Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for Network Device Monitoring

ncbshiva
Communicator
‎03-12-2014 06:47 AM

Hi
Can Splunk forwarders be installed on network switches to capture data? I have a CISCO network switch from which I need to extract data for monitoring purposes.

I was wondering if I can use Splunk forwarder instead of any network probes

Also is there an app for network devices monitoring espeically for CISCO devices?

Awaiting your response

Thanks,

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

bshuler_splunk
Splunk Employee
Splunk Employee
‎03-12-2014 07:04 AM

Nope. Have your switch send syslog data to a syslog server. Then use a splunk forwarder on the syslog server to ingest data into splunk.

View solution in original post

Reply
Solved! Jump to solution

halr9000
Motivator
‎03-18-2014 09:43 AM

This two-part blog post covers techniques for getting data from Cisco switches via SNMP into Splunk:

http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt1/

http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt2/

0 Karma
Reply
Solved! Jump to solution

halr9000
Motivator
‎03-12-2014 11:33 AM

This looks interesting: https://blogs.cisco.com/enterprise/what-the-heck-is-a-service-container/

Reply
Solved! Jump to solution
Solution

bshuler_splunk
Splunk Employee
Splunk Employee
‎03-12-2014 07:04 AM

Nope. Have your switch send syslog data to a syslog server. Then use a splunk forwarder on the syslog server to ingest data into splunk.

Reply
Solved! Jump to solution

bshuler_splunk
Splunk Employee
Splunk Employee
‎03-12-2014 07:17 AM

syslog-ng is rock solid. Your load will determine your configuration.
Network device -> syslog-ng -> Splunk Forwarder -> Splunk Indexer
Cisco Security Suite http://apps.splunk.com/app/525/

0 Karma
Reply
Solved! Jump to solution

ncbshiva
Communicator
‎03-12-2014 07:10 AM

Hi
Thanks for your response, can you let me know the expected reference hardware and s/w configurations required for the syslog server?So the setup needs to be:
Network devices << Network Probes << Syslog Server << Splunk forwarder << Splunk Indexer Pls confirm Is there any readymade app for reading and dashboarding reports for cisco devices data? Thanks,

0 Karma
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top