Hi; We have multiple Cicso ASA's sending in rsyslog data to a rsyslog server. Rsyslog separates the data from them into /var/log/firewalls.log The "Splunk Add-on for Cisco ASA v3.0.0" is reading the above firewalls.log file [monitor:///var/log/firewalls.log] host_segment = 4 source = cisco:asa sourcetype = cisco:asa disabled = false index = firewalls and the data is being pushed into the firewalls index, and the "Cisco Security Suite v3.0.3" is showing the data. The only problem is the data is all being showed as host=splunk-server-hostname and not the sending firewall's hostname below is an example of the log info coming from the ASA's 2014-06-19T15:27:32.308605+10:00 dov-asa5540-ra-6d-01.company.com.au %ASA-6-302016: Teardown UDP connection 271626409 for inside:10.64.18.181/57586 to inside:10.10.167.239/9297 duration 0:02:01 bytes 16637 2014-06-19T15:27:31.080466+10:00 dov-asa5540-ra-6d-01.company.com.au %ASA-4-419002: Duplicate TCP SYN from inside:10.244.33.128/59137 to inside:10.10.164.218/139 with different initial sequence number 2014-06-19T06:46:59+10:00 gblon01aggfwl01.company.com.au %ASA-5-106100: access-list inside_access_in denied tcp inside/10.246.26.82(61902) -> outside/192.168.1.21(9100) hit-cnt 1 first hit [0xbe9efe96, 0x0] Trevor.. ... View more

Hi; When in the Forward Management - > Client list, it shows a list of all the current Forwarders that are connecting, but there is no way to sort this list. ie: clicking on the top "Host Name" menu, doesn't do anything. Can this be fixed on the next release. Trevor.. ... View more

Hi; We are currently setting up multiple new forwarders, which are getting their configs from the deployment server. Everytime, we setup a new app or modify an existing app we are having to restart splunk. Is there an easier way to re-initialise the Deployment Server to refresh the /opt/splunk/var/run/tmp/ sub-folders without having to do a "service restart splunk" Trevor.. ... View more