Configuration for Cisco ASA logs

Hello Team, Can you provide some guidance on how to get Cisco ASA logs to ELK? Documentation here Cisco module | Filebeat Reference [7.11] | Elastic doesnt say where to install the filebeat. I tried with CentOS 7 and filebeat 7.11 with the following configuration

- module: cisco
  asa:
    var.syslog_host: 0.0.0.0
    var.syslog_port: 9001
    var.log_level: 5

Unfortuantely i run into errors when starting filebeat

error messages:

2021-03-03T18:23:30.362-0600 DEBUG [cfgfile] cfgfile/reload.go:146 Number of module configs found: 1
2021-03-03T18:23:30.370-0600 ERROR fileset/factory.go:121 Error checking input configuration: No paths were defined for input accessing config
2021-03-03T18:23:30.370-0600 INFO beater/crawler.go:148 Stopping Crawler
2021-03-03T18:23:30.370-0600 INFO beater/crawler.go:158 Stopping 0 inputs
2021-03-03T18:23:30.370-0600 INFO beater/crawler.go:178 Crawler stopped
2021-03-03T18:23:30.370-0600 INFO [registrar] registrar/registrar.go:132 Stopping Registrar
2021-03-03T18:23:30.370-0600 INFO [registrar] registrar/registrar.go:166 Ending Registrar
2021-03-03T18:23:30.371-0600 DEBUG [registrar] registrar/registrar.go:167 Stopping Registrar
2021-03-03T18:23:30.371-0600 INFO [registrar] registrar/registrar.go:137 Registrar stopped
2021-03-03T18:23:30.376-0600 INFO [monitoring] log/log.go:152 Total non-zero metrics {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":50,"time":{"ms":55}},"total":{"ticks":170,"time":{"ms":178},"value":170},"user":{"ticks":120,"time":{"ms":123}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":9},"info":{"ephemeral_id":"dba277ae-a74d-4785-bb52-84db7c291870","uptime":{"ms":3110}},"memstats":{"gc_next":18050832,"memory_alloc":11067728,"memory_sys":73482496,"memory_total":43803584,"rss":47640576},"runtime":{"goroutines":12}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0},"type":"elasticsearch"},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"cpu":{"cores":4},"load":{"1":0.79,"15":0.54,"5":0.6,"norm":{"1":0.1975,"15":0.135,"5":0.15}}}}}}
2021-03-03T18:23:30.377-0600 INFO [monitoring] log/log.go:153 Uptime: 3.114559651s
2021-03-03T18:23:30.377-0600 INFO [monitoring] log/log.go:130 Stopping metrics logging.
2021-03-03T18:23:30.377-0600 INFO instance/beat.go:474 filebeat stopped.
2021-03-03T18:23:30.377-0600 ERROR instance/beat.go:971 Exiting: Failed to start crawler: creating module reloader failed: No paths were defined for input accessing config
Exiting: Failed to start crawler: creating module reloader failed: No paths were defined for input accessing config

Did you install filebeat with a .deb/.rpm package or did you download the tar.gz archive from our website?

It seems to not find any configuration files, so I think maybe you are just starting or installing it incorrectly, so hopefully we can manage to resolve that

@Marius_Iversen Thank you for chiming in . I downloaded the tar.gz archive for installation. I double checked if it was configuration issue (like unable to find config.path etc) by renaming or removing the modules.d/cisco.yml file. I think the issue is with cisco.yml unfortunately i cant pinpoint

- module: cisco
  asa:
    var.syslog_host: 0.0.0.0
    var.syslog_port: 9001
    var.log_level: 5

Maybe it might be a permission issue the? How are you starting the beat?

In the unpacked archive, can you start with "./filebeat -e -d "*" "?

-e is for running in foreground
-d "*" is for running debug. Then maybe you can paste the output again?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.