Hello everyone,
I was curious if someone could help me finding an app for splunk that will provide syslogs of my cisco network gear? (IE if someone changes a vlan or shuts a port) I can look up their user name or switch name, and it will provide me the time stamp, command that was ran and who did it
I used this a a prior employer and want to get this implements where I am employed now. This was good when there were outages and no one spoke up, accountability and training.
A good idea is to have a test/dev environment, so that you can test the outcome before putting the config into production.
Perhaps the app you are refering to is this one?
https://splunkbase.splunk.com/app/1352/#/overview
You can use a 60day Splunk trial to experiment with the cisco data and apps, or you may also consider applying for a developer license.
Have you searched Splunkbase for add-ons to support the equipment in question?
https://splunkbase.splunk.com/apps/#/search/cisco/product/all
Here is the ASA addon for example, which will normalize change events
https://docs.splunk.com/Documentation/AddOns/released/CiscoASA/DataTypes
https://splunkbase.splunk.com/app/1620/#/details
@chaker I did look though the product page, but not sure which Cisco one has the feature I am looking for. There are a few and I don't want to provide the team at my company to try each app until we get the right one, if it can be avoided.