Issue with Cisco Umbrella log collection

Divya9326 · ‎09-08-2019

Hi All,

We are collecting cisco umbrella logs from cisco managed S3 bucket by creating a cron job on splunk HF . This setup was working completely fine till last week, but we have stopped receiving logs from umbrella all of a sudden. There were no changes made to the cron job or the security keys which were given initially for integration with Cisco umbrella. Kindly help me to rectify the issue.

Cron job : */5 * * * * splunkflk /opt/umbrella_pull_logs/pull-umbrella-logs.sh &2>1 >/data/cisco_umbrella_logs/pull-umbrella.log

sdot312 · ‎02-03-2021

Did you ever get this to work?

Divya9326 · ‎09-12-2019

when we ran the script manually, we got an error for time difference, as we do not have NTP in place. As I reset the time logs got downloaded. But now the cron is pulling logs automatically every 5 mins as per the schedule.

tkopchak · ‎09-09-2019

Divya9326,

What happens when you run the script to pull the logs manually? Do you get any output or error messages?

Divya9326 · ‎09-12-2019

When we ran the script manually, we got an error for time sync. There was time difference on the server. Once this was sorted, we started receiving the logs. But now, the script is not running as per the schedule. logs are getting downloaded only when we run the script manually.

Issue with Cisco Umbrella log collection

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023