Skip to main content
Taher11
Taher11
Explorer II
February 13, 2024
Question

Device can't be automatically added to CMDB

  • February 13, 2024
  • 1 reply
  • 1597 views

Hello team,

I have successfully configured our main L3 switches to send Syslog to our centralized Fortisiem log server, but with all of that done nothing was discovered by the CMDB.

Bellow the conf in the Cisco switch, the 64.55 is the IP address for the fortisiem.

Screenshot 2024-02-13 075047.png

    1 reply

    adem_netsys
    adem_netsys
    Explorer III
    February 13, 2024

    Hi @Taher11 

     

    Actually, when you send syslog to SIEM, you don't have to do discovery. it should automatically add it. I suggest you open tcpdump, you can check if the log is coming to SIEM

    Taher11
    Taher11Author
    Explorer II
    February 13, 2024

    Exactly @adem_netsys , but nothing was seen as syslog from that particular switch when running tcpdump on the fortisiem.

     

    Screenshot 2024-02-13 080220.png

    adem_netsys
    adem_netsys
    Explorer III
    February 13, 2024

    In this case, we can say that syslog is not going to SIEM. If there is an FW in between, you need to check the permissions there.

      Terms & ConditionsAccessibility statement