How to get Cisco App working

rblalock · ‎02-27-2012

I've installed the Cisco Firewalls app. My colleague has pointed the firewall to the splunk server:port. There is no option to start the app and there appears to be no logging taking place. How do I get this working?

entmgmt · ‎11-30-2012

Doh windows firewall was the solution for us on why this wasnt working. I even installed MS Net mon and was seeing traffic on the interface.

tgow · ‎02-29-2012

Here are some troubleshooting tips:

-- Windows Firewall

Make sure that if you installed Splunk on a Windows box that the Windows firewall is not blocking UDP 514.

-- Firewall

Make sure that when you setup syslog that the destination ip address for the syslog traffic is the Splunk server

-- Restart Splunk

Make sure that you restart the Splunk processes/services when you install the Cisco Security Suite.

rblalock · ‎02-28-2012

Installed the Cisco security suite, and it appears to be working. But I don't see my firewall anywhere. It could be that it simply is not generating traffic. (Set to logging level "Warnings") But shouldn't I at least be able to see my firewall listed somewhere?

tgow · ‎02-27-2012

Make sure that you install the Cisco Security Suite first.

http://splunk-base.splunk.com/apps/22300/cisco-security-suite

If you have already created the data input then just save the configuration page with the defaults.

Now you will need to restart Splunk from either the Manager or from the command line.

The Cisco for Firewall app needs the default dashboards that are shipped with the Cisco Security Suite.

rblalock · ‎02-27-2012

Yes. (message padding)

Spelunke · ‎02-27-2012

Do you have setup an data input for syslog (udp(514)?

How to get Cisco App working

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk