Hi,
I have installed splunk server in my organization and monitoring windows server using splunk server. Now I want to monitor Network devices like cisco switch, router, firewall etc.
So please let me know how to achive this?
Regards
Sachin
Hi Sir,
Would please help me how to integrate network and security devices in splunk post respective vendor app installed in splunk to collect logs?
This is a fresh deployment splunk enterprise security in infrastructure.
Any assistance much appreciated 🙂
Seems to me the best way would be to have Cisco devices send syslog messages to Splunk.
A couple of interesting plugins you might be interested in:
Cisco Security Suite
Cisco Firewalls
Cisco Ironport Web Security Appliance
Example config for cisco device:
configure terminal
(config)# logging thesplunkserver
(config)# logging trap 5
(config)# end
show logging
Example splunk etc/apps/search/local/inputs.conf:
[udp://20001]
connection_host = ip
index = cisco_asa
sourcetype = syslog