Cisco ASA Integration not working (Kibana version 8.1)

Hello,

im quite new to Elasticsearch /ELK-Stack and ran into a problem with monitoring my logfiles from a Cisco ASA 5520.
The problem seems to be the logfile format of my ASA and therefore they dont get parsed correctly.
My ASA is sending the logs in a format like this:

Mar 18 16:54:47 10.0.0.1 %ASA-2-106001: Inbound TCP connection denied from 185.172.148.132/443 to 10.0.0.10/4535 flags RST  on interface OUTSIDE
Mar 18 16:55:14 10.0.0.1 %ASA-3-106014: Deny inbound icmp src OUTSIDE:195.14.215.17 dst INSIDE:10.0.0.10 (type 3, code 0)

From what i saw during my invetigations why logparsing doesnt work this seems to be the problem since it seems the parser expect the log formatet like this:

<xxx>Mar 18 16:54:47 10.0.0.1 %ASA-2-106001: Inbound TCP connection denied from 185.172.148.132/443 to 10.0.0.10/4535 flags RST  on interface OUTSIDE
<xxx>Mar 18 16:55:14 10.0.0.1 %ASA-3-106014: Deny inbound icmp src OUTSIDE:195.14.215.17 dst INSIDE:10.0.0.10 (type 3, code 0)

were xxx is a 3 digit number

after trying to figure out how to get the right log format from the ASA i am now at a point were i ran out of ideas.
So any help / advice would be aprecciated

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.