Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Cisco pix ports report

pcarron
New Member
‎08-31-2012 05:06 AM

Hi,
I need to know what ports are actualy being uside on my Pix firewall.
How do I generate a report for all ports used (one for inside interface and one for outside)including source and destination IP addresses.

Tags (1)
0 Karma
Reply

MHibbin
Influencer
‎08-31-2012 06:56 AM

You should probably look at the Cisco Security Suite App, and Splunk for Cisco Firewalls App.

Alternatively if you want to create you own....

Without seeing the data... I imagine that you will just need to define your fields (where they have not already been extracted. (guide here)

You will then probably need to use a stats command on the data (one for internal zones, one for external zones). This would be something like (depending on the fields you have extracted).

sourcetype=ciscoPix | stats count by port srcIP dstIP

http://docs.splunk.com/Documentation/Splunk/4.3.3/SearchReference/Stats

Or you could use things like top.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...