Refine your search:

I am new to splunk and need some help is basic terms on how to setup splunk to work with my ASA5510 to be able to report on VPN user login/logout times and data and also users internet useage. I have splunk setup as the syslog server and receiving all the log data from the ASA. I have downloaded the Cisco add ins for WebIron and Firewall but do no know how to get them setup or if they are the correct apps. My ASA has the Trend Micro CSC module. If anyone could please tell me how or if splunk is able to do what I need. I have watched the how to video but it deals more with how to get searches from web servers not how to get info from syslog data.I also have the window event log collecting but that is the next step first I need to get the syslog data working. I appreciate any help.

asked 05 Apr '11, 15:53

llreilly's gravatar image

llreilly
1111
accept rate: 0%


2 Answers:

Hi llreilly, if you already have Splunk collecting your Cisco ASA firewall messages via syslog and you have the Splunk for Cisco Firewalls Add-on installed, you only need to make sure those syslog messages are sourcetyped correctly.

You can refer here: http://answers.splunk.com/questions/3366/how-do-i-install-the-cisco-firewall-add-on

There is also additional configuration information contained within the add-ons readme file.

Once you sourcetype the incoming events you will be able to search on those from the Search App. To see Cisco Firewall specific dashboard, install the Cisco Security Suite: http://splunkbase.splunk.com/apps/All/4.x/Suite/app:Cisco+Security+Suite

link

answered 06 Apr '11, 16:37

dleung's gravatar image

dleung ♦
128117
accept rate: 20%

Maybe you can seek the answer on Cisco website.

link

answered 21 Jul, 20:16

EmmaJing's gravatar image

EmmaJing
211
accept rate: 0%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×393

Asked: 05 Apr '11, 15:53

Seen: 4,327 times

Last updated: 21 Jul, 20:16

Copyright © 2005-2014 Splunk Inc. All rights reserved.