Re: Technology Add-on for Cisco Secure Access Cont...

nychawk · ‎02-02-2016

Greetings;

I plan to install the Cisco ACS TA on all of my universal forwarders (those receiving syslog data from ACS), Indexer cluster, and search head cluster. I am already receiving and reporting on Cisco ISE, ASA, and ESA logs, but see no option to turn on reporting for ACS logs.

It's great that this TA does CIM compliant indexing; I use ES, but is there an app some place to render reports for this sourcetype?

Any recommendations for searches that might lead up to a dashboard and/or report?

Thank you in advance.

dshpritz · ‎02-02-2016

Hello nychark,

I'm afraid that the TA only handles the parsing. I'm not aware of any apps that handle visualizations specifically for ACS events. Also, you don't need to install the TA on all of your UFs, only on your indexers, search heads, and any heavy forwarders that may parse the data.

Thanks,

Dave

nychawk · ‎02-02-2016

Thank you David, greatly appreciate the quick response!

Do you have any useful queries that you can share?

dshpritz · ‎02-02-2016

I'm afraid not (they are all stuck at customer sites). I've used the authentication data model to create some dashboards, but I'm afraid it's not something sharable. I just seem to be full of non-answers 😞

nychawk · ‎02-02-2016

I can respect that, and THANK YOU for the TA!

Technology Add-on for Cisco Secure Access Control Server (ACS): Are there recommended searches for reporting on this sourcetype?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation