Skip to main content

Cisco Catalyst

Cisco Catalyst switch

Cisco Catalyst

This pack includes Cortex XSIAM content.

Add timezone to the logs

The only supported event time is an event time with the time zone.

  1. Access the switch's command-line interface (CLI) using a terminal emulator or SSH.
  2. Access privileged EXEC mode by entering the following command and providing the enable password:
enable
  1. Enter global configuration mode:
configure terminal
  1. Configure the logging timestamp and specify the desired time format with the time zone:
logging timestamp datetime UTC
  1. Exit configuration mode:
exit
  1. To save the configuration changes run the command:
write memory

Note The time format is: "May 16 2023 14:30:00 UTC"

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.
  2. Go to the apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.
  3. Click Add New.
  4. When configuring the Syslog Collector, set the following values:
    • vendor as vendor - cisco
    • product as product - catalyst

PUBLISHER

Cortex

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedMay 23, 2023
Last ReleaseJanuary 16, 2024
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.