I get the logs of some “anonymous” devices (source
2011067: and progressives) and I so that some are cisco . How can I make viewing the logs easier? Investigating the cisco are :“Cisco IOS XE Software, Version 17.03.04
Cisco IOS Software [Amsterdam], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.3.4, RELEASE SOFTWARE (fc3)”
Help Me?
Grazie
You could try using a different input like RawPlaintext UDP/TCP see if that helps. Most, if not all our switches use that type of Input, then using a piepline to modify the logs and/or drop the ones we dont need.
I’m starting to use graylog. The documentation is too extensive and so I’m learning from examples. I created the input with the cisco standard port 514 (remapped 1514) and I see the logs of all my network devices (cisco and extreme). You suggested a RawPlaintext UDP/TCP input but I can use either RawPlaintext UDP or RawPlaintext/TC and using the same port 1514 I get no logs. I’m trying to use hrleinonen/graylog-cisco but it’s complicated and displaying little data. Could you be more specific do you have a json file for me to try??