- Getting started
- Architecture
- Administration
- User interface
-
System configuration
- Installation of software packages
-
Relays
- The In-house Relay
- In-house Relay rules
- In-house Relay configuration
- In-house Relay installation using a virtual machine
- In-house Relay installation using the software package
- Installing the USA relay on an Ubuntu 16 VM server
- CentOS relay installation
- Relay installation in any Linux distribution
- High-availability relay
- In-house Relay troubleshooting
- Sending the data
- Supported technologies
-
Data Search
- Running a search
- LINQ
- Viewing the data tables
- Viewing column info
- Running queries (tutorials)
- Last queries
- Query management
- Lookup management
- Favorite queries
- Sharing queries
- Table toolbar features
-
Additional tools
- Dashboard data source
-
Charts
- Affinity chord diagram
- Availability timeline
- Bipartite chord diagram
- Bubble chart
- Chart aggregation
- Custom date chart aggregation
- Flame graph
- Flat world map by coordinates
- Flat world map by country
- Google animated heat map
- Google area map
- Google heat map
- Graph diagram
- Histogram
- Pie chart
- Pie layered chart
- Punch card
- Sankey diagram
- Scatter plot
- Time heatmap
- Voronoi treemap
- Graphical correlation
- Query Info
- Custom tables
- Aliased finder
- Custom finder
- Data reinjection
- Available operations
- Best practices for data search
- Alerts management
-
Dashboards
- Setup a data source
- Create a new dashboard
-
Working with dashboard widgets
- Availability timeline widget
- Chord diagram widget
- Circle world map widget
- Color key value widget
- Color world map widget
- Column chart widget
- Comparative chart widget
- Funnel widget
- Gauge meter widget
- Google heatmap widget
- Heat calendar widget
- Line chart widget
- Monitoring widget
- Pie chart widget
- Punch card widget
- Sectored pie chart widget
- Table widget
- Time heatmap widget
- Tree diagram widget
- Voronoi tree widget
- Configuring and sharing dashboards
- API
- Use cases
switch.cisco
You can configure a Cisco switch to report the logs to a remote syslog server. Depending on the model and version, you can choose the tcp/udp protocol and arbitrary port. In other cases is is only be possible to report to syslog standard port 514/udp.
In none of the cases, the logs can be tagged at the origin, so it is necessary to send them through a Devo In-house Relay that will label them as switch.cisco and forward them to Devo.
Cisco CatOS
For older Cisco switches models using CatOS, you can configure the sending as it follows:
Conf CISCO CatOS
set logging server DEVO-RELAY
set logging server facility local3
set logging server severity 6
set logging server enable
- Replace DEVO-RELAY with the In-house Relay IP.
- Please note that it only allows to send to syslog standard port 514/udp.
Cisco IOS
For Cisco IOS models, you can configure the sending as it follows:
CISCO IOS Conf
config terminal
no service sequence-numbers
logging host DEVO-RELAY transport udp port PORT
logging trap informational
logging facility local3
logging on
- Replace DEVO-RELAY and PORT with the In-house Relay server and port.
In case your IOS version is not up-to-date and doesn't support the sending through an arbitrary TCPand Port, the alternative is sending to syslog standard port 514/udp.
CISCO IOS old versions Conf
config terminal
no service sequence-numbers
logging DEVO-RELAY
logging trap informational
logging facility local3
logging on
Sending to Devo
You need to install an In-house Relay relay for the correct tagging of these logs.
When configuring the rule to tag the logs as switch.cisco at the relay you have the following options:
- Arbitrary port
The device allows the configuration of an arbitrary destination port. Here you should create a rule to listen the selected port (e.g. port 130003/tcp) and tag all the events coming to the port as switch.cisco.
- 514/udp port
The web device does not allow to configure a port. In this case, you should create a rule to listen on the 514/upd port and tag the events coming through the port as switch.cisco. If through that port you are also receiving events from other log sources, you can tighten the rule. For example, you can filter by the switch source IP and/or by the syslog facility where the logs will be arriving.