Reporting

How to setup a report on all the firewalls reporting to Splunk?

New Member

I am trying to create a report to just show what firewalls are reporting to Splunk.

0 Karma

New Member

I am new to splunk and how do I use that

0 Karma

Path Finder

Type that in your search as is, you just need to know what index the firewall data is being written to and update the portion after index=

Once you get the syntax correct, you can create a report by clicking Save As > Report and schedule it to run daily, weekly, etc.

0 Karma

Path Finder
0 Karma

SplunkTrust
SplunkTrust

Would you mind providing little more information ?
- What's present in your events regarding firewall? or How would you identify that the events are coming from firewall?
- Is the source field contain any information regarding the actual source of information?

0 Karma

New Member

8/6/18
9:15:30.000 AM

Aug 6 09:15:30 172.19.76.9 Aug 06 2018 09:15:30: %ASA-6-302016: Teardown UDP connection 1332069924 for DMZ-8:172.19.115.13/53 to Inside:172.19.32.15/58709 duration 0:00:00 bytes 108
host = 172.19.76.9 source = udp:1480 sourcetype = cisco:asa

0 Karma