Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Log & Event Manager (LEM) > Integrate Cisco network devices with SolarWinds LEM

Integrate Cisco network devices with SolarWinds LEM

Updated March 11th, 2016

Overview

This article discusses the different procedures of integrating various types of Cisco devices with the LEM appliance.

Environment

All LEM versions

Steps

Integrate Cisco IOS routers and switches with SolarWinds LEM

These steps show how to configure Cisco IOS devices to log to the LEM appliance, and how to configure the Cisco PIX and IOS connector on the LEM Manager.

Configure your Cisco IOS routers and switches:

  1. Connect to your Cisco IOS device using an SSH or Telnet client.
  2. Log in using administrative credentials for the device.
  3. Enter enable.
  4. Retype the administrative password for the device.
  5. Enter configure. A prompt message appears asking how you would like to configure. Press Enter.
  6. Enter logging LEM_IP_address.
    Note: LEM_IP_address is the IP address of your LEM Manager.
  7. Enter logging facility local2. This defines where the LEM Manager will look for the IOS logs.
  8. Enter logging trap debug, and enter exit to return to the previous prompt.
    Note: The debug level is recommended to capture everything, but choose the level best suited to your environment.
  9. Enter copy run start to reboot the device with the new configuration.
  10. Press Enter when prompted about the destination.

Note: If the customer has increased the Level of Security for the inside ports to secure, this blocks the ASA from Syslogging on Port#514, they will have to make changes or send logs out of another interface if they want but that's all up to the customer

 

Configure the Cisco PIX and IOS connector on your LEM Manager:

  1. Go to Manage > Appliances view in the LEM Console, and log on to the LEM Manager where you can configure the connector.

  2. Click the gear icon next to the LEM Manager, and select Connectors.
  3. In the Connector Configuration window, enter Cisco in the search box at the top of the Refine Results pane.
  4. Click the gear icon next to the Cisco PIX and IOS connector, and select New.
  5. Replace the Alias value with a more descriptive tool alias. 
  6. Verify the Log File value which should match the local facility in the Cisco routers and switches process.
  7. After configuring the connector, click Save. 
  8. Click the gear icon next to the new connector, and select Start. The Status icon turns green to indicate the connector has started.
  9. Click Close to exit the Connector Configuration window.

Once the connector starts running, you can create a filter to display all traffic from that specific device. For example:

Any Alert.ToolAlias = *IOS Switch 1*

 The asterisks serve as wildcard characters.

Integrate Cisco IDS/IPS with SolarWinds LEM

The following steps outlines the procedures in configuring a Cisco IDS/IPS user for integration with the LEM appliance, and configuring the Cisco IDS/IPS connector on the LEM appliance.

 

Configure Cisco IDS/IPS for integration with the LEM appliance:

Create a View Only user for your IDS/IPS appliance, which the LEM appliance will use to subscribe to the Cisco appliance's log data.

 

Configure the Cisco IDS/IPS connector on your LEM Manager:

  1. Open your LEM Console, and log in to your LEM Manager as an administrator.
  2. Click the gear icon next to your LEM Manager, and  select Connectors.
  3. In the Connector Configuration window, enter Cisco in the search box at the top of the Refine Results pane, and select IDS and IPS from the Category menu.
  4. Click the gear icon next to the connector that corresponds to the version of Cisco IDS/IPS in your environment, and select New.
  5. Enter a custom Alias or accept the default.
  6. If you are configuring the Cisco IDS/IPS v5/5.x connector, enter the URL for your IDS/IPS server in the URL field.
  7. If you are configuring the Cisco IPS 5+ (SDEE) connector, enter the IP address or host name for your IDS/IPS server in the Server field.
  8. Enter the username and password for the user created for integration with your LEM appliance.
  9. Once you have configured the connector, click Save.
  10. Click the gear icon next to the new connector, denoted by an icon in the Status column, and click Start.
  11. Click Close to exit the Connector Configuration window.

Integrate Cisco PIX and Cisco ASA Firewalls with SolarWinds LEM

The following steps show how to configure Cisco PIX and ASA firewalls to log to the LEM appliance, and how to configure the Cisco PIX and IOS connector on the LEM Manager.

 

Configure your Cisco PIX or ASA firewall:

  1. Connect to your firewall using an SSH or Telnet client.
  2. Log in using administrative credentials for the firewall.
  3. Enter enable.
  4. Re-enter the administrative password for the firewall.
  5. Enter config term.
  6. Enter logging host inside LEM_IP_address.
    Note: LEM_IP_address is the IP address of your LEM Manager.
  7. Enter logging facility 18. This defines where the LEM Manager will look for the firewall logs.
  8. Enter logging trap level.
    Note:Choose one of the logging levels listed in the Cisco PIX and ASA Trap Levels table for the level value. You can use either the Trap Level or Code for this value. We recommend using the debug logging level.
  9. Enter logging on to enable logging with these settings.
  10. Enter exit to return to the previous prompt.
  11. Enter copy run start to check that the new configuration is in place after a firewall reboot.

 

Configure the Cisco PIX and IOS connector on your LEM Manager:

  1. Go to the Manage > Appliances view in the LEM Console and log on to the LEM Manager where you can configure the connector.
  2. Click the gear icon next to the LEM Manager, and then select Connectors.
  3. In the Connector Configuration window, enter Cisco in the search box at the top of the Refine Results pane.
  4. Click the gear icon next to the Cisco PIX and IOS connector, and select New.
  5. Replace the Alias value with a custom alias or accept the default. For example, PIX Firewall.
  6. Check whether the Log File value matches the local facility defined in the Cisco PIX or ASA Firewall procedure.
  7. Once you have configured the connector, click Save. 
  8. Click the gear icon next to the new connector, and select Start. The Status icon will turn green to indicate the connector has started.
  9. Click Close to exit the Connector Configuration window.

Once the connector starts running, the default Firewall filter will begin displaying alerts from your Cisco PIX or ASA firewall. This connector will receive events from Cisco IOS operating system installed on PIX and ASA firewalls, or switches and routers with the IOS operating system.

 

Notes:

  • The conditions for the default firewall filter read:
 Any Alert.ToolAlias = *Firewall*

The asterisks serve as wildcard characters. If the alias does not contain the word "firewall", the default filter will not work until it has been edited to match the alias you defined.

  • By default, this connector will not receive TCP builds or TCP teardowns. To enable this functionality, see Enabling LEM to Track Events.

Cisco PIX and ASA Trap Levels

Trap Level

Code

Description

Emergency 0 Forwards only the highest priority messages, usually indicating failure or panic scenarios that must be addressed immediately.
Alert 1 Forwards messages that require immediate attention.
Critical 2 Forwards messages that should be reviewed as soon as possible and might be early warning signs of further problems.
Error 3 Forwards messages that might indicate a problem.
Warning 4 Forwards messages that should receive attention and might be errors.
Notification 5 Forwards messages that are considered to be important information, but that are not error conditions.
Informational 6 Forwards most messages.
Debug 7 Forwards all messages, including IDS messages.
Last modified
16:10, 22 Feb 2017

Tags

Classifications

Public