Cisco Logs | Graylog

Dear Graylog Team ,

Is there any way in order to Make Cisco logs more comfortable in Graylog through any plugins

For an example if am getting authentication fail logs how to extrace source , Destination , Port , and userid from the message and send an alert Via Mail

Is there any way to customer the email alert rather than sending it glimpsy can we make it in a summarized manner

Please help me on this

Maybe this can help:

Hey Zionio ,

I was able to receive cisco messages from syslog into graylog i want to extract source ip , destination ip , from the message can i know how

for that you use extractors or the processing pipeline.

as @jan said you can check on GL marketplace https://marketplace.graylog.org/addons?search=cisco

Hope this helps :thinking:

Already tried this , no use of it

I have tried but unable to extract source ip and destination from a single message

One of the log example :
100.65.203.6 334: Jan 12 15:43:55.889 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 10f3.1149.2f20 in vlan 862 is flapping between port Gi0/26 and port Gi0/25

Please help me with the extraction of Source IP , Mac address , Vlan And ports

Based on log example, you can create a GROK extractor with:

%{IPV4:source_ip} %{GREEDYDATA} Host %{DATA:mac_accdress} in vlan %{INT:vlan} is flapping between port %{GREEDYDATA:port_a} and port %{GREEDYDATA:port_b}

Remember to check: Named captures only

Hope this helps :thinking:

1 Like

Ziono I have applied the gork pattern but its not displaying in Graylog main page Field value

Can you show me a log example that did not match the GROK pattern created ?

It has been started working , is it possible to send the gork fields in email alert

I mean i have extracted a specific fields from the message is it possible send only these fields in email alert

Thanks & Regards ,
Balaji

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.