This code will query Cisco DNA Center for its audit log every [defined period of time], in order to convert the events to an external program/platform using Syslog.
-
Technology stack: Python + Docker (optional)
-
Status: Alpha, designed to prove the ability and openess of Cisco DNA Center.
-
Screenshot:
Cisco DNA Center's audit log screen:
Even though Cisco DNA Center is a cutting edge solution, some of our customers are using existing monitoring and SIEM systems that use legacy protocols. In this case - syslog. As Cisco DNA Center is not designed to export its audit log via syslog - this code bridges that gap, allowing the customer to leverage existing syslog-based solution.
This solution is NOT using DNACaaP APIs, but private APIs. They might stop working in future releases.
docker run -d obrigg/cisco-dnac-platform-syslog-audit --dnac_ip 'DNAC-IP' --syslog_ip 'SYSLOG-SERVER-IP' --password 'password'
- Enable Cisco DNA-C as a Platform
- Enable "DNA Center REST API" Bundle
Additional arguments that may help:
- --verbose: for elaborated outputs.
- --dnac_port: if the HTTPS port is different than the default 443.
- --syslog_port: if the syslog port is different than the default 514.
- --period: if you'd like to pulling to be different than 5 minutes.
- --token_refresh: if you'd like the token refresh time to be different than 50 minutes.
Copyright (c) 2019 Cisco and/or its affiliates.
This software is licensed to you under the terms of the Cisco Sample Code License, Version 1.1 (the "License"). You may obtain a copy of the License at
https://developer.cisco.com/docs/licenses
All use of the material herein must be in accordance with the terms of the License. All rights not expressly granted by the License are reserved. Unless required by applicable law or agreed to separately in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.