I have a CiscoASA that is pushing out syslog files to the server that SPLUNK resides on. I verified they are reaching the server with TCPDump. The data is not getting into SPLUNK. Does the s...
I recently downloaded theSplunkAdd-onforCiscoASA 3.0.0. When saved, the filename is "splunk-add-on-for-cisco-asa_300.tar". When I look at the file properties, size=48.3KB, size on disk=52.0KB....
hi, after installing this plugin, i have errors on every search, realted to cisco or not...
Always see this errors:
Could not load lookup=LOOKUP-cisco-asa-action_lookup
Could not load lookup=L...
...ithout simply filtering the IPs completely.
Here is an example of one of the events (IP addresses redacted)
Sep 18 14:55:36 XX.XXX.XX.XX %ASA-6-302014: Teardown TCP connection 871094319 for outside-L...
Hi,
I'm trying to get CiscoASA firewall logs into the Enterprise Security app. Is there an add-onfor that, SplunkforCiscoASA, or is it only supported in Cisco Security Suite?
Thanks,
Volto
Dear community,
After i forwarded the syslog from CiscoASA into SPLUNK i noticed that the logs are duplicated and this is consuming our license. Any help please ? Thank You
Hi All,
Just getting the community consensus here. CiscoASA log events for Built and Teardown essentially contain the same information
http://www.cisco.com/c/en/us/support/docs/security/a...
Greetings. This may be elementary, but I have our CiscoASA 5516 sending logs via a syslog server to Splunk. I configured a basic inputs.conf file to do so.
The logs get into Splunk but the p...
...ownloaded theCisco Firepower Threat Defense FTD sourcetype app and installed it onthe search heads because I only had theSplunkAdd-onforCiscoASA. That didn't change anything.&n...
I saw that http://apps.splunk.com/app/533/ Cisco ESA is deprecated, however, what add-on replaces it in theCisco Enterprise Security Suite? I'm only seeing ISE, WSA, and ASA