https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67348#M13541 <P>Splunk Team,</P> <P>I'm looking for log management/application profiling from Cisco ASA Firewall. <BR /> On Firewall, syslog-udp/514 is enabled towards splunk server whereas Syslog id - 106100 is disabled for all firewall policies. </P> <P>Currently, threat-detection is also disabled. </P> <P>What do I need to get application profiling ( like total hits per ACL) working. </P> <P>Thanks <BR /> ~rk</P> Tue, 30 Aug 2011 22:39:26 GMT rkarnani 2011-08-30T22:39:26Z https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67348#M13541 <P>Splunk Team,</P> <P>I'm looking for log management/application profiling from Cisco ASA Firewall. <BR /> On Firewall, syslog-udp/514 is enabled towards splunk server whereas Syslog id - 106100 is disabled for all firewall policies. </P> <P>Currently, threat-detection is also disabled. </P> <P>What do I need to get application profiling ( like total hits per ACL) working. </P> <P>Thanks <BR /> ~rk</P> Tue, 30 Aug 2011 22:39:26 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67348#M13541 rkarnani 2011-08-30T22:39:26Z https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67349#M13542 <P>you may be interested in the Splunk for Cisco Firewalls add-on:<BR /> <A href="http://splunk-base.splunk.com/apps/22303/splunk-for-cisco-firewalls">http://splunk-base.splunk.com/apps/22303/splunk-for-cisco-firewalls</A></P> <P>which is part of the Splunk for Cisco Security Suite:<BR /> <A href="http://splunk-base.splunk.com/apps/22300/cisco-security-suite">http://splunk-base.splunk.com/apps/22300/cisco-security-suite</A></P> Tue, 30 Aug 2011 23:01:36 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67349#M13542 piebob 2011-08-30T23:01:36Z https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67350#M13543 <P>+1 on the already-built apps. They may not have exactly the view you're looking for, but they may have a starting point you can more quickly adapt from.</P> Tue, 30 Aug 2011 23:04:29 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67350#M13543 dwaddle 2011-08-30T23:04:29Z https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67351#M13544 <P>Thanks Piebob ! <BR /> I have installed Cisco Firewall add-on. <BR /> Although I haven't yet enabled syslog forwarding to splunk servers, the question is will it get all information for <EM>allowed</EM> firewall polices also ? </P> <P>~rk </P> Wed, 31 Aug 2011 13:40:28 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-firewall-logging/m-p/67351#M13544 rkarnani 2011-08-31T13:40:28Z