This is the multi-page printable view of this section. Click here to print.
Cisco
- 1: Access Control System (ACS)
- 2: Adaptive Security Appliance (ASA)
- 3: Application Control Engine (ACE)
- 4: Cisco IOS
- 5: Digital Network Architecture (DNA)
- 6: Email Security Appliance (ESA)
- 7: Firepower
- 8: Firepower Threat Defence (FTD)
- 9: Firewall Services Module (FWSM)
- 10: HyperFlex (HX, UCSH)
- 11: Identity Services Engine (ISE)
- 12: Integrated Management Controller (IMC)
- 13: IOS XR
- 14: Meraki MX
- 15: Private Internet eXchange (PIX)
- 16: TelePresence Video Communication Server (VCS)
- 17: Unified Computing System Manager (UCSM)
- 18: Unified Communications Manager (UCM)
- 19: Viptela
1 - Access Control System (ACS)
Access Control System (ACS): Centralizes network access control with RADIUS and TACACS+ for authentication and authorization.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | acs |
| service.name | CSCOacs_Single_Authentications, CSCOacs_Multi_Authentications |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:acs | netauth |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_ACS.
2 - Adaptive Security Appliance (ASA)
Adaptive Security Appliance (ASA): Provides stateful firewall, VPN support, and advanced threat protection for secure network perimeters.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | asa |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:asa | netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_ASA_FIREWALL.
3 - Application Control Engine (ACE)
Application Control Engine (ACE): Provides application-aware load balancing, SSL offload, and traffic control for Cisco networks.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ace |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ace | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_ACE.
4 - Cisco IOS
Cisco IOS: Network operating system for Cisco routers and switches, enabling routing, switching, and security.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ios |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ios | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_IOS.
5 - Digital Network Architecture (DNA)
Digital Network Architecture (DNA): Provides software-defined networking, policy automation, and analytics for enterprise infrastructure.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | dna |
| service.name | DNAC |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:dna | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_DNAC.
6 - Email Security Appliance (ESA)
Email Security Appliance (ESA): Protects email systems from spam, phishing, malware, and data loss with advanced threat filtering.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | esa |
| service.name | amp, antispam, content_scanner, error_logs, ESA, euq_logs, gui_logs, mail_logs, service_logs, reportd_logs, smartlicense, sntpd_logs, updater_logs |
| format | text-plain | cef |
Note that the device can be configured to send plain syslog text or CEF-formatted output.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype, index, and source settings:
| sourcetype | index | source |
|---|---|---|
| cisco:esa:http | esa:http | |
| cisco:esa:textmail | esa:textmail | |
| cisco:esa:amp | esa:amp | |
| cisco:esa:antispam | esa:antispam | |
| cisco:esa:system_logs | esa:system_logs | |
| cisco:esa:system_logs | esa:euq_logs | |
| cisco:esa:system_logs | esa:service_logs | |
| cisco:esa:system_logs | esa:reportd_logs | |
| cisco:esa:system_logs | esa:sntpd_logs | |
| cisco:esa:system_logs | esa:smartlicense | |
| cisco:esa:error_logs | esa:error_logs | |
| cisco:esa:error_logs | esa:updater_logs | |
| cisco:esa:content_scanner | esa:content_scanner | |
| cisco:esa:authentication | esa:authentication | |
| cisco:esa:http | esa:http | |
| cisco:esa:textmail | esa:textmail | |
| cisco:esa:amp | esa:amp | |
| cisco:esa | program: <variable> | |
| cisco:esa:cef | esa:consolidated |
Tested with: Splunk Add-on for Cisco ESA
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_EMAIL_SECURITY.
7 - Firepower
Firepower: Provides next-gen firewall features including intrusion prevention, app control, and malware protection.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | firepower |
| service.name | SFIMS |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:firepower:syslog | netids |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_FIREPOWER_FIREWALL.
8 - Firepower Threat Defence (FTD)
Firepower Threat Defence (FTD): Unifies firewall, VPN, and intrusion prevention into a single software for comprehensive threat defense.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ftd |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ftd | netfw |
9 - Firewall Services Module (FWSM)
Firewall Services Module (FWSM): Delivers multi-context, high-performance firewall services integrated into Cisco Catalyst switches.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | fwsm |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:fwsm | netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_FWSM.
10 - HyperFlex (HX, UCSH)
HyperFlex (HX, UCSH): Infrastructure solution combining compute, storage, and networking in a single system.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ucsh |
| service.name | hx-audit-rest, hx-device-connector, hx-ssl-access |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ucsh:hx | infraops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_UCS.
11 - Identity Services Engine (ISE)
Identity Services Engine (ISE): Manages network access control and enforces policies with user and device authentication capabilities.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
For details on configuring your Identity Services Engine to forward its logs to an AxoRouter instance, see Configure Remote Syslog Collection Locations in Cisco Identity Services Engine (ISE) Administrator Guide.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ise |
| service.name | CISE_Alarm, CISE_Passed_Authentications, CISE_RADIUS_Accounting, CISE_System_Statistics |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ise:syslog | netauth |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_ISE.
12 - Integrated Management Controller (IMC)
Integrated Management Controller (IMC): Provides out-of-band server management for Cisco UCS, enabling hardware monitoring and configuration.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | cimc |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:cimc | infraops |
13 - IOS XR
IOS XR: High-performance, modular network operating system for carrier-grade routing and scalability.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | xr |
| service.name | config, nfsvr, plat_sl_client, ssh_syslog_proxy |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:xr | netops |
14 - Meraki MX
Meraki MX: Cloud-managed network appliance offering firewall, VPN, SD-WAN, and security in a single platform.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | meraki |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:meraki | netfw |
Tested with: TA-meraki
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_MERAKI.
15 - Private Internet eXchange (PIX)
Private Internet eXchange (PIX): Legacy firewall appliance delivering stateful inspection and secure network access control.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | pix |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:pix | netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_PIX_FIREWALL.
16 - TelePresence Video Communication Server (VCS)
TelePresence Video Communication Server (VCS): Enables video conferencing control and call routing for Cisco TelePresence systems and endpoints.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | tvcs |
| service.name | tvcs |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:tvcs | main |
17 - Unified Computing System Manager (UCSM)
Unified Computing System Manager (UCSM): Centralized management platform for Cisco Unified Computing System (UCS) servers and resources.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ucsm |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ucs | infraops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_UCS.
18 - Unified Communications Manager (UCM)
Unified Communications Manager (UCM): Delivers unified voice, video, messaging, and mobility services in enterprise IP telephony systems.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ucm |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ucm | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_UCM.
19 - Viptela
Viptela: Software-defined WAN solution providing secure connectivity, centralized control, and traffic optimization.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | viptela |
| service.name | SYSMGR |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:viptela | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CISCO_VIPTELA.