cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
artheb
New Member
Member since: ‎02-10-2015
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-10-2015
Activity Feed
View All

Re: How to search cisco firewall Deny actions base...

by in Splunk Search
‎02-24-2015 02:30 AM
‎02-24-2015 02:30 AM
Anyone could help on this? ... View more

Re: How to search cisco firewall Deny actions base...

by in Splunk Search
‎02-16-2015 03:54 AM
‎02-16-2015 03:54 AM
I tried to put it in my full search but it does not seem to work. sourcetype=syslog source=/opt/splunk/rsyslog/udp/cisco.log host=firewall1 Deny tcp src |head 1 | eval ip=“10.10.10.101” | search ip=XX.XX.XX.XX/19 OR ip=XX.XX.XX.XX/19 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/18 OR ip=XX.XX.XX.XX/17 OR ip=XX.XX.XX.XX/24 OR ip=XX.XX.XX.XX/16 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/16 OR ip=XX.XX.XX.XX/19] | append [head 2 | eval ip=“10.10.10.102” | search ip=XX.XX.XX.XX/19 OR ip=XX.XX.XX.XX/19 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/18 OR ip=XX.XX.XX.XX/17 OR ip=XX.XX.XX.XX/24 OR ip=XX.XX.XX.XX/16 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/16 OR ip=XX.XX.XX.XX/19] | append [head 3 | eval ip=“10.10.10.103” | search ip=XX.XX.XX.XX/19 OR ip=XX.XX.XX.XX/19 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/18 OR ip=XX.XX.XX.XX/17 OR ip=XX.XX.XX.XX/24 OR ip=XX.XX.XX.XX/16 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/20 OR ip=XX.XX.XX.XX/16 OR ip=XX.XX.XX.XX/19] Could you advise, please? ... View more

How to search cisco firewall Deny actions based on...

by in Splunk Search
‎02-10-2015 10:03 PM
‎02-10-2015 10:03 PM
Hi There, This is my first post so wanted to say Hello! I am trying to create an alert for possible Deny action on our firewall from 3 different internal IPs against multiple external IP subnets not single IPs. I found this post http://answers.splunk.com/answers/57094/join-ip-with-a-subnet.html and created ip_lookups.csv and transforms.conf ip_lookups.csv has following format (ip ranges changed for demo purpose) ip,location 200.100.32.0/19,target1 255.255.224.0 100.200.30.0/19,target2 255.255.224.0 50.60.80.0/20,target3 255.255.240.0 Could you advise on how to create a search rule to reflect the target subnets based on the ip_lookups.csv, please? Maybe there is a better way of doing it. Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM