Ironport Integration with Splunk

Unanswered Question
Jan 17th, 2012

Hi;

    I am trying to integrate ironport and splunk for the reporting feature. Have anyone tried with this.

Thanks & Regards

Sreejith R

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Atazazuddin Shaikh Thu, 02/09/2012 - 13:32

Hi Sreejith

We have few customer being in transition over to Splunk, Please let me know if you have ANY specific questions.

Regards,

Zack

tidavids Fri, 02/10/2012 - 11:30

Cisco has developed, sells and directly supports a Advanced Reporting for WSA Application for Splunk. 

Not only does the application properly extract the various fields in both access and trafmonlogs, but also directly emulates the functionality of on-box reporting while still allowing for additional Splunk searches.

sreejith_r Wed, 02/22/2012 - 01:34

Do you have any proper document for doing this. I downloaded the WSA from cisco and added in the splunk. But its not fetching the information from the ironport. Maybe i missed one or two steps. If you have any documents , please share it. it will be very helpful.

Thanks & Regards

Sreejith R

tidavids Wed, 02/22/2012 - 04:15

There are Install, User and Troubleshooting Guides posted to the Cisco Support portal.  The "Install Guide" steps one through the process of importing logs, first time set-up, etc.

The "Troubleshooting Guide" will help diagnose any problems you may be having.  In short, I would insure that the data is being properly indexed (search "*" in the logs and make sure fields are properly extracted, eg. acl_tag).

Next, with the fields being properly extracted, you may need a one-time run of the summary script if you have imported historical logs. 

All of this is documented in the guides.

~Tim

Actions

Login or Register to take actions

This Discussion

Posted January 17, 2012 at 1:26 AM
Stats:
Replies:5 Avg. Rating:
Views:1104 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard