Getting Data In

Installing the Cisco ASA and PIX firewall addon

dclick
New Member

Hello all -

I am in the process of evaluating Splunk (for windows), and found the Cisco ASA and Pix Firewall addon, but seem to be having a problem.

I am pretty sure I installed it correctly (unzipped to /program files/splunk/etc/apps).

When I try to open the some of the dashboards, I get an error -

500 Internal Server Error TypeError: 'NoneType' object is unsubscriptable This page was linked to from http://splunktest:8000/en-US/app/SplunkforCiscoSecurity/rt_firewall.

I have the firewalls set to send Syslogs to the Splunk test server, but is there somthing i might have missed?

Tags (2)
0 Karma

BunnyHop
Contributor

Did you do the Splunk for Cisco Security app or the Splunk for Cisco PIX or both? I would suggest maybe a restart of your Splunk instance and see if that helps.

My understanding is that the Splunk for Cisco Security app does NOT support the PIX appliance, so you might be better off getting the Cisco Firewalls app (http://www.splunkbase.com/apps/All/4.x/app:Cisco+Firewalls) if you're getting logs from a PIX. This should help: http://answers.splunk.com/questions/3366/how-do-i-install-the-cisco-firewall-add-on

0 Karma

BunnyHop
Contributor

I would also check gkanapathy's suggestion on this entry: http://answers.splunk.com/questions/2029/what-does-the-typeerror-nonetype-object-is-unsubscriptable-...

As for the license issue, there does seem to be an issue when switching from the eval version to the free version. However, if you're still on eval, you shouldn't be getting alot of errors. Try the suggestions from the link above, and make sure you restart the splunk instance.

0 Karma

dclick
New Member

Let me ask another question related to this - is there a difference from the "evaluation" version and purchased? I am testing splunk - we have not purchased it yet - so i dont know if that matters. I ask, because I get all kinds of those errors I posted above. TIA.

0 Karma

dclick
New Member

Also tried using Firefox - same issues.

0 Karma

dclick
New Member

I do have the UDP port open. I didnt open TCP as the firewall is set to send only UDP. Ill try that and see.

0 Karma

BunnyHop
Contributor

If you go to your Search app, do you see any data from your host(s)? If not, you might not be getting data into your server. I would check if you have both TCP and UDP port for syslog open on the Splunk server. This is located on Manager, Data Inputs.

0 Karma

BunnyHop
Contributor

Did you restart the Splunk instance? It seems like that's necessary. Also, I would try browsing using Firefox or Safari. I've seen this error before but on IE. Not sure if it's a bug.

0 Karma

dclick
New Member

Thanks for the reply - I installed both - first having issues like above with the Security app, then installed the firewall app -both seem to get some data, but when i try to drill down, i start getting the errors.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...