All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Significant issues with props.conf in Splunk Add-on Cisco for ASA

ckurtz
Path Finder
‎01-02-2014 12:38 PM

The sourcetype declarations in default/props.conf are severely flawed, and would make changes far outside the scope of the app if implemented as they are now.

Each sourcetype includes unacceptable wildcards (such as "everything ending in asa" and ("all tcp/udp inputs") that are very dangerous. Examples for the file:

[source::....asa]
sourcetype = cisco:asa
[source::tcp*]
TRANSFORMS-x = force_sourcetype_for_cisco_asa
[source::udp*]
TRANSFORMS-x = force_sourcetype_for_cisco_asa

At the very least, these should be commented out and have instructions on how to specify the user's own cisco asa sourcetype.

Reply
1 Solution
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎01-02-2014 12:43 PM

Agreed, these issues have been reported to Splunk internally and will be evaluated for the next major release of this particular app. At this point, no ETA exists.

View solution in original post

Reply
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎01-02-2014 12:43 PM

Agreed, these issues have been reported to Splunk internally and will be evaluated for the next major release of this particular app. At this point, no ETA exists.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...