Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
0
Helpful
1
Replies

WSA - Splunk and the Cisco App

john.phillips
Level 1
Level 1

‎12-09-2009 01:26 PM

Is anyone using Splunk and the Cisco App to help monitor their WSA's?
http://www.splunk.com/apps/cisco

If so how are you doing it, ftp'ing logs to a sawmill server and splunk server? or getting the sawmill server to run splunk as well?
I can see the benefit of running splunk on the logs as it's a neat way of indexing the raw data when you are trying to debug an issue. but we generate a fair amount of logs and I don't want to keep copying it around the network and the poor old sawmill server is on it's last legs.

thanks

Labels:
0 Helpful
1 Reply 1

Jeffrey Bollinger
Cisco Employee
Cisco Employee

‎12-21-2009 01:05 PM

Copy your logs (SCP) from the WSA to an intermediate (syslog) server and then have Splunk pull from there.  I primarily use the access_log as it contains the most relevant data, and this is what the Splunk Cisco App is expecting I believe.  You can do your log management on the syslog server if there's a logfile size concern.

0 Helpful
Customers Also Viewed These Support Documents