All Apps and Add-ons

Cisco Security Suite v2 Summary Page not showing firewall messages

Explorer

Just updated to the newest version of the Cisco Security Suite, I have the IPS and Firewall Add-Ons configured. However on the main page, shows me a map (using google maps which is working properly and below those is a bar graph for Cisco Security Events, however the only Cisco Security Events showing are "Ciscoips" and "Ciscosyslogtypes"m yet if I manually go to searches, and search for "eventtype=*" I see "ciscofirewall", so the events are there, they are just not showing up on the "Splunk for Cisco Security" summary page.

Any thoughts?

0 Karma
1 Solution

Explorer

Yep this fixed it:

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

View solution in original post

0 Karma

Explorer

Yep this fixed it:

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

View solution in original post

0 Karma

Path Finder

Also, see here for more info: for some reason they changed the default transforms.conf file in 2.0 so it's not properly source typing any more:

http://splunk-base.splunk.com/answers/74070/splunk_ciscofirewalls-cisco-security-suite-to-20-not-set...

Be sure to follow the directions given -- do not edit the default/transforms.conf -- instead, add your own transforms.conf in local and add the corrected stanza.

0 Karma

Explorer

Yep this fixed it.

0 Karma

Explorer

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

0 Karma