I'm looking for log management/application profiling from Cisco ASA Firewall.
On Firewall, syslog-udp/514 is enabled towards splunk server whereas Syslog id - 106100 is disabled for all firewall policies.
Currently, threat-detection is also disabled.
What do I need to get application profiling ( like total hits per ACL) working.
you may be interested in the Splunk for Cisco Firewalls add-on:
which is part of the Splunk for Cisco Security Suite:
Thanks Piebob !
I have installed Cisco Firewall add-on.
Although I haven't yet enabled syslog forwarding to splunk servers, the question is will it get all information for allowed firewall polices also ?