Cisco Catalyst
This pack includes Cortex XSIAM content.
Enabling Timestamps with a Time Zone on Log Messages
The timestamp parsing is supported only for timestamps including a time zone.
Follow the steps below to enable time stamping of log messages including a UTC timezone:
- Access the switch's command-line interface (CLI) using a terminal emulator or SSH.
- Access privileged EXEC mode by entering the following command and providing the enable password:
enable- Enter global configuration mode:
configure terminal- Configure the logging timestamp and specify the desired time format with the time zone:
logging timestamp datetime UTC- Exit configuration mode:
exit- To save the configuration changes run the command:
write memoryNote The time format is: "May 16 2023 14:30:00 UTC"
Collect Events from Vendor
In order to use the collector, use the Broker VM option.
### Broker VM
You will need to use the information described here.
You can configure the specific vendor and product for this instance.
- Navigate to Settings → Configuration → Data Broker → Broker VMs.
- Go to the APPS column under the Brokers tab and add the Syslog app for the relevant broker instance. If the Syslog app already exists, hover over it and click Configure.
- Click Add New.
- When configuring the Syslog Collector, set the following parameters:
| Parameter | Value
| :--- | :---
|Port| Enter the syslog service port that Cortex XSIAM Broker VM should listen on for receiving forwarded events from Cisco Catalyst Devices.
|Vendor| Enter cisco.
|Product| Enter catalyst.
