Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Indexing Huawei Firewall device logs into Splunk

eidil
Explorer
‎10-21-2020 09:49 PM

Hi,

I am trying to ingest huawei USG6650 device logs but it seems that no app is available in splunk base for this purpose. Is there any other way/guide for this?

Labels (1)
Labels
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-22-2020 07:05 AM

There are several ways to get data into Splunk.

1) Install a Universal Forwarder on the device to send logs to Splunk

2) Have the device send syslog events to Splunk via rsyslog, syslog-ng, or Splunk Connect for Syslog

3) Write a script that uses the device's API to extract data and index it in Splunk

4) Use Splunk DB Connect to extract data from the device's SQL database

5) Have the device send events directly to Splunk using HTTP Event Collector (HEC)

Which one you use will depend on the device and it's capabilities.

---
If this reply helps you, Karma would be appreciated.
Reply

eidil
Explorer
‎10-22-2020 06:45 PM

Sorry for the confusion, but my intention is to know how the huawei device data can be indexed in splunk and populated with important fields/formats that can be used for such as ESS app.

seems that for cisco appliances, you can use TA-cisco-app for the logs to be populated with important fields. Any alternatives for huawei devices?

Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2020 05:43 AM
Yes, and I listed five such alternatives. In each, however, you must extract fields yourself.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

inventsekar
Super Champion
‎10-22-2020 09:39 PM

Hi @eidil .. some devices, like cisco firewall, will have apps/add-ons, technical addons, etc,.. they are generally created by Splunk or Device owners themselves/or some Splunk Consultants, Engineers, Developers. 

in the same way, some devices,..generally new or not famous devices, i know huawei devices are famous, but it may happen at times that, these devices may not have addons on SplunkBase. 

so, the alternative approaches are - As @richgalloway suggested clearly. 

 

As per understanding, firewall devices are good candidate for Syslog - Splunk integration. 

0 Karma
Reply
Get Updates on the Splunk Community!

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...