All Apps and Add-ons

Issue with Cisco Umbrella log collection

New Member

Hi All,

We are collecting cisco umbrella logs from cisco managed S3 bucket by creating a cron job on splunk HF . This setup was working completely fine till last week, but we have stopped receiving logs from umbrella all of a sudden. There were no changes made to the cron job or the security keys which were given initially for integration with Cisco umbrella. Kindly help me to rectify the issue.

Cron job : */5 * * * * splunkflk /opt/umbrella_pull_logs/pull-umbrella-logs.sh &2>1 >/data/cisco_umbrella_logs/pull-umbrella.log

0 Karma

New Member

when we ran the script manually, we got an error for time difference, as we do not have NTP in place. As I reset the time logs got downloaded. But now the cron is pulling logs automatically every 5 mins as per the schedule.

0 Karma

SplunkTrust
SplunkTrust

Divya9326,

What happens when you run the script to pull the logs manually? Do you get any output or error messages?

0 Karma

New Member

When we ran the script manually, we got an error for time sync. There was time difference on the server. Once this was sorted, we started receiving the logs. But now, the script is not running as per the schedule. logs are getting downloaded only when we run the script manually.

0 Karma