I've setup a new Splunk server to demo here and i'm pretty new to the whole Splunk scene. i'm trying to add some of my cisco devices and I've installed the Cisco Security Suite with the Firewall part enabled. however none of the logs/data is being populated inside the app.
When i search for ASA i see a bunch (10k+) of hits for my firewall. i read through the documentation but that doesn't seem to help.
I've enabled data collection on the Splunk server via add data > TCP port > 514.
You may need to force the sourcetype of your ASA logs. Here's how:
apparently this doesn't work for me.
props.conf config was already commented out but still not working.
and the dashboards were looking for eventtype=cisco-firewall and upon checking on the eventtypes.conf, there's no cisco-firewall defined in there. what's happening here?
I'm in the same boat as pmovrich - Brand new to Splunk and I wish to view ASA syslogs. Recently installed Splunk 6, Cisco Security Suite 3.0.2, Splunk Add-on for Cisco ASA 3.0.0. I see events being indexed on the Splunk home page but when I open the Cisco Sec. Suite, nothing. This is a Win7 install. Any advice? Thanks in advance.