×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
watzson
New Member
Member since: ‎09-07-2011
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-07-2011
View All

Why is the Splunk Add-on for Cisco WSA not working...

by in All Apps and Add-ons
‎04-13-2015 02:06 AM
‎04-13-2015 02:06 AM
Hi, I have installed Cisco Security Suite 3.1.0 and Splunk Add-on for Cisco WSA (version 3.1.1). So far, the ESA is working fine, but not the WSA. My cisco is running asyncOS 8.0. Can you advise what changes need to be made to get the WSA add-on working ? Below are sample syslog messages received: Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854337.186 14 155.69.88.82 TCP_MISS/200 868 GET http://livepassdl.conviva.com/lpconfig/cfg/c3.customerName=c3.Vimeo&c3.platform=JS&c3.dver=2.90.0.24127?random=1203224600&uuid=3198794767.2066228013.4008315968.845605457 - DIRECT/livepassdl.conviva.com application/xml CMF:1 DCF:0 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36" "http://livepassdl.conviva.com/ConvivaCommunicationProxy.html" 68.232.44.187 - "Computers and Internet" 634 Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854338.289 527 155.69.77.133 TCP_MISS/404 225 GET http://api.readdle.com/api/ppcloud/q/c/b/cbfc5eec-c763-11e4-819f-040101b47201 - DIRECT/api.readdle.com text/html CMF:1 DCF:1400 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup IW_comp,0.0,0,"-",0,0,0,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_comp,-,"-","-","Unknown","Unknown","-","-",3.42,0,-,"Unknown","-",-,"-",-,-,"-","-"> - "Mozilla/3.0 (compatible; Indy Library)" - 198.211.102.164 - "Computers and Internet" 198 Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854338.486 1337 155.69.67.110 TCP_MISS/403 306 GET http://www.timeapi.org/utc/now - DIRECT/www.timeapi.org text/html CMF:1 DCF:400000 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup - - - 50.16.239.160 - "Computers and Internet" 48 Apr 12 23:59:03 155.69.95.23 ironport_access_logs: Info: 1428854338.525 14 155.69.68.61 TCP_MISS/200 1900 GET http://www.espncricinfo.com/ci/content/rss/extension2.json - DIRECT/www.espncricinfo.com text/plain CMF:8 DCF:0 ERR:0 DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36" - 23.77.202.41 - "Sports and Recreation" 802 ... View more

upgrade splunk forwarder

by in Deployment Architecture
‎11-07-2014 12:10 AM
‎11-07-2014 12:10 AM
Hi there, i am upgrading my splunk server to version 6. however, i have multiple splunk forwarders (abt 300) in different versions, from v4.x to v6. i know other has asked something similar before. if i am going to choose one version, which one will it be ? thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM