GFI
English Deutsch Français Italiano Nederlands Español
Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

GFI & Cisco 3750 Switch

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Network Security] >> GFI EventsManager >> GFI & Cisco 3750 Switch Page: [1]
Login
Message << Older Topic   Newer Topic >>
GFI & Cisco 3750 Switch - 9.Jun.2008 12:40:52 PM   
rosemr

 

Posts: 1
Score: 0
Joined: 9.Jun.2008
Status: offline 		I cannot get GFI to receive syslog messages from my 3750 VOIP Switch.  I cannot add the device to the custom group I created...everytime I try to add something, the system goes grey and it will stay like that.

I was able to add my PIX Firewall to GFI, however that is the only Cisco device it will capture Syslog events.

Any help in regards to what I am doing wrong would be apprecaited.

PS..please dont say to look through the documentation or log a ticket with GFI...I have done those already and am at the same place I was when I started.  The Tech support person at GFI has no idea why its not working!
Post #: 1
RE: GFI & Cisco 3750 Switch - 30.Jun.2008 3:08:56 PM   
spidermouse

 

Posts: 39
Score: 0
Joined: 27.Jul.2006
Status: offline 		If the rep has no idea why it is not working, then he should escalate the case to a higher level.

Either way, it would be interesting to know if the Syslog messages are actually arriving on the Eventsmanager machine or not. Wireshark should give you a definite answer here. Next, check in the Eventsmanager interface if the Syslog messages show in the real-time monitor and if they are maybe rejected. IF they are rejected, then this is usually becasue there is no procesing rule that applies to the messages received and they are discarded. Maybe switch to "archive all" for a while so you can get the mesages into your DB and see what part of the message goes into what field of the DB. This way, it's much easier to alter the processing rules.

If they don't show up in the real-time monitor, but wireshark DOES confirm the arrival of the messages on the machine, then the question is: why does Eventsmanger not see them? Is there another application installed that might intercept the syslog messages? Is there anything different on the Cisco 3750 messages compared to normal messages? What is the mechanism that allows Evetnsmanager to "see" those messages? GFI's Mail-products use SMTP sinks to capture the smtp traffic. What do GFI use to capture Syslogs? I'm sure there would be something similar...

(in reply to rosemr)
Post #: 2
Page:   [1]
All Forums >> [Network Security] >> GFI EventsManager >> GFI & Cisco 3750 Switch Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software