Splunk® Supported Add-ons

Splunk Add-on for Cisco WSA

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Configure syslog data for Cisco Web Security Appliance version 11.7 or later

  1. If your data collection node is a Universal Forwarder or a Heavy forwarder, create a copy of inputs.conf in $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-wsa/local/ and add the following stanza to specify the file path of the log files:
            Monitor Stanza in inputs.conf
    source = cisco.wsa_11.7
    sourcetype = cisco:wsa:squid:new
  2. To use Splunk Connect for Syslog to collect syslog data, see the readme file at https://github.com/splunk/splunk-connect-for-syslog/blob/develop/docs/sources/Cisco/index.md
Last modified on 19 May, 2020
Field extractions for W3C formatted logs
Troubleshoot the Splunk Add-on for Cisco WSA

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters