http://www.splunkbase.com/feed/apps.rss/All/Technologies/Networking Latest SplunkBase Applications in category Networking Splunk Thu, 23 Oct 2008 20:26:19 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Application%3A+CheckPoint+OPSEC+LEA+Application+for+Linux 66674c569720aeb3fd53f1185a4925b3 This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data. Splunk Thu, 23 Oct 2008 20:24:02 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:CheckPoint+OPSEC+LEA+Application+for+Solaris%7FSPARC c4811343a34356649107c734c7dde59a This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data. rataide Tue, 16 Sep 2008 19:43:30 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Splunk+for+tcpdump 3e648d0b4dd134ececd859d7c4ca11b3 This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard. Splunk Fri, 05 Sep 2008 23:29:25 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Splunk+for+Network 5a25fb41ca4703988250b99417eca178 This is a simple application to monitor change on network device configurations. It runs a scripted input to request the network device upload it's configuration file to a tftp server. The input reads /tftpboot for any files that get uploaded and indexes them through the fschange source. Splunk Thu, 04 Sep 2008 16:51:01 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Splunk+for+CISCO+PIX 740e6413701ddc9ceccf7ac81e2f90c6 Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications. rataide Tue, 02 Sep 2008 09:05:38 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Reverse+Name+Resolution+Search+Script+%28DNS%29 0a8b9555b05f1ff8bf155e9f628113e4 This search script (nslookup.py) will perform reverse name lookup on every IP from an event at search time. raffy Mon, 18 Aug 2008 23:24:52 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:OpenBSD+Packet+Filter 2f14c07247b6405bdfd89eccd3029a13 This bundle contains field extractions and eventtypes for OpenBSD firewall events. raffy Mon, 18 Aug 2008 23:21:49 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:IPFW+Firewall 916954b39e6fa95fba91c6ba82c82f95 This application contains field extractions and eventtypes for IPFW firewall log files. yantisj Fri, 04 Apr 2008 14:41:38 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Splunk+Alert 8e2c2a15568cedc48cb46355dbdd805b Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output jon Tue, 04 Mar 2008 00:49:02 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:nscreen ed90be4ca3bd609a480731d22e9e2bcf This bundle is for field extraction and reporting on netscreen firewalls Splunk Mon, 14 Jan 2008 18:22:47 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:iptables+fields%2C+inputs%2C+and+event+types 8e50a9451bd5816f9724fa6f991c34f5 This add-on applies to iptables firewall logs, normalizing their field names so they work well with other Splunk applications. araitz Wed, 19 Dec 2007 01:31:17 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Sonicwall+Firewall 744dc2c0b92faad8233e35bda951406b This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules araitz Fri, 12 Oct 2007 16:53:07 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Watchguard+Firebox e2ee1fedc52b4d333682a90057c29666 Field Extractions for Watchguard Firebox goldburtd Tue, 09 Oct 2007 16:43:50 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Checkpoint+Event+Field+Extraction 2972347cfd6e27f50e215dc9c070df32 Search-time parsing of following fields: loc, time, action, orig, i/f_dir, i/f_name, has_accounting, uuid, product, src, dst, proto, rule deeann Tue, 02 Oct 2007 20:22:09 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Enable+SSL+in+Splunk 773eae93545d03bcc0c19629fe23724d A quick and simple add-on that enables SSL for your pre-3.2 Splunk server and Web interface. araitz Tue, 11 Sep 2007 22:32:01 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:getdevicetype fcdc4e620fa6508b233ebb23132d522a This search command will parse a csv file exported by network or systems device management software and match the hostnames/ip addresses in the file to host field values in you Splunk search, returning the new field devicetype for every match. The csv location is specified at the top of the script, and if you wish you can also alter the field matching to something other than "host" by changing the field variable in the script. The csv must be in the format "device_name,device_type". Thus, you can type: login | getdevicetype | where devicetype="cisco6500" to get only logins on cisco6500 devices or login | getdevicetype to get devicetype to display as a field below each event and be filterable and clickable like host and hosttag. or login | getdevicetype | top devicetype to get a report of number of events by devicetype. raffy Mon, 20 Aug 2007 19:25:09 +0000 http://www.splunkbase.com/apps/All/Technologies/Networking/app:Google+Earth+%7F+Google+Maps 364a0cdfac20f8d56caddeed1cc5c152 This bundle adds new field actions for IP addresses to locate the geographic origin of a connection.