All Apps and Add-ons

Has anyone been successful with bringing in data from Blue Coat Packet Shapers 1700 and 7500 series

Emittim3
Engager

Has anyone been successful in bringing in data from Blue Coat Packet Shapers models 1700 and 7500?

The Blue Coat ProxySG app seems a bit more tailored to just their ProxySG devices, so it was not evident if the app nor how it is set to bring in data could be re-used for the Packet Shaper devices.

Thanks much!

0 Karma

Emittim3
Engager

The latest update I have here is that it is possible to obtain data from Blue Coat Packet Shaper appliances into Splunk (which was expected).

There are three methods this can be accomplished:
1) Syslog - Blue Coat Packet Shapers can have customer events be logged through the syslog facility. As well, general messaging from the devices can be sent via syslog. At this point, it remains to be seen if the detailed information that is required for my use case is available through syslog.
2) SNMP - Same as syslog, custom events and general information are available via custom Blue Coat MIBS through SNMP.
3) Blue Coat Packet Shapers doe have remote telnet and ssh capabilities and a decent CLI is available on the devices. So, theoretically as remote shell could be created to log into the devices and run CLI commands, capturing the output into a file that Splunk monitors and ingests.

All of the above methods are viable, but I've yet to actually perform the activities to bring data into Splunk and explore if we can accurately and completely obtain data points on the bandwidth (and bandwidth constraints) on each Blue Coat device, and thus provide proactive management and historical trend information on the devices and across all as a whole.

I'll work to provide more information to this question/posting as I move forward so that others might receive value from it.

wiederkehrc
Explorer

Did you ever get the PacketShaper data in to Splunk? Which approach did you end up using?

Regards

Chris

Tags (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...