I installed the Cisco Security suite as well as the CiscoESAadd-on.
I am forwarding the mail_logs from CiscoESA to Splunk using syslog push over TCP.
I can see info in the dashboards for o...
Hello All,
I have been going through Multiple posts but still not able to configure my SplunkAdd-onforCiscoESA. I have some confusion and need your opinion on it.
I have a Distributed e...
I'm using the CiscoESAadd-on (https://splunkbase.splunk.com/app/1761/) The documentation references files which need to be monitored by adding monitor stanzas to inputs.conf (e...
I saw that http://apps.splunk.com/app/533/ CiscoESA is deprecated, however, what add-on replaces it in the Cisco Enterprise Security Suite? I'm only seeing ISE, WSA, and ASA
Hi, I have Splunk 8.1.4 with SplunkAdd-onforCISCOESA 1.5.0. I also have the old app Cisco Secuirty Suite that even though it does not support Splunk 8.1.4, it shows results so I planned t...
A log subscription is set on the CiscoESA appliance (IronPort Text Mail Logs) which is set to forward to a syslog-ng server, which then writes to a unique file. The inputs.conf is configured t...
...hat it is looking for eventtype: cisco_esa_authentication, esa_email and esa_proxy. Did I miss a step? It seemed pretty straight forward. I do not have the esaadd-on installed, but do have the a...
Hello All,
Currently we are using Splunk with Email Security Appliance.
All I know is the command ---> du -sk /data/db/splunk , to know the space consumed by Splunk DB.
But could you p...
...ou the IOC matching points. The problem is that the CiscoESA logs are sent to Splunk in a way that does not allow for easy recognition of all those points in a single "event".
Here is an e...