{ "name": "cisco_ios", "title": "Cisco IOS", "version": "1.35.3", "release": "ga", "description": "Collect logs from Cisco IOS with Elastic Agent.", "type": "integration", "download": "/epr/cisco_ios/cisco_ios-1.35.3.zip", "path": "/package/cisco_ios/1.35.3", "icons": [ { "src": "/img/cisco.svg", "path": "/package/cisco_ios/1.35.3/img/cisco.svg", "title": "cisco", "size": "216x216", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "network", "security" ], "signature_path": "/epr/cisco_ios/cisco_ios-1.35.3.zip.sig", "format_version": "3.0.3", "readme": "/package/cisco_ios/1.35.3/docs/README.md", "license": "basic", "assets": [ "/package/cisco_ios/1.35.3/LICENSE.txt", "/package/cisco_ios/1.35.3/changelog.yml", "/package/cisco_ios/1.35.3/manifest.yml", "/package/cisco_ios/1.35.3/validation.yml", "/package/cisco_ios/1.35.3/docs/README.md", "/package/cisco_ios/1.35.3/img/cisco.svg", "/package/cisco_ios/1.35.3/kibana/tags.yml", "/package/cisco_ios/1.35.3/data_stream/log/manifest.yml", "/package/cisco_ios/1.35.3/data_stream/log/sample_event.json", "/package/cisco_ios/1.35.3/docs/knowledge_base/service_info.md", "/package/cisco_ios/1.35.3/data_stream/log/fields/agent.yml", "/package/cisco_ios/1.35.3/data_stream/log/fields/base-fields.yml", "/package/cisco_ios/1.35.3/data_stream/log/fields/ecs.yml", "/package/cisco_ios/1.35.3/data_stream/log/fields/fields.yml", "/package/cisco_ios/1.35.3/data_stream/log/agent/stream/stream.yml.hbs", "/package/cisco_ios/1.35.3/data_stream/log/agent/stream/tcp.yml.hbs", "/package/cisco_ios/1.35.3/data_stream/log/agent/stream/udp.yml.hbs", "/package/cisco_ios/1.35.3/data_stream/log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "cisco_ios", "title": "Cisco IOS logs", "description": "Collect logs from Cisco IOS instances", "inputs": [ { "type": "tcp", "title": "Collect logs from Cisco IOS via TCP", "description": "Collecting logs from Cisco IOS via TCP" }, { "type": "udp", "title": "Collect logs from Cisco IOS via UDP", "description": "Collecting logs from Cisco IOS via UDP" }, { "type": "logfile", "title": "Collect logs from Cisco IOS via file", "description": "Collecting logs from Cisco IOS via file" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "cisco_ios.log", "title": "Cisco IOS logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-ios", "forwarded" ] }, { "name": "syslog_host", "type": "text", "title": "Host to listen on", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "multi": false, "required": true, "show_user": true, "default": 9002 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": true, "show_user": false, "default": "UTC" }, { "name": "tz_map", "type": "yaml", "title": "Timezone Map", "description": "A combination of timezones as they appear in the Cisco IOS log, in combination with a proper IANA Timezone format", "multi": false, "required": false, "show_user": false, "default": "#- tz_short: AEST\n# tz_long: Australia/Sydney\n" }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Cisco IOS logs", "description": "Collect Cisco IOS logs", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-ios", "forwarded" ] }, { "name": "syslog_host", "type": "text", "title": "Host to listen on", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "multi": false, "required": true, "show_user": true, "default": 9002 }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": true, "show_user": false, "default": "UTC" }, { "name": "tz_map", "type": "yaml", "title": "Timezone Map", "description": "A combination of timezones as they appear in the Cisco IOS log, in combination with a proper IANA Timezone format", "multi": false, "required": false, "show_user": false, "default": "#- tz_short: AEST\n# tz_long: Australia/Sydney\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate: \"/etc/server/cert.pem\"\n#key: \"/etc/server/key.pem\"\n" }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input. See [TCP](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) for details.", "multi": false, "required": false, "show_user": false, "default": "#max_connections: 1\n#framing: delimiter\n#line_delimiter: \"\\n\"\n" } ], "template_path": "tcp.yml.hbs", "title": "Cisco IOS logs", "description": "Collect Cisco IOS logs", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/cisco-ios.log" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-ios", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": true, "show_user": false, "default": "UTC" }, { "name": "tz_map", "type": "yaml", "title": "Timezone Map", "description": "A combination of timezones as they appear in the Cisco IOS log, in combination with a proper IANA Timezone format", "multi": false, "required": false, "show_user": false, "default": "#- tz_short: AEST\n# tz_long: Australia/Sydney\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "stream.yml.hbs", "title": "Cisco IOS logs", "description": "Collect Cisco IOS logs from file", "enabled": false, "ingestion_method": "File" } ], "package": "cisco_ios", "path": "log" } ] }