Updated March 11th, 2016
This article discusses the different procedures of integrating various types of Cisco devices with the LEM appliance.
All LEM versions
These steps show how to configure Cisco IOS devices to log to the LEM appliance, and how to configure the Cisco PIX and IOS connector on the LEM Manager.
Note: If the customer has increased the Level of Security for the inside ports to secure, this blocks the ASA from Syslogging on Port#514, they will have to make changes or send logs out of another interface if they want but that's all up to the customer
Go to Manage > Appliances view in the LEM Console, and log on to the LEM Manager where you can configure the connector.
Once the connector starts running, you can create a filter to display all traffic from that specific device. For example:
Any Alert.ToolAlias = *IOS Switch 1*
The asterisks serve as wildcard characters.
The following steps outlines the procedures in configuring a Cisco IDS/IPS user for integration with the LEM appliance, and configuring the Cisco IDS/IPS connector on the LEM appliance.
Create a View Only user for your IDS/IPS appliance, which the LEM appliance will use to subscribe to the Cisco appliance's log data.
The following steps show how to configure Cisco PIX and ASA firewalls to log to the LEM appliance, and how to configure the Cisco PIX and IOS connector on the LEM Manager.
value. You can use either the Trap Level or Code for this value. We recommend using the debug logging level.
Once the connector starts running, the default Firewall filter will begin displaying alerts from your Cisco PIX or ASA firewall. This connector will receive events from Cisco IOS operating system installed on PIX and ASA firewalls, or switches and routers with the IOS operating system.
Any Alert.ToolAlias = *Firewall*
The asterisks serve as wildcard characters. If the alias does not contain the word "firewall", the default filter will not work until it has been edited to match the alias you defined.
|Emergency||0||Forwards only the highest priority messages, usually indicating failure or panic scenarios that must be addressed immediately.|
|Alert||1||Forwards messages that require immediate attention.|
|Critical||2||Forwards messages that should be reviewed as soon as possible and might be early warning signs of further problems.|
|Error||3||Forwards messages that might indicate a problem.|
|Warning||4||Forwards messages that should receive attention and might be errors.|
|Notification||5||Forwards messages that are considered to be important information, but that are not error conditions.|
|Informational||6||Forwards most messages.|
|Debug||7||Forwards all messages, including IDS messages.|