- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- How to create a report for VPN user sessions inclu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to create a report for VPN user sessions including username, source ip, date and time for sonic wall firewall
We have a customer who had CISCO firewall but got it replaced by Sonicwall, now the VPN user session reports are not generating correctly.
What needs to be checked? Please share details.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You probably need to change TAs. The Cisco TA probably won't work with Sonicwall data. Try the one at https://splunkbase.splunk.com/app/4507/.
Then, like @woodcock said, you likely need to change the query that produces the report. There looks to be an app for that, too. See https://splunkbase.splunk.com/app/4544/.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sourcetype="cisco:asa" created OR deleted direction=inbound | rex "(?i)(SPI= (?P[^)]+)" | rex "(?i)(user= (?P[^)]+)" | rex "(?i) and (?P[^ ]+)" | eval Date_Time = date_mday." ".date_month." ".date_year." ".date_hour.":".date_minute.":".date_second | transaction SPI | table UserName, SourceIP, Date_Time, duration | eval duration = round(duration/(60*60), 2) | rename duration as "SessionTime(Hour)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have already tried all this sonicwall apps and add ons this are useless not loading any data
can some one help me how can i fliter vpn authentication logs from syslog or /var/log
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
or if someone has used sonicwall firewall and generated VPN reports please share the query or spl
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is the old query with cisco firewall tried chnagng soure cetypes but no data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it is really disappointing no one knows the answer for the above query
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Find the SPL that generates the report and run it. From the bottom, one by one, remove each pipe and the SPL after it until you get results. Then look at what is in the line that you removed and fix whatever is in it that doesn't exist.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please share the SPL
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
