Solved: Cisco Security Suite v2 Summary Page not showing f...

SOcchiogrosso · ‎02-05-2013

Just updated to the newest version of the Cisco Security Suite, I have the IPS and Firewall Add-Ons configured. However on the main page, shows me a map (using google maps which is working properly and below those is a bar graph for Cisco Security Events, however the only Cisco Security Events showing are "Cisco_ips" and "Cisco_syslog_types"m yet if I manually go to searches, and search for "eventtype=*" I see "cisco_firewall", so the events are there, they are just not showing up on the "Splunk for Cisco Security" summary page.

Any thoughts?

SOcchiogrosso · ‎02-05-2013

Yep this fixed it:

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

View solution in original post

SOcchiogrosso · ‎02-05-2013

Yep this fixed it:

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

dbylertbg · ‎05-24-2013

Also, see here for more info: for some reason they changed the default transforms.conf file in 2.0 so it's not properly source typing any more:

http://splunk-base.splunk.com/answers/74070/splunk_ciscofirewalls-cisco-security-suite-to-20-not-set...

Be sure to follow the directions given -- do not edit the default/transforms.conf -- instead, add your own transforms.conf in local and add the corrected stanza.

SOcchiogrosso · ‎02-05-2013

Yep this fixed it.

SOcchiogrosso · ‎02-05-2013

Just set the sourcetype to cisco_asa under the UDP port listening for Syslog messages and that just might have done it.

Cisco Security Suite v2 Summary Page not showing firewall messages

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor