After I install the Splunk Add-on for Cisco ASA, w...

kiarashbarzoode · ‎06-18-2016

Hello

After I upload the Splunk Add-on for Cisco ASA, the setup button does not appear.
I checked both version Windows and Linux and also downloaded the add-on again.
How can I fix this problem?

ryanoconnor · ‎06-19-2016

I don't believe the Cisco ASA add-on has any sort of setup page. What exactly are you trying to do? Have you taken a look at the documentation for that add-on?

http://docs.splunk.com/Documentation/AddOns/latest/CiscoASA/Description

kiarashbarzoode · ‎06-19-2016

so how config splunk to use cisco ASA logs?

ryanoconnor · ‎06-20-2016

In order to ingest Cisco ASA logs you'll want to start by sending data via syslog from your Cisco devices. This section of the document covers it but may be a little vague if you've never configured Splunk to receive syslog before, or configured a syslog receiver such as syslog-ng.

http://docs.splunk.com/Documentation/AddOns/latest/CiscoASA/Inputs

I would consider reviewing the below documents if you've never done this before.

http://wiki.splunk.com/Community:Best_Practice_For_Configuring_Syslog_Input
http://www.function1.com/2012/05/syslog-collection-with-splunk

Essentially you'll either setup a syslog receiver such as syslog-ng to drop the syslog events into a file. Then Splunk can monitor the file and place it in the proper sourcetype defined here:

http://docs.splunk.com/Documentation/AddOns/latest/CiscoASA/DataTypes

You can also configure Splunk to accept the input directly, but best practices suggest you use syslog-ng.

Let me know if you have any other questions.

After I install the Splunk Add-on for Cisco ASA, why does the setup button not appear?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector