This application was designed to give users usable data surrounding the requests being sent to their Barracuda Web Filter. The application was designed using data from a Barracuda Web Filter 310, even though the access logs should be universal across the Barracuda Web Filter family of appliances I cannot guarantee it will work with other versions.

This app is freely available on Splunkbase here: http://splunk-base.splunk.com/apps/31192/splunk-for-barracuda-web-filter

Pre-deployment Assumptions:

1. You have enabled syslog logging on your Web Filter appliance.

This application was designed to give users usable data surrounding the activity taking place on their RSA SecurID appliances. This application will work with both the RSA SecurID Appliance 130 and 230 models.

It is freely available on Splunkbase here: http://splunk-base.splunk.com/apps/33495/splunk-for-rsa-securid-appliances

Pre-deployment Assumptions:

1. The RSA appliances are configured to send SNMP traps and allow SNMP read access using SNMPv2.

Finally I'm making this Splunk app freely available to the general public (see attachments to this post). I built this app almost a year ago and it is definitely not near perfection. I built it over a couple of days on spare time to work within our environment where we only have a few USPVM’s. So I can't speak for how well it scales or how well the searches work over very large data sets. Frankly it works for me and I haven't had enough spare time to invest into further development or optimization of it.

Just for reference... here are some searches extracted from the Deployment Monitor application (only slightly modified) and other useful ones. I know there are apps for this, obviously DM that I extracted some searches from. But who knows, sometimes these apps may not work.

The great ppl @ Splunk have also documented these searches and more:

http://www.splunk.com/wiki/Community:TroubleshootingIndexedDataVolume
http://www.splunk.com/wiki/Deploy:Splunk_Metric_Reports

Usage by source:

So after figuring out the greatness of Splunk'ing the statistical data from a USP I thought I'd go on to share more of what I've come across.

First off to shorten the time frame in which you pull your data so that it's nearest to real-time as possible. Within your command.txt file, define the longrange value to only be one hour like so:

longrange -000100:

This will definitely help with the amount of time it takes to pull the data. Now depending on the number of group's you have defined to export, you can set a lower shortrange value like so:

shortrange -0010:

I've been Splunk'ing A LOT recently and one of the most recent accomplishments was getting Hitachi Performance Data out of a USP (Universal Storage Platform) and in to Splunk. So I thought I'd write quickly on how it can be done.

Here are a few simple steps to resetting the ticket counter in a JIRA project.

1. Stop the JIRA instance from running by executing the shutdown.sh script found in $JIRA_HOME/bin

2. Log into the local mysql instance that is running and change the working database to 'jira'

3. Execute the command: select * from project where pkey='PROJECTKEY' ...for example if your Project Key is 'HELPDESK' then you would execute the command: select * from project where pkey='HELPDESK' ... The output of this command gives you the the project ID as it's stored in the database.

If you've ever administered the enterprise collaboration software/wiki known as "Confluence" then you have most likely encountered it's issues with having SELinux enabled on the same machine. Any documentation on the confluence website points to completely disabling SELinux when installing Confluence and offers no remedies otherwise. Well for some of us, this just simply is not an option.

Many months ago when configuring a Barracuda Web Filter 310 I came across a "hidden" expert menu which provides extended options (some of which are not advertised by Barracuda Networks) which may be useful within your environment. To access this hidden menu you simply load up the admin interface on your Web Filter then click on the "Advanced" tab. Once the Advanced page displays, click in your location bar of your web browser and at the end of the URL listed add &expert=1 ..

In this blog entry I will outline the steps you need to take on your Cisco Router or Catalyst device to configure syslog logging.

If you are configuring a Cisco Router for syslog logging then please follow the steps below:

1. In order to ensure that logging is enabled, issue the logging on command.

Router(config)# logging on

2. In order to specify the Essentials server that is to receive the router syslog messages, issue the logging ip_address command. ip_address is the address of the server that collects the syslog messages.

Router(config)# logging 1.1.1.1