Hello everybody, We have four Cisco ipsen. As described in the manual, the Cisco IPS Addon was installed.

The Cisco IPS Addon works as far as:

*2387 3/17/11 1:31:01.000 PM Thu Mar 17 13:31:01 2011 - INFO - Successfully connected to: xxx.xxx.xxx.xxx* host = test Options | sourceType = sdee_connection Options | source = / var / splunk / var / log / splunk / sdee_get.log Options | type = unix-all-logs option

2388 3/17/11 1:31:01.000 PM Thu Mar 17 13:31:01 2011 - INFO - Attempting to connect to sensor: xxx.xxx.xxx.xxx host = test Options | sourceType = sdee_connection Options | source = / var / splunk / var / log / splunk / sdee_get.log Options | type = unix-all-logs option

2389 3/17/11 **1:31:01.000 PM Thu Mar 17 13:31:01 2011 - INFO - Subscription ID: sub-56-757216ed found for host: xxx.xxx.xxx.xxx** host = test Options | sourceType = sdee_connection Options | source = / var / splunk / var / log / splunk / sdee_get.log Options | type = unix-all-logs option

But, it does not transfer events to Splunk.

What is wrong?