Cisco Serializer

Overview

The Cisco Serializer transform is designed to serialize Cisco log events into formats compatible with specific observability destinations, such as Azure Sentinel, Splunk, or Socket. It allows seamless integration of Cisco logs into your observability pipeline, enhancing log management and event tracking.

Configuration Parameters

Name

Type: String

User-specified name of the Cisco Serializer source. This name is used in various parts of the system, such as pipeline views, to identify and reference the Cisco Serializer configuration.

Description

Type: String

A brief description of the Cisco Serializer source’s role within the observability pipeline.

Serializer

Enabled

Type: Boolean

Enables or disables the Cisco Serializer. Set to true to activate the transform, and false to deactivate it.

Cisco Field Name

Type: String

The field name that contains Cisco log data. This is a required field and cannot be left empty.

Cisco Metadata Field

Type: String

Specifies the metadata field used when the Cisco parser was added. This is a required field for ensuring proper log data mapping.

Output

Type: Enum

The output destination where the serialized Cisco logs will be sent. Supported output options include:

Examples

Example 1: Basic Cisco Serializer Configuration

Suppose you want to serialize logs for Cisco devices with the metadata field log.metadata.cisco and send it to an Azure Sentinel destination.

• Name: CiscoSerializer1

• Cisco Field Name: log.data.cisco

• Cisco Metadata Field: log.metadata.cisco

• Output: Azure Sentinel

Example 2: Splunk Destination

If you're working with Splunk as the destination, here’s how you would set it up:

• Name: CiscoToSplunk

• Cisco Field Name: log.event.cisco

• Cisco Metadata Field: log.meta.cisco

• Output: Splunk

This configuration will serialize all Cisco log events and send them to Splunk for further analysis and monitoring.