Filebeat — Cisco Modules

Collect log syslog from Cisco IOS to Elasticsearch

Prerequisites
- elasticsearch7.11.1 cluster x 1 with kibana
- linux(Ubuntu20.04 in my case) for install filebeat , be syslog target for cisco IOS

Install Filebeat follow by the link below.
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html

overview

EXAMPLE — Configure Cisco IOS for logging to Filebeat server
172.22.10.117 is my Filebeat server listening on port 9001

configure logging on cisco IOS

EXAMPLE — Filebeat.yml
Change filebeat.input
- module: cisco
Modify host for kibana and elasticsearch target.

filebeat.yml

EXAMPLE — modify /etc/filebeat/modules.d/cisco.yml

cisco.yml

Run the following command on Filebeat server.

# ./filebeat modules enable cisco
# filebeat setup -e
# service filebeat start

index on elasticsearch automatically created

elasticsearch Observability

Dockerfile

FROM docker.elastic.co/beats/filebeat:7.11.1
COPY filebeat.yml /usr/share/filebeat/filebeat.yml
COPY cisco.yml /usr/share/filebeat/modules.d/cisco.yml
USER root
RUN filebeat modules enable cisco
RUN filebeat setup