Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IRONPORT Logging (Trimming?)

We currently have 2 IronPort (S370) Proxy servers that through the GUI (System Administration / Log Subscription) we FTP our logs to a SPLUNK server for archiving / reporting.

Our splunk server has a 3GB daily indexing limit which has been exceeded 9 times in the last month.

Is there a way to customize the log data for which I am only interested in?  I know through the GUI, we can add fields to be logged but I suspect whats being logged by default is already the minimum.

Is this log customization possible or do I need to open up my wallet and purchase a larger SPLUNK license?

Thanks in advance.

Everyone's tags (4)
CreatePlease login to create content