All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get Cisco IPS logs in Spunk Cloud

raomu
Explorer
‎02-25-2018 10:06 PM

Hello,

I am using Splunk Managed cloud service ( SH and Indexers are in Cloud)

I have 2 Heavy forwarder in my environment ( on premises )

I am trying to install and configure CISCO IPS logs in Spunk and have few questions:

Step 1) IPS and Splunk are pingable with no firewall between them. Do I also need to check for any specific also ports to opened ?

Step 2) I have installed CISCO IPS add on to my heavy forwarder. Do I also need to install the add-on on Indexers and SH as well ?

Setp 3) Do we also have any app for supporting this Add-on ? ( Although, I have Enterprise Security installed already )

Step 4) If I have more than 1 IPS devices, how I am going to configure them ?

Please advice.

Tags (1)
0 Karma
Reply

mayurr98
Super Champion
‎02-25-2018 11:28 PM

hey @raomu

You need to install this add-on indexers and search-head as well. refer this doc for the same.

No, I can not see any app for supporting add-on

To configure this add-on you should follow this doc.
http://docs.splunk.com/Documentation/AddOns/released/CiscoIPS/Configureinputs

I think referring below doc will solve all your problems.Read it carefully and follow steps.
http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/About

let me know if this helps!

0 Karma
Reply
Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...