Virtualizing Splunk for use with Ironport S380 logs?
We have around 1,000 users and have found the built in reporting on the Ironport Web to be lacking in functionality. I'm thinking the Splunk with the Advanced Web Reporting add-on might work better. In particular I would like to be able to do the following, and have these questions:
1. I would like to run reports on full departments via their active directory OU's for example for summaries of their Ironport Categories they accessed/etc. This doesn't appear possible in the built in reporting, you seem to have to run either a summary for all users or one user at a time. Is this something that Splunk and the advanced web reporting add on would let us do?
2. Can you now virtualize Splunk and the Advanced Web Reporting add-on for use with an Ironport S380 or does it still need a dedicated server?
3. What is a ballpark cost for the Splunk Serrver software? What about the Advanced Web Reporting software, does Cisco charge extra for that too?
The Cisco Advanced Reporting for Web Security Appliance (WSA) is a Cisco-sold-and-supported tool to supplement Web Security Appliances. It only processes Web Security Appliance logs and has pre-built reports. Splunk Enterprise is an entirely different product, sold and supported by Splunk, that processes all kinds of data.
1. The Cisco Advanced Reporting for Web Security Appliance tool has directory-based group reporting.
2. Advanced Web Reporting needs a dedicated server, it cannot be virtualized.
3. A quote for Advanced Web Reporting can be provided by your sales rep/partner. It is generally about 5% of an overall Web Security order.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...