to comment.