Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Cisco pix ports report

pcarron
New Member
‎08-31-2012 05:06 AM

Hi,
I need to know what ports are actualy being uside on my Pix firewall.
How do I generate a report for all ports used (one for inside interface and one for outside)including source and destination IP addresses.

Tags (1)
0 Karma
Reply

MHibbin
Influencer
‎08-31-2012 06:56 AM

You should probably look at the Cisco Security Suite App, and Splunk for Cisco Firewalls App.

Alternatively if you want to create you own....

Without seeing the data... I imagine that you will just need to define your fields (where they have not already been extracted. (guide here)

You will then probably need to use a stats command on the data (one for internal zones, one for external zones). This would be something like (depending on the fields you have extracted).

sourcetype=ciscoPix | stats count by port srcIP dstIP

http://docs.splunk.com/Documentation/Splunk/4.3.3/SearchReference/Stats

Or you could use things like top.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...