Solved: Cisco Security Suite v2 Summary Page not showing f...

SOcchiogrosso · ‎02-05-2013

Just updated to the newest version of the Cisco Security Suite, I have the IPS and Firewall Add-Ons configured. However on the main page, shows me a map (using google maps which is working properly and below those is a bar graph for Cisco Security Events, however the only Cisco Security Events showing are "Cisco_ips" and "Cisco_syslog_types"m yet if I manually go to searches, and search for "eventtype=*" I see "cisco_firewall", so the events are there, they are just not showing up on the "Splunk for Cisco Security" summary page.

Any thoughts?

SOcchiogrosso · ‎02-05-2013

Yep this fixed it:

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

View solution in original post

SOcchiogrosso · ‎02-05-2013

Yep this fixed it:

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

dbylertbg · ‎05-24-2013

Also, see here for more info: for some reason they changed the default transforms.conf file in 2.0 so it's not properly source typing any more:

http://splunk-base.splunk.com/answers/74070/splunk_ciscofirewalls-cisco-security-suite-to-20-not-set...

Be sure to follow the directions given -- do not edit the default/transforms.conf -- instead, add your own transforms.conf in local and add the corrected stanza.

SOcchiogrosso · ‎02-05-2013

Yep this fixed it.

SOcchiogrosso · ‎02-05-2013

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

Cisco Security Suite v2 Summary Page not showing firewall messages

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms