Armor Knowledge Base / Armor Management Portal / Log Management
Create a Remote Log Source (Cisco ISR)
Topics Discussed
To obtain Log Relay and to configure your account for remote log collection, you must have the following AMP permissions added to your account:
- Write Virtual Machine
- Delete Log Management
- Read Log Endpoints
- Read Log Relays
- Write Log Relays
- Delete Log Relays
You can use this document to send Cisco Integrated Services Router (ISR) logs to Armor's Security Information & Event Management (SIEM).
This document only applies to:
- Cisco Integrated Services Router (ISR) (IOS)
Pre-Deployment Considerations
To create a remote Log Relay, you must already have:
- Added Log Relay to your account
- To learn how to add Log Relay to your account, see Obtain Log Relay for Remote Log Collection.
- Configured the system clock
Update Your Cisco ISR Device
Troubleshooting
Verify that logs are formatted correctly, similar to the following example:
May 22 2019 16:11:55 asav-984 : %ASA-4-411004: Interface Management0/0, changed state to administratively down
Was this helpful?