Hi All -
Just discovered Splunk, and I must say it's an amazing tool.
I've configured a router to send syslog messages to Splunk, and they are indeed being collected.
I've also installed the Cisco security app along with a few of its sub-apps.
The Cisco firewall app, though, doesn't seem to be able to read any of the data generated by the ACL deny log entries generated by my router. It seems these syslog entries are not in the same format as those which would be generated by a true ASA or PIX firewall. Still, I have all sorts of source IP / port and dest IP / port entries, so there is so much potential here! Any ideas on how I could make my current data readable by the Cisco Security Splunk app would be very much appreciated.
Thanks
... View more