We have the FMC set to send connection events, and they are turned on in the Access Policies (set to just send to the FMC, not syslog) and when we first started up eStreamer, we got a large burst of...
I've installed the latest TA-eStreamer and I'm trying to see if I can get the data into InfoSec App for Splunk for IDS/IDP events. I followed the setup instructions and I can see data coming in. Unf...
I'm attempting to log RNA flows with the eStreamer app, but it looks like the eStreamer client cannot keep up with the amount of data sent. Would it be possible to thread the app or setup multiple c...
What configurations are to be made on the Defense Center and on Cisco eStreamer for Splunk in order to get the IDS/IPS events only? Right now we are getting a huge amount of RNA logs in Splunk. We h...
Hey Guys, i have spent all day trying to do this:
So this search:
index=nexus RNA-IVS "login failed" | timechart count
provides me with
date count
mon 8
tue 5
w...
Hey Guys,
This is my search:
index=nexus RNA-IVS "login failed" | timechart count
which gives
time 8pm
count 63
I need to search for two strings so that i get :
time 8pm
count(l...
Hello,
we have connected FMC with 12 Security Gateways to Splunk using estreamer addon installed on HF. Log ingestion works fine, but we have issues with filtering.
During log analysis, it tu...
...4:42:49 [1820] Starting processing for other
Jun 07 14:42:49 [1822] Starting processing for rna
Jun 07 14:42:49 [1820] Building connection parameters for all other events
Jun 07 14:42:49 [1...