Document toolboxDocument toolbox

auth.cisco

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
3 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with auth.cisco identify events generated by Cisco products.

Tag structure

The full tag must have 3 levels. The first two are fixed as auth.cisco. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Cisco Identity Services Engine

auth.cisco.acs

auth.cisco.acs

auth.cisco.ise

auth.cisco.ise

How is the data sent to Devo?

Logs generated by Cisco must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:

Relay rule - Cisco ISE

Define the following rule in your relay to send logs generated by Cisco Identity Services Engine (ISE):

  • Source port - 13011

  • Target tag - auth.cisco.ise

  • Sent without syslog tag -

Table structure

These are the fields displayed in these tables: