All Apps and Add-ons

How to get Cisco IPS logs in Spunk Cloud

raomu
Explorer

Hello,

I am using Splunk Managed cloud service ( SH and Indexers are in Cloud)

I have 2 Heavy forwarder in my environment ( on premises )

I am trying to install and configure CISCO IPS logs in Spunk and have few questions:

Step 1) IPS and Splunk are pingable with no firewall between them. Do I also need to check for any specific also ports to opened ?

Step 2) I have installed CISCO IPS add on to my heavy forwarder. Do I also need to install the add-on on Indexers and SH as well ?

Setp 3) Do we also have any app for supporting this Add-on ? ( Although, I have Enterprise Security installed already )

Step 4) If I have more than 1 IPS devices, how I am going to configure them ?

Please advice.

Tags (1)
0 Karma

mayurr98
Super Champion

hey @raomu

You need to install this add-on indexers and search-head as well. refer this doc for the same.

No, I can not see any app for supporting add-on

To configure this add-on you should follow this doc.
http://docs.splunk.com/Documentation/AddOns/released/CiscoIPS/Configureinputs

I think referring below doc will solve all your problems.Read it carefully and follow steps.
http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/About

let me know if this helps!

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!