Skip to content

[cisco_ios] Support the Kiwi syslog format #14293

New issue
New issue
Closed
Enhancement
#14294
Closed
[cisco_ios] Support the Kiwi syslog format#14293
Enhancement
#14294
Assignees
taylor-swanson
Labels
Integration:cisco_iosCisco IOSTeam:Security-Deployment and DevicesDEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]enhancementNew feature or request
@taylor-swanson

Description

@taylor-swanson
taylor-swanson
opened on Jun 23, 2025

Example of the Kiwi syslog format:

<190>Original Address=192.168.0.1 1 2025-06-23T16:13:32.168Z ns-host-1 kiwi-syslog-test 3356 MSGOUT TEST-HOST: *Jun 23 15:52:38.534: %SYS-6-LOGOUT: User test-user has exited tty session 1(192.168.0.1)

The Kiwi Syslog server alters the original Cisco IOS log by inserting a Original Address=IP at the beginning of the log, along with an RFC 5424 header. By removing this header, the rest of the message is a standard Cisco IOS format that can be used with the existing pipeline.

Metadata

Metadata

Assignees

Labels

Integration:cisco_iosCisco IOSTeam:Security-Deployment and DevicesDEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]enhancementNew feature or request

Type

Enhancement

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions