I have installed both Cisco Security Suite and Cisco Firewall Add-On, I have UDP port excepting syslogs from an ASA with a souretype of cisco_firewall. I can view realtime data in Security Suite but the Cisco Firewall shows no results when I select Overview or Real Ti9me Dashboard.
The Overview inspect shows:
This search has completed and found 362 matching events. However, the transforming commands in the highlighted portion of the following search:
search eventtype="cisco_firewall" | bin _time span=5m | stats count by eventtype, src_ip, dest_ip, host,log_level_desc,event_desc, _time
over the time range:
3/14/12 3:00:00.000 AM – 3/14/12 3:00:00.000 PM
generated no results.
However if I select a time from the drop down or change the search to search eventtype="ciscofirewall" | bin _time span=5m results are disaplayed?
... View more