I've just installed the SplunkAdd-onforCiscoESA and looking to have the correct sourcetypes and field extractions. Am I simply appending my C:\Program Files\Splunk\etc\system\local\ props and t...
I installed the Cisco Security suite as well as the CiscoESAadd-on.
I am forwarding the mail_logs from CiscoESA to Splunk using syslog push over TCP.
I can see info in the dashboards for o...
Hello All,
I am having trouble forwarding CiscoESA (authentication) logs from HF to Indexers.
Here are the steps taken to configure it:
- Installed SplunkAdd-onforCiscoESAon HF & SH....
I installed the Cisco Security Suite app with the SplunkAdd-onforCisco ASA,and did the setup, but why do I see warnings about eventtype definitions for eventtype=cisco-esa?
Hello,
I've installed the TA on my search head only (Distributed deployment).
I send ESA textmail and http logs over TCP syslog and my heavy forwarder inputs.conf is configured as this:
[t...
Hello All,
I have been going through Multiple posts but still not able to configure my SplunkAdd-onforCiscoESA. I have some confusion and need your opinion on it.
I have a Distributed e...
Hi All,
I'm trying to install the CiscoESAAdd-on App https://splunkbase.splunk.com/app/1761/
However when setting this up in Cisco Security Suite, it doesn't recognize the app after I've u...
I have configured two TA applications - the CiscoESA and Cisco WSA add-on. I have enabled these add-ons within the initial setup of Cisco Security Suite and am using splunk version 6.2 and the new v...
The SplunkAdd-onforCiscoESA doesn't extract multiple fields correctly. I discovered a couple, but there are likely other issues in the field extractions and naming.
CIM "subject" is named a...