|Syslog||Network device software update, configuration analysis for compliance, admin login||Log analysis and compliance|
Over 40 event types are generated by parsing Cisco Network Configuration Manager logs. The complete list can be found in ADMIN > Device Support > Event Types by searching for "Cisco-NCM". Some important ones are
There are no predefined rules for this device.
There are no predefined reports for this device.
FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.
Note that each JSON formatted syslog contains many logs.
490998571 Mon Mar 03 03:09:31 EST 2014 Savvy Device Command Script Completed Successfully server01.foo.com 10.4.161.32 Script 'Re-enable EasyTech port for Cisco IOS configuration' completed. Connect - Succeeded Connected via ssh to 10.170.30.9 [in realm Default Realm] Login / Authentication - Succeeded Successfully used: Last successful password (Password rule Retail TACACS NCM Login) Optional:Script - Succeeded Successfully executed: prepare configuration for deployment Script - Succeeded Successfully executed: deploy to running configuration via TFTP through CLI Bypassed: deploy to running configuration via SCP through CLI. (Requires SCP, CLI to be enabled.) Tried: deploy to running configuration via FTP through CLI (Warning: SSH server username or password not specified in NA admin settings.) Optional:Script - Succeeded Successfully executed: determine result of deployment operation Script run: ------------------------------------------------------------ ! interface fast0/16 no shut 491354611 Tue Mar 04 03:38:22 EST 2014 FooA Software Update Succeeded server01.foo.com 22.214.171.124 44571 10.173.30.9 $OrignatorEmail$ FooA Update Device Software 2014-03-04 03:30:00.0 usmist_1699295009 (126.96.36.199) Succeeded