All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

search logs in splunk of CISCO's equipment

dieguito
Explorer
‎03-10-2016 08:21 AM

I need search logs in splunk of CISCO's equipment

-what port flapping
-all of relation with mac address and port security
-High CPU loads
-crash of the equipment
-HCRP
-sesions BGP
-failed attempts to console and vty access

how I would can??

Tags (1)
0 Karma
Reply

muebel
SplunkTrust
SplunkTrust
‎03-10-2016 12:07 PM

Hi dieguito, I think that implementing the Cisco App for Splunk will address these needs : https://apps.splunk.com/app/1352/

Please let me know if this answers your question 😄

Reply

jmann2118
Explorer
‎03-10-2016 01:00 PM

You need to read the documentation on the Apps that you downloaded for Cisco. I would recommend using the Splunk provided apps and not the "homegrown" app above. When you have these apps installed you need to make sure your sourcetypes line up with the ones specified in the application. Also make sure your index is correct with the dashboard search. To check this click the magnifying glass beside the dashboard and see what it's searching on.

Source types for the Splunk Add-on for Cisco ASA

Source type
cisco:asa The system logs of Cisco ASA record user authentication, user session, VPN and intrusion messages. Authentication, Change Analysis, Network Sessions, Network Traffic, Malware

cisco:fwsm The system logs of Cisco FWSM record user authentication, user session, and firewall messages. Authentication, Network Sessions, Network Traffic

cisco:pix The system logs of Cisco PIX record user authentication, user session, and intrusion messages. Authentication,Network Sessions, Network Traffic

0 Karma
Reply

dieguito
Explorer
‎03-10-2016 12:49 PM

hello,the splunk already have the application of cisco, but in the dashbord dont have more information That's why I need the comand of put in the search and reporting...

0 Karma
Reply

muebel
SplunkTrust
SplunkTrust
‎03-10-2016 12:55 PM

were you able to follow the documentation outlining the app's installation steps? It is a fairly complex app, but the documentation should be helpful.

0 Karma
Reply

jmann2118
Explorer
‎03-10-2016 10:18 AM

One way I've been successful is to forward Cisco logs to a Syslog server (Splunk). Another way would be Forwarding SNMP events.

Reply

dieguito
Explorer
‎03-10-2016 11:32 AM

yes Mr.
the logs are in the server splunk , but I do not know how search in the splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...