Refine your search:

Cisco Firewall add-on change data-source

0

Hello,

I'm new to splunk and I'd like to use this app with a file as data input and not a port on the splunk server. I'm already running an instance of rsyslog and I don't want splunk to retrieve log directly. How can I do this (if possible)?

Simon

asked 12 Aug '10, 20:35

sassens's gravatar image

sassens
1
accept rate: 0%

One Answer:
oldestnewestmost voted
1

You can add your files that rsyslog is storing to a "monitor://" stanza in $SPLUNK_HOME/etc/system/local/inputs.conf, just use the same sourcetype as the Cisco Firewall app is expecting. This would look something like:

[monitor:///var/log/firewalls]
sourcetype=cisco_firewall
link

answered 12 Aug '10, 20:56

dwaddle's gravatar image

dwaddle ♦
15.4k2924
accept rate: 33%

This should help: http://www.splunk.com/base/Documentation/latest/Admin/Monitorfilesanddirectories

(12 Aug '10, 23:31) gkanapathy ♦
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

Asked: 12 Aug '10, 20:35

Seen: 466 times

Last updated: 12 Aug '10, 20:56

Related questions

Cisco Firewall add-on question

Cisco Firewall Add-on - No Data

Pulling Cisco Firewall add-on data

Cisco Firewall Add-on

Cisco Security Suite and Cisco Firewall Add-on Installation

Cisco Firewall Add-on - empty results

Cisco Firewall Add-On

Cisco Firewall add-on

Cisco Firewall addon data source

Copyright © 2005-2012 Splunk Inc. All rights reserved.