Re: How to get Cisco IPS logs in Spunk Cloud

raomu · ‎02-25-2018

Hello,

I am using Splunk Managed cloud service ( SH and Indexers are in Cloud)

I have 2 Heavy forwarder in my environment ( on premises )

I am trying to install and configure CISCO IPS logs in Spunk and have few questions:

Step 1) IPS and Splunk are pingable with no firewall between them. Do I also need to check for any specific also ports to opened ?

Step 2) I have installed CISCO IPS add on to my heavy forwarder. Do I also need to install the add-on on Indexers and SH as well ?

Setp 3) Do we also have any app for supporting this Add-on ? ( Although, I have Enterprise Security installed already )

Step 4) If I have more than 1 IPS devices, how I am going to configure them ?

Please advice.

mayurr98 · ‎02-25-2018

hey @raomu

You need to install this add-on indexers and search-head as well. refer this doc for the same.

No, I can not see any app for supporting add-on

I think referring below doc will solve all your problems.Read it carefully and follow steps.
http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/About

let me know if this helps!

How to get Cisco IPS logs in Spunk Cloud