Few days back, have integrated a CISCO switch with RSA envision and we were receivng the logs.
Suddunly it stops to send the logs.
Switch is reachable from RSA envision collector.
Switch end collector IP is place properly.
Logging level is set to 7.
Please let me know what would be the reason for logs are not coming?
Check to see if there is an unknown device with the same IP address in Envision. Also check to see if the switch device is marked as a multi device in Envision.
In my experience Cisco Switches don't send alot of data, you might try and run some commands on the switch to see if they show up.
Be shure of:
Visibility between switch and enVision. The UDP packets are "one way". Is there a firewall between them?
Cisco switch is sending logs. Use logging console command or debug ip packet to see if the box are generating syslog packets.
The source IP address for syslog packets is correct.