Getting Data In
Highlighted

Cisco firewall logging

Engager

Splunk Team,

I'm looking for log management/application profiling from Cisco ASA Firewall.
On Firewall, syslog-udp/514 is enabled towards splunk server whereas Syslog id - 106100 is disabled for all firewall policies.

Currently, threat-detection is also disabled.

What do I need to get application profiling ( like total hits per ACL) working.

Thanks
~rk

Tags (2)
Highlighted

Re: Cisco firewall logging

Splunk Employee
Splunk Employee

you may be interested in the Splunk for Cisco Firewalls add-on:
http://splunk-base.splunk.com/apps/22303/splunk-for-cisco-firewalls

which is part of the Splunk for Cisco Security Suite:
http://splunk-base.splunk.com/apps/22300/cisco-security-suite

Highlighted

Re: Cisco firewall logging

SplunkTrust
SplunkTrust

+1 on the already-built apps. They may not have exactly the view you're looking for, but they may have a starting point you can more quickly adapt from.

0 Karma
Highlighted

Re: Cisco firewall logging

Engager

Thanks Piebob !
I have installed Cisco Firewall add-on.
Although I haven't yet enabled syslog forwarding to splunk servers, the question is will it get all information for allowed firewall polices also ?

~rk

0 Karma