Technical Add-on for C-Cure ID Badging, version 1.0.0
C-Cure 800/8000 Access Control + Security Management Solutions.
-This add-on was tested with C-Cure 800/8000 Access Control + Security
Management Solutions. There could be syntax differences in logs between other
versions. Unfortunately unless redacted logs are provided I won't be able to
update this add-on.
1. Install db_connect. https://splunkbase.splunk.com/app/2686/
a. for help with db_connect installation/setup please visit
b. Under the "New Input" (Metadata) make sure of the following
- Sourcetype = ccure:journal
- Index = ccure
2. Install this add-on for the following Splunk Servers
a. Search Head(s) / Indexer(s)
- If this is building into the Enterprise Security app. Please
install the CIM app on your Enterprise Secrity Search.
Incorrect Timestamps could be related to a variety of reasons. Please Check
the following items.
1. db_connect: Under "Configurations" double check "Timezone" is setup
2. Splunk: Under the login drop menu in "Preferances" double check "Timezone"
3. For additional support please visit the community forum
Redacted Log Sample
2018-12-20 13:29:58.000, MessageUTC="2018-12-20 18:29:58.0", MessageType="CardAdmitted", PrimaryObjectName="liechtenstein, ulrich", PrimaryObjectIdentity="AA11A11A-AA11-11AA-A1A1-AAAAAA111111", SecondaryObjectName="potentially the name of entrance area", SecondaryObjectIdentity="B2B2B2B2-BB22-22BB-B2B2-BBBBBB22222", XmlMessage="InDirection12345AdmitAdmitliechtenstein, ulrichpotentially the name of entrance area"
if you'd like to attribute additional redacted log samples or have comments/concerns. Please contact me at firstname.lastname@example.org with the Subject line containing the add-on name.