I installed the add-on and tried to follow the directions. After installing, there was no 'Set up' as stated in the readme file, so I manually created the inputs.conf and added lines below (Note: These are the only lines in the inputs.conf file):
\Splunk\etc\apps\Splunk_Ciscofirewalls\local\inputs.conf
[udp://514]
disabled = false
I restarted Splunk and still no data. Anyone have luck with this? I am on Splunk 5 and the overview states it is supported.
Here are some basic questions :
lsof -i udp:514