cisco ios - ntp logging

55 views

Skip to first unread message

Udi Moshe

unread,

May 12, 2024, 6:02:03 AM5/12/24

to Wazuh | Mailing List

Hi,

i am using wazuh version 4.5.2.

can anyone confirm that syslog evemts related to ntp from cisco ios are not parsed ?

i have checked my switch config and i can see the logs in the switch but i do not see them on kibana.

i have configured "information" level on the switch for messages sent to wazuh.

10x,

udi

Rolly Davany Mougoue Kakanou

unread,

May 15, 2024, 11:01:55 AM5/15/24

to Wazuh | Mailing List

Hello Udi Moshe,

Wazuh has built-in decoders for Cisco IOS. However, the specific coverage for NTP-related syslog events from Cisco IOS might not be explicitly defined in the default decoders. You may need to create custom decoders and rules if the default ones do not meet your requirements.

Go through the following guide on how to create custom decoders and rules for the NTP events.

Regards,

Rolly Mougoue

Reply all

Reply to author

Forward

0 new messages