Cisco IOS and NX-OS Integration Guide🔗
Cisco IOS and NX-OS devices (routers, switches, etc.) must be configured to send logs via syslog to the Taegis™ XDR Collector. IOS and NX-OS logs are filtered and correlated in real-time for various security event observations.
Connectivity Requirements🔗
| Source | Destination | Port/Protocol |
|---|---|---|
| IOS or NX-OS (mgmt IP) | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integrations🔗
| Normalized Data | Out-of-the-Box Detections | Vendor-Specific Detections | |
|---|---|---|---|
| Cisco IOS based Switches and Routers | Management | Auth |
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Logging Instructions for Cisco IOS🔗
The following commands enable IOS logging. Note that depending on your IOS version, some commands may not be supported.
ciscoios (config)# login on-failure log
ciscoios (config)# login on-success log
ciscoios (config)# logging trap debugging
ciscoios (config)# logging source-interface <interface closest to XDR Collector>
ciscoios (config)# logging host <syslog_IP>
ciscoios (config)# ip nat log translations syslog
ciscoios (config)# copy running-config startup-config
Important
You must be in privileged EXEC mode for the final command to work.
Logging Instructions for Cisco NX-OS🔗
The following commands enable NX-OS logging. Note that depending on your NX-OS version, some commands may not be supported. If this is the case, please notify your Provisioning Engineer.
Enable informational module log messages at the default facility of local7:
Configure informational logging to the specified XDR Collector at the default facility of local7. Use the XDR Collector’s IP address for syslog-IP: