This is the multi-page printable view of this section. Click here to print.
Cisco
- 1: Adaptive Security Appliance (ASA)
- 2: Application Control Engine (ACE)
- 3: Cisco IOS
- 4: Digital Network Architecture (DNA)
- 5: Email Security Appliance (ESA)
- 6: Firepower
- 7: Firepower Threat Defence (FTD)
- 8: Firewall Services Module (FWSM)
- 9: HyperFlex (HX, UCSH)
- 10: Integrated Management Controller (IMC)
- 11: IOS XR
- 12: Meraki MX
- 13: Private Internet eXchange (PIX)
- 14: TelePresence Video Communication Server (VCS)
- 15: Unified Computing System Manager (UCSM)
- 16: Unified Communications Manager (UCM)
- 17: Viptela
1 - Adaptive Security Appliance (ASA)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | asa |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:asa | netfw |
2 - Application Control Engine (ACE)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ace |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ace | netops |
3 - Cisco IOS
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ios |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ios | netops |
4 - Digital Network Architecture (DNA)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | dna |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:dna | netops |
5 - Email Security Appliance (ESA)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | esa |
| format | text-plain | cef |
Note that the device can be configured to send plain syslog text or CEF-formatted output.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype, index, and source settings:
| sourcetype | index | source |
|---|---|---|
| cisco:esa:http | esa:http | |
| cisco:esa:textmail | esa:textmail | |
| cisco:esa:amp | esa:amp | |
| cisco:esa:antispam | esa:antispam | |
| cisco:esa:system_logs | esa:system_logs | |
| cisco:esa:system_logs | esa:euq_logs | |
| cisco:esa:system_logs | esa:service_logs | |
| cisco:esa:system_logs | esa:reportd_logs | |
| cisco:esa:system_logs | esa:sntpd_logs | |
| cisco:esa:system_logs | esa:smartlicense | |
| cisco:esa:error_logs | esa:error_logs | |
| cisco:esa:error_logs | esa:updater_logs | |
| cisco:esa:content_scanner | esa:content_scanner | |
| cisco:esa:authentication | esa:authentication | |
| cisco:esa:http | esa:http | |
| cisco:esa:textmail | esa:textmail | |
| cisco:esa:amp | esa:amp | |
| cisco:esa | program: <variable> | |
| cisco:esa:cef | esa:consolidated |
Tested with: Splunk Add-on for Cisco ESA
6 - Firepower
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | firepower |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:firepower:syslog | netids |
7 - Firepower Threat Defence (FTD)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ftd |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ftd | netfw |
8 - Firewall Services Module (FWSM)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | fwsm |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:fwsm | netfw |
9 - HyperFlex (HX, UCSH)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ucsh |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ucsh:hx | infraops |
10 - Integrated Management Controller (IMC)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | cimc |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:cimc | infraops |
11 - IOS XR
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | xr |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:xr | netops |
12 - Meraki MX
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | meraki |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:meraki | netfw |
Tested with: TA-meraki
13 - Private Internet eXchange (PIX)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | pix |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:pix | netfw |
14 - TelePresence Video Communication Server (VCS)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | tvcs |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:tvcs | main |
15 - Unified Computing System Manager (UCSM)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ucsm |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ucs | infraops |
16 - Unified Communications Manager (UCM)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | ucm |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:ucm | netops |
17 - Viptela
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | cisco |
| product | viptela |
| format | text-plain |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cisco:viptela | netops |