Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Indexing Huawei Firewall device logs into Splunk

eidil
Explorer
‎10-21-2020 09:49 PM

Hi,

I am trying to ingest huawei USG6650 device logs but it seems that no app is available in splunk base for this purpose. Is there any other way/guide for this?

Labels (1)
Labels
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-22-2020 07:05 AM

There are several ways to get data into Splunk.

1) Install a Universal Forwarder on the device to send logs to Splunk

2) Have the device send syslog events to Splunk via rsyslog, syslog-ng, or Splunk Connect for Syslog

3) Write a script that uses the device's API to extract data and index it in Splunk

4) Use Splunk DB Connect to extract data from the device's SQL database

5) Have the device send events directly to Splunk using HTTP Event Collector (HEC)

Which one you use will depend on the device and it's capabilities.

---
If this reply helps you, Karma would be appreciated.
Reply

eidil
Explorer
‎10-22-2020 06:45 PM

Sorry for the confusion, but my intention is to know how the huawei device data can be indexed in splunk and populated with important fields/formats that can be used for such as ESS app.

seems that for cisco appliances, you can use TA-cisco-app for the logs to be populated with important fields. Any alternatives for huawei devices?

Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2020 05:43 AM
Yes, and I listed five such alternatives. In each, however, you must extract fields yourself.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-22-2020 09:39 PM

Hi @eidil .. some devices, like cisco firewall, will have apps/add-ons, technical addons, etc,.. they are generally created by Splunk or Device owners themselves/or some Splunk Consultants, Engineers, Developers. 

in the same way, some devices,..generally new or not famous devices, i know huawei devices are famous, but it may happen at times that, these devices may not have addons on SplunkBase. 

so, the alternative approaches are - As @richgalloway suggested clearly. 

 

As per understanding, firewall devices are good candidate for Syslog - Splunk integration. 

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...