Splunk Search

Need to create a ASA VPN user report

dgodfrey
New Member

Hi all -

I've sort of gotten myself into a bind here.... One of my clients was looking for a way to report on VPN usage, with as little cost to them as possible. I discovered Splunk's free license with the Cisco Security Suite / Firewall app and love the information it is giving me, but I am the most basic of users (i've figured out how to add the "UserID" field, click on it, and see pages of SYSLOG data showing me what users connected/disconneted, I've even learned that if I type "%ASA-5-713259" into the search bar, I can see all of my VPN disconnects - COOL!) Now, for my problem... I need to get that information into a printable report with headings and detail.. and I've got know idea how to do it... This whole world of "rex's" and "field extractions" and "events" has me overwhelmed... is there any sort of tutorial on how to do this.. please forgive my ignorance...

0 Karma

Adrian
Path Finder
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...