Log Manager for Routers and Switches can collect data from Cisco IOS routers and switches and from Cisco VPN Concentrator. Log Manager for Routers and Switches collects all data you configure Cisco to send to the Windows agent.

Log Manager for Routers and Switches collects events from logs and stores them in secure repositories so you can archive this data, create reports for management or auditing purposes, and analyze critical events to research issues.

Supported Products

This release supports the following products:

• Cisco IOS 12.3
• Cisco IOS 12.4
• Cisco VPN Concentrator 4.0
• Cisco VPN Concentrator 4.1
• Cisco VPN Concentrator 4.7

Return to Top

Why Install This Module?

Log Manager for Routers and Switches provides support for Cisco VPN Concentrator when you configure Cisco VPN Concentrator software to report syslog messages in Cisco IOS format.

Improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.

Return to Top

System Requirements

The following table lists additional requirements for a Windows agent monitoring Cisco IOS and Cisco VPN Concentrator. For more information about agent requirements, see the Installation Guide for NetIQ Security Manager.

Category	Requirement
Processor	1.5 GHz Intel Pentium III or equivalent.
Memory	40 MB minimum. The amount of memory usage varies and depends on the environment, including event rate and other factors. Memory use for a Windows agent monitoring Cisco IOS or Cisco VPN could reach 256 MB or higher.
Operating System	All supported Windows agent platforms.
Software	Ensure you have Security Manager 6.0 or later installed. A Windows agent can monitor one or more Cisco IOS or Cisco VPN Concentrator devices. For more information about the number of instances one agent can support, see the NetIQ Security Manager Knowledge Base article NETIQKB51404 at www.netiq.com/support/sm/. If the Cisco device and the agent are separated by a firewall, ensure the firewall allows syslog data through. Use a unique agent for each platform sending syslog events. For example, use separate agents to monitor NetScreen and Cisco IOS. Install the Windows agent with Cisco support on a separate computer from the database server or central computer.

Return to Top

Installing This Module

You can install this module using the Module Installer. After you install the module, run the Configuration Wizard to configure the module. For more information about how to follow the Configuration Wizard, click the Help icon in the lower left of the wizard.

Return to Top

Configuring the Agent

Add the name and IP address of the Cisco IOS or Cisco VPN Concentrator device to the Hosts file on the Windows agent computer. For more information about the Hosts file, see the Windows documentation.

Return to Top

Configuring Cisco IOS and Cisco VPN Concentrator

Cisco IOS and Cisco VPN Concentrator sends syslog events to a Windows agent computer. This section describes how to configure each Cisco device to send syslog events to a Windows agent computer.

On the computer where Cisco IOS or Cisco VPN Concentrator is installed:

• Ensure the router has logging enabled.
• Ensure the router sends logging information through UDP Syslog to the IP address of the Security Manager agent.
• Ensure the router reports only the messages with the severity you want to monitor.
• If you are using Cisco VPN Concentrator, configure Cisco VPN Concentrator to report messages in Cisco IOS format.
• If you are using Cisco IOS and you want Security Manager to use the time stamp from the Cisco IOS syslog messages, ensure the time stamp includes a time zone and a date with a year and milliseconds. Do not use the uptime option.

Note If your Cisco IOS syslog messages do not have a time stamp, Security Manager uses the local time of the agent for the log message time.

Return to Top

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

• Configuration Not Preserved After Upgrade
• Previous Data Not Formatted Correctly in Forensic Report
• Rules Not Upgraded

Configuration Not Preserved after Upgrade

In some environments, configuration information is not maintained after you upgrade to this version. The upgrade removes all configuration information in some cases, but only partial information in other situations. After you upgrade, run the configuration wizard and verify all information. (ENG238593)

Previous Data Not Formatted Correctly in Forensic Report

With this version, Security Manager records data differently than in previous versions. Reports in this version do not properly display data gathered using the old structure. When you perform a forensic query, only use data gathered using this version. (ENG237854)

Rules Not Upgraded

In some environments, rules provided with this version do not properly install when you upgrade. The old rule does not work after upgrade. If you see this issue, contact NetIQ Technical Support for assistance in resolving the issue.

Return to Top

Contact Information

Please contact us with your questions and comments. We look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

Return to Top

Legal Notice

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

© 2009 NetIQ Corporation. All Rights Reserved.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.

ActiveAgent, ActiveAnalytics, ActiveAudit, ActiveReporting, ADcheck, Aegis, AppAnalyzer, AppManager, the cube logo design, Change Administrator, Change Guardian, Compliance Suite, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowing is Everything, Knowledge Scripts, Mission Critical Software for E-Business, MP3check, NetConnect, NetIQ, the NetIQ logo, the NetIQ Partner Network design, Patch Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Risk and Compliance Center, Secure Configuration Manager, Security Administration Suite, Security Analyzer, Security Manager, Server Consolidator, VigilEnt, Vivinet, Vulnerability Manager, Work Smarter, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.

Return to Top