Hi,
I have installed Cisco Security Suite 3.1.0 and Splunk Add-on for Cisco WSA (version 3.1.1). So far, the ESA is working fine, but not the WSA. My cisco is running asyncOS 8.0. Can you advise what changes need to be made to get the WSA add-on working ?
Below are sample syslog messages received:
Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854337.186 14 155.69.88.82 TCP_MISS/200 868 GET http://livepassdl.conviva.com/lpconfig/cfg/c3.customerName=c3.Vimeo&c3.platform=JS&c3.dver=2.90.0.24127?random=1203224600&uuid=3198794767.2066228013.4008315968.845605457 - DIRECT/livepassdl.conviva.com application/xml CMF:1 DCF:0 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36" "http://livepassdl.conviva.com/ConvivaCommunicationProxy.html" 68.232.44.187 - "Computers and Internet" 634
Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854338.289 527 155.69.77.133 TCP_MISS/404 225 GET http://api.readdle.com/api/ppcloud/q/c/b/cbfc5eec-c763-11e4-819f-040101b47201 - DIRECT/api.readdle.com text/html CMF:1 DCF:1400 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup IW_comp,0.0,0,"-",0,0,0,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_comp,-,"-","-","Unknown","Unknown","-","-",3.42,0,-,"Unknown","-",-,"-",-,-,"-","-"> - "Mozilla/3.0 (compatible; Indy Library)" - 198.211.102.164 - "Computers and Internet" 198
Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854338.486 1337 155.69.67.110 TCP_MISS/403 306 GET http://www.timeapi.org/utc/now - DIRECT/www.timeapi.org text/html CMF:1 DCF:400000 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup - - - 50.16.239.160 - "Computers and Internet" 48
Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854338.525 14 155.69.68.61 TCP_MISS/200 1900 GET http://www.espncricinfo.com/ci/content/rss/extension2.json - DIRECT/www.espncricinfo.com text/plain CMF:8 DCF:0 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36" - 23.77.202.41 - "Sports and Recreation" 802
... View more