I changed the css_views.conf to asa = 1, ips = 1, csf = 0, esa = 0, wsa = 0, ise = 0 but still get the errors. I added the remaining add-ons so current versions are;
Splunk_CiscoSecuritySuite 3.1.1
Splunk_TA_cisco-asa 3.2.3
Splunk_TA_cisco-esa 1.2.0
Splunk_TA_cisco-ips 2.1.4
Splunk_TA_cisco-wsa 3.2.1
Splunk_TA_sourcefire 3.3.0
If I disable Splunk_TA_cisco-asa most of the errors go away, but I guess it needs to be enabled?
... View more
Thanks, I added the XML as is, and might change it later.
I am getting other error messages when searching;
The lookup table 'cisco_action_lookup' does not exist. It is referenced by configuration 'cisco:asa'.
The lookup table 'cisco_action_lookup' does not exist. It is referenced by configuration 'cisco:fwsm'.
The lookup table 'cisco_action_lookup' does not exist. It is referenced by configuration 'cisco:pix'.
The lookup table 'cisco_asa_change_analysis_lookup' does not exist. It is referenced by configuration 'cisco:asa'.
The lookup table 'cisco_asa_ids_lookup' does not exist. It is referenced by configuration 'cisco:asa'.
The lookup table 'cisco_asa_ids_lookup' does not exist. It is referenced by configuration 'cisco:pix'.
The lookup table 'cisco_asa_intrusion_severity_lookup' does not exist. It is referenced by configuration 'cisco:asa'.
The lookup table 'cisco_asa_intrusion_severity_lookup' does not exist. It is referenced by configuration 'cisco:fwsm'.
The lookup table 'cisco_asa_intrusion_severity_lookup' does not exist. It is referenced by configuration 'cisco:pix'.
The lookup table 'cisco_asa_syslog_severity_lookup' does not exist. It is referenced by configuration 'cisco:asa'.
The lookup table 'cisco_asa_vendor_class_lookup' does not exist. It is referenced by configuration 'cisco:asa'.
The lookup table 'cisco_ips_vendor_info_lookup' does not exist. It is referenced by configuration 'cisco:ips:syslog'.
Any idea what's going wrong here?
... View more
Hi, I'm also getting the error "In handler 'localapps': Error while posting to url=/servicesNS/nobody/Splunk_CiscoSecuritySuite/css_setup/css_setup_endpoint/default" (Splunk 6.2.2, CSS 3.1.1).
I only want to enable ASA and IPS so would I need a different default.xml to the one above?
... View more