Can't get this working with Splunk for Cisco ASA
Set ASA 5505 to forward syslog to usp/5447 with timestamps enabled
:/opt/splunk/etc/apps/Splunk_for_CiscoASA/local/inputs.conf show this:
[udp://5447]
connection_host = ip
sourcetype = syslog
Still get:
received event for unconfigured/disabled/deleted index='firewall' with source='source::udp:5447' host='host::x.x.x.x' sourcetype='sourcetype::cisco:asa' (1 missing total)
This is a vanilla install on Ubuntu 12.04, same issue on Windows 2012 so should not be OS specific.
I'd really appreciate if someone could bulletpoint steps taken for the benefit of all... thanks! 🙂
Did follow install notes:
Installation Notes
Pre-requisites;
- TA-cisco_asa (1.1)
- SideView Utils (used 1.3.5 not 2.x)
- Google Maps(1.1.2)
... View more