Hi Team ,
We are currently using Cisco asa module for capturing firewall logs. Is there any option in Cisco asa module to capture only logs with specific severity (eg: log.level: informational) and drop all other events.
Beats and Elasticsearch version : 7.9.0
Hi,
I think you can do it using the Drop event processor and not operator in condition section.
Thanks Talebi, i ill check this option and update here
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.