I need search logs in splunk of CISCO's equipment
-what port flapping
-all of relation with mac address and port security
-High CPU loads
-crash of the equipment
-HCRP
-sesions BGP
-failed attempts to console and vty access
how I would can??
Hi dieguito, I think that implementing the Cisco App for Splunk will address these needs : https://apps.splunk.com/app/1352/
Please let me know if this answers your question 😄
You need to read the documentation on the Apps that you downloaded for Cisco. I would recommend using the Splunk provided apps and not the "homegrown" app above. When you have these apps installed you need to make sure your sourcetypes line up with the ones specified in the application. Also make sure your index is correct with the dashboard search. To check this click the magnifying glass beside the dashboard and see what it's searching on.
Source types for the Splunk Add-on for Cisco ASA
Source type
cisco:asa The system logs of Cisco ASA record user authentication, user session, VPN and intrusion messages. Authentication, Change Analysis, Network Sessions, Network Traffic, Malware
cisco:fwsm The system logs of Cisco FWSM record user authentication, user session, and firewall messages. Authentication, Network Sessions, Network Traffic
cisco:pix The system logs of Cisco PIX record user authentication, user session, and intrusion messages. Authentication,Network Sessions, Network Traffic
hello,the splunk already have the application of cisco, but in the dashbord dont have more information That's why I need the comand of put in the search and reporting...
were you able to follow the documentation outlining the app's installation steps? It is a fairly complex app, but the documentation should be helpful.
One way I've been successful is to forward Cisco logs to a Syslog server (Splunk). Another way would be Forwarding SNMP events.
yes Mr.
the logs are in the server splunk , but I do not know how search in the splunk.