Splunk® Supported Add-ons

Splunk Add-on for Cisco WSA

Source types for the Splunk Add-on for Cisco WSA

This add-on provides the index-time and search-time knowledge for the following types of data from Cisco WSA.

Squid access logs for Version 11.7, 11.8, and 12.5 of Cisco Web Security Appliance The access logs for Cisco Web Security Appliance in version 11.7, 11.8, and 12.5 record Web Proxy client history in squid. The logs are stored in the format <filename>.s on the server. For example, aclog.@20130316T120308.s cisco:wsa:squid:new Malware, Web
W3C access logs The access logs for Cisco Web Security Appliance record Web Proxy client history in W3C format. The logs are stored as a <filename>.s on the server. For example, w3c_log.@20130316T120308.s cisco:wsa:w3c:recommended Malware, Web
L4TM logs The Layer-4 Traffic Monitor logs for Cisco Web Security Appliance records all Layer-4 Traffic Monitor activity. The logs are stored as a <filename>.s on the server. For example, tmon_misc.@20130507T012232.s. cisco:wsa:l4tm Network Traffic
Last modified on 11 August, 2022
Lookups for the Splunk Add-on for Cisco WSA   Release notes for the Splunk Add-on for Cisco WSA

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters