I was curious if anyone has tried to pass network traffic on a Cisco switch to graylog server? At the moment it seems damn near impossible. At the moment I am able to pass the IOS system logs to graylog with the “logging host” IOS command. Also I am able to see network traffic by enabling SPAN on the switch and monitoring with Wireshark on another port.
I was just curious if I could pass that Wireshark-looking live traffic to graylog?
Graylog is a log server, not network traffic analyzer. Graylog supports only netflow statistics, it has special input for it. But you can’t pass it complete network stream from SPAN port. Check for packetbeat, and then send to graylog, that way it should work.
Hi, zsanford
I have done this scenario before for Cisco switch traffic.
See the post below
This is awesome thank you!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
