Install the Splunk Add-on for Cisco ASA on to your Splunk Cloud deployment
Note the following when you install the Splunk Add-on for Cisco ASA on to your Splunk Cloud deployment:
- The Cisco ASA device can use TCP as the syslog transport, and can maintain an open TCP port with the syslog-ng server.
- Do not place a load balancer between the ASA and the syslog server.
- Implement the following DNS configurations:
- For each IP address assigned for management of the ASA, ensure both address (A) records and record route (R) records exist and match.
- For each egress NAT address assigned to the device, ensure address and record route records exist and match.
- For each ingress NAT address assigned to the device, ensure the record route record matches the internal destination address. The address record for this IP is not required.
- Download the Splunk Add-on for Cisco ASA on Splunkbase.
Install on your Splunk Cloud deployment using self-service
Install an add-on on search heads and indexers in a Splunk Cloud deployment using the self-service app install process.
In Splunk Cloud deployments, inputs must be configured on forwarders under your control.
- In the Splunk Web home page, click the gear icon next to Apps.
- Click Install Apps.
- Select Install to install the add-on. If the add-on that you want is not listed, or if the add-on indicates self-service installation is not supported, contact Splunk Support.
- Complete the installation. When you install an add-on with declared dependencies, Splunk Cloud automatically resolves its dependencies through Splunkbase. To learn more about declaring dependencies, see the Splunk Packaging Toolkit
Install an add-on on to your forwarders using a deployment server
Use your deployment server to distribute content and configurations (collectively called deployment apps) to deployment clients, grouped into server classes. Deployment apps can be full-fledged apps, such as those available on Splunkbase, or they can be just simple groups of configurations.
Deploy an add-on to your deployment clients
- On your deployment server, navigate to
$SPLUNK_HOME/etc/deployment-apps/
. - Add your add-on to the
/deployment-apps/
directory. - Extract the add-on.
- Navigate to
$SPLUNK_HOME/etc/deployment-apps/<APP NAME>/default/inputs.conf
. - Add inputs for the data you want to collect.
- Save your changes.
- Restart the deployment server:
/splunk restart
.
View app deployment status
The Apps tab provides information on the number of clients that each app was deployed to. Click on an app to go to a detailed page for that app. The App Data Size field specifies the size of the app bundle. The bundle is a compressed file containing the app. Once a client receives a bundle, it uncompresses it and installs the app in its proper location.
Install the Splunk Add-on for Cisco ASA | Install the Splunk Add-on for Cisco ASA in a distributed Splunk Enterprise deployment |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!