Getting Data In

Cisco Firewall Add-On

Engager

I downloaded and installed the Cisco Firewall Add-On and it properly renamed the sourcetype of my ASA, FWSM and PIX firewall events to cisco_firewall. The problem is when I open the real time firewall dashboard, it works great for about 30 sec. and then all the pie charts disappear as well as the firewall-accept firewall-deny, and firewall-teardown sections on the bar graph at the top of the chart. Also, the Cisco firewall overview doesn't bring up anything. Any help would be appreciated. Thank you.

-John

Tags (2)

Engager

IE 7, I've also tried it on the newest version of Firefox with the same results..

0 Karma

Splunk Employee
Splunk Employee

John, what browser and version are you using?

0 Karma

Super Champion

I'm not familiar with the Cisco Firewall add on, so this is pretty general advice...

Have you attempted to manually run any of the searches used by the various views? Often if you dissect the search you can track down the root issue. You may want to start with just the very core search command (which is the part of the search before the first pipe (|) character) and make sure that is returning events. If it is not, then figure that out first. If you are getting events, then try rebuilding the search adding one search command at a time until you figure out at which point the problem is occurring.

If you can find a more specific reason (or eliminate possible reasons) as to why you are having this problem, you can add additional details to you question here (use the "edit" link under your question) and hopefully someone here can point you in the right direction.

0 Karma