RSA Security Analytics



Similar documents
RSA Security Analytics

RSA Security Analytics

RSA Security Analytics

RSA Security Analytics

Lab Configure Cisco IOS Firewall CBAC

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

RSA Security Analytics Netflow Collection Configuration Guide

RSA Security Analytics Netflow Collection Configuration Guide

RSA Event Source Configuration Guide. McAfee Database Security

RSA Security Analytics

RSA Event Source Configuration Guide. EMC Avamar

Network Security 1. Module 8 Configure Filtering on a Router

Lab Configure Syslog on AP

Firewall Support for SIP

RSA Security Analytics

RSA Security Analytics

Configure Cisco IOS Firewall to use stateful packet inspection for IPv6. Configure Cisco IOS Firewall to use packet filtering for IPv6.

Logging in Cisco IOS. The minimum you should know

Lab 5.5 Configuring Logging

Configuring Logging. Information About Logging CHAPTER

Firewall Authentication Proxy for FTP and Telnet Sessions

Virtual Fragmentation Reassembly

Fireware How To Logging and Notification

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

PIX/ASA 7.x with Syslog Configuration Example

Lab - Configure a Windows 7 Firewall

Firewall Stateful Inspection of ICMP

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

FIREWALLS & CBAC. philip.heimer@hh.se

Configuring Syslog Server on Cisco Routers with Cisco SDM

Immotec Systems, Inc. SQL Server 2005 Installation Document

Management, Logging and Troubleshooting

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

Lab - Configure a Windows Vista Firewall

How to Program a Commander or Scout to Connect to Pilot Software

Configuring NetFlow Secure Event Logging (NSEL)

How To: Configure a Cisco ASA 5505 for Video Conferencing

User Guide to the Snare Agent Management Console in Snare Server v7.0

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Integrate ExtraHop with Splunk

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

Snare Agent Management Console User Guide to the Snare Agent Management Console in Snare Server v6

One-Step Lockdown with Cisco SDM

Device Integration: Citrix NetScaler

NAS 272 Using Your NAS as a Syslog Server

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Configuring System Message Logging

Integrate Astaro Security Gateway

Monitoring VMware ESX Virtual Switches

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

About Cisco PIX Firewalls

Planning Maintenance for Complex Networks

Setting Policies Using RF Director

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Tracking Network Changes Using Change Audit

8 steps to protect your Cisco router

Central America Workshop - Guatemala City Guatemala 30 January - 1 February 07. IPv6 Security

Configuring NetFlow Secure Event Logging (NSEL)

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Lab Configure IOS Firewall IDS

WhatsUp Event Alarm v10.x Listener Console User Guide

Integration with IP Phones

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

RSA Event Source Configuration Guide

Device Integration: CyberGuard SG565

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

How to Configure Windows Firewall on a Single Computer

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

Lab 8: Confi guring QoS

Output Interpreter. SHOW RUNNING-CONFIG SECURITY Analysis SHOW RUNNING-CONFIG - FW Analysis. Back to top

HP Device Manager 4.6

Chapter 1: Planning Maintenance for Complex Networks. TSHOOT v6 Chapter , Cisco Systems, Inc. All rights reserved.

HDA Integration Guide. Help Desk Authority 9.0

RSA Event Source Configuration Guide. Microsoft Dynamic Host Configuration Protocol Server

IOS Zone Based Firewall Step-by-Step Basic Configuration

Fireware How To Network Configuration

Firewall Configuration Guide

Flow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.

Lab Developing ACLs to Implement Firewall Rule Sets

Cisco Configuration Professional Quick Start Guide

Lab 7: Firewalls Stateful Firewalls and Edge Router Filtering

HP Device Manager 4.6

Using Remote Desktop with the Cisco AnyConnect VPN Client in Windows Vista

Configuring System Message Logging

Service Managed Gateway TM. How to Configure a Firewall

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

Controlling Ashly Products From a Remote PC Location

Integrated Cisco Products

Securing Networks with PIX and ASA

Integrate Check Point Firewall

Troubleshooting the Firewall Services Module

Network Load Balancing

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Firewall Stateful Inspection of ICMP

Integrating ConnectWise Service Desk Ticketing with the Cisco OnPlus Portal

Configuring the Dolby Conference Phone with Cisco Unified Communications Manager

FTP Server Configuration

Transcription:

RSA Security Analytics Event Source Log Configuration Guide Cisco IOS Last Modified: Thursday, February 19, 2015 Event Source Product Information: Vendor: Cisco Event Source: IOS Versions: IOS 12.4, 15.x RSA Product Information: Supported On: Security Analytics 10.0 and later Event Source Log Parser: ciscorouter Collection Method: Syslog Event Source Class.Subclass: Network.Router

Configure Cisco IOS Note: Cisco IOS will be discovered as Cisco Switch Router on the RSA Security Analytics platform. To configure Syslog collection for the Cisco IOS you must: I. Configure Security Analytics for Syslog Collection II. Configure Syslog Output on Cisco IOS Configure Security Analytics for Syslog Collection Note: You only need to configure Syslog collection the first time that you set up an event source that uses Syslog to send its output to Security Analytics. You should configure either the Log Decoder or the Remote Log Collector for Syslog. You do not need to configure both. To configure the Log Decoder for Syslog collection: 1. In the Security Analytics menu, select Administration > Services. 2. In the Services grid, select a Log Decoder, and from the Actions menu, choose View > System. 3. Depending on the icon you see, do one of the following: If you see, click the icon to start capturing Syslog. If you see, you do not need to do anything; this Log Decoder is already capturing Syslog. 4. Ensure that the parser for your event source is enabled. a. From the System pull-down menu, select Config. b. In the Service Parsers Configuration panel, search for your event source. c. Ensure that the Config Value field for your event source is selected. To configure the Remote Log Collector for Syslog collection: 1. In the Security Analytics menu, select Administration > Services. 2. In the Services grid, select a Remote Log Collector, and from the Actions menu, choose View > Config > Event Sources. 3. Select Syslog/Config from the drop-down menu. The Event Categories panel displays the Syslog event sources that are configured, if any. 4. In the Event Categories panel toolbar, click +. 2

The Available Event Source Types dialog is displayed. 5. Select either syslog-tcp or syslog-udp. You can set up either or both, depending on the needs of your organization. 6. Select the new type in the Event Categories panel and click + in the Sources panel toolbar. The Add Source dialog is displayed. 7. Enter 514 for the port, and select Enabled. Optionally, configure any of the Advanced parameters as necessary. Click OK to accept your changes and close the dialog box. Once you configure one or both syslog types, the Remote Log Collector collects those types of messages from all available event sources. So, you can continue to add Syslog event sources to your system without needing to do any further configuration in Security Analytics. Configure Syslog Output on Cisco IOS To configure Syslog output on Cisco IOS: 1. Connect to the Router box and enter CONFIG mode. 2. Type logging IP-address, and press ENTER to set the logging host where IP-address is the IP address of the RSA Security Analytics Log Decoder or RSA Security Analytics Remote Log Collector. 3. Type logging trap syslog-level, and press ENTER to set the logging level where syslog-level is the level of messages to be logged. Values for syslog level include: emergencies, alerts, critical, errors, warnings, notifications, informational, and debugging. Use debugging to ensure full logging. 4. Type logging source-interfacevlan interface-name, and press ENTER to set the logging interface where vlan is the VLAN that the RSA Security Analytics logging host is assigned to (if applicable) and interface-name is the name of the logging source. 5. Type logging on, and press ENTER to turn on logging. 6. Type service timestamps log datetime localtime show-timezone msec year, and press ENTER to enable timestamps. 7. If you do not want to use access lists, go to step 8. Otherwise, proceed as follows. 3

a. Configure access lists: i. Type access-list access-list-number permit tcp any log, and press ENTER ii. Type access-list access-list-number permit ip any log, and press ENTER If you already have access lists on your router, make sure that your accesslist command contains the log parameter shown. If you do not have access lists on your router, the parameter opens all traffic through your router while still allowing you to track the connection traffic. b. Type interface interface_name, and press ENTER: router(config)#interface fastethernet 0/1 router(config-if)# c. Type ip access-group access-list-number in, and press ENTER to set access list logging d. Type ip access-groupaccess-list-numberout, and press ENTER to set access list logging e. Repeat steps c and d for each logging source interface. 8. Configure audit trails (using IOS Firewall feature set commands): a. Type ip inspect audit-trail, and press ENTER to turn on the audit trail messages. b. Type ip inspect name inspection-namehttp, and press ENTER to set the inspection parameters. Repeat this step for each protocol to be inspected, for example tcp, udp, and ftp. where inspection-name is any name you choose. c. Type ip inspect inspection-namein, and press ENTER where inspection-name is one of the names you chose in Step b. d. Type ip inspectinspection-nameout, and press ENTER where inspection-name is one of the names you chose in Step b. e. Repeat Steps c and d on each logging source interface. 4

Copyright 2015 EMC Corporation. All Rights Reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go to www.rsa.com/legal/trademarks_list.pdf. Published in the USA. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information