Splunk® Supported Add-ons

Splunk Add-on for Cisco WSA

Download manual as PDF

Download topic as PDF

Source types for the Splunk Add-on for Cisco WSA

This add-on provides the index-time and search-time knowledge for the following types of data from Cisco WSA.

Log source Description Source type CIM compatibility
Access logs The access logs of Cisco IronPort WSA record Web Proxy client history in squid or W3C format. The logs are stored as a <filename>.s on the server. For example, aclog.@20130316T120308.s. cisco:wsa:squid Intrusion Detection, Malware, Web
cisco:wsa:w3c
L4TM logs The L4TM logs of Cisco IronPort WSA record sites added to the L4TM block and allow lists. The logs are stored in the format <filename>.s on the server. For example, tmon_misc.@20130507T012232.s. cisco:wsa:l4tm Network Traffic
PREVIOUS
About the Splunk Add-on for Cisco WSA
  NEXT
Release notes for the Splunk Add-on for Cisco WSA

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters