Replies: 1 comment 7 replies
-
You would use an Elastic Agent integration, but as of right now we do not support the Cisco IOS integration. However it is on the list to be added and might be ready for 2.4.40, but no guarantee. Additional documentation about the integration installation and configuration process can be found here: https://docs.securityonion.net/en/2.4/elastic-fleet.html#integrations |
Beta Was this translation helpful? Give feedback.
7 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Version
2.4.30
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
airgap
Hardware Specs
Meets minimum requirements
CPU
8
RAM
32
Storage for /
200
Storage for /nsm
200
Network Traffic Collection
tap
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
In SO2.3 I use filebeat Cisco ios module to ingest logs on UDP:9002. With SO2.4 I believe the old method is no longer the way forward and there is no more so-filebeat docker container. I think I need to put custom Cisco parser here /opt/so/saltstack/local/salt/elasticsearch/files/ingest/ but is that something I build from scratch or Elastic has a custom repo where I can just download these?
https://docs.securityonion.net/en/2.4/elasticsearch.html#parsing
Also, I am unclear on how I configure the device, do I need to configure Cisco IOS with "logging host SO-IP transport udp port 514" or is it like SO2.3 where I send it to a custom port?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions