Configure the Splunk Add-on for Cisco ASA on your Splunk Cloud platform deployment
To add inputs from network ports to your Splunk Cloud deployment, navigate to your deployment's universal forwarder and complete the following steps:
Add a network input using the CLI
To access the Splunk Enterprise CLI, navigate to the
$SPLUNK_HOME/bin/ directory and use the
If you get stuck, the CLI has help. Access the main CLI help by typing
splunk help. Individual commands have their own help pages as well and can be accessed by typing
splunk help <command>.
The following CLI commands are available for network input configuration:
||Add inputs from |
||Edit a previously added input for |
||Remove a previously added data input.|
||List the currently configured monitor.|
<port> is the port number on which to listen for data. The user you run Splunk as must have access to this port.
You can modify the configuration of each input by setting any of these additional parameters:
||No||Specify a sourcetype field value for events from the input source.|
||No||Specify the destination index for events from the input source.|
||No||Specify a host name to set as the host field value for events from the input source.|
||No||Specify an IP address to exclusively accept data from.|
||No||Set to true or false (T | F). Default is False. Set to true to use DNS to set the host field value for events from the input source.|
||No||Specify a host name or IP address that this input should accept connections from only.|
- Configure a UDP input to watch port 514 and set the source type to "syslog":
./splunk add udp 514 -sourcetype syslog
- Set the UDP input host value via DNS. Use
authwith your username and password:
./splunk edit udp 514 -resolvehost true -auth admin:changeme
For information on best practices for using UDP, see Best practices for configuring Syslog input in the Community Wiki.
See the Cisco documentation for information on how to log specific events in your Cisco ASA deployment.
Install the Splunk Add-on for Cisco ASA on to your Splunk Cloud deployment
Configure system logging on your Cisco ASA device
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8