Hello guys
I was excited to hear that there is now a built-in module for Cisco ASA in filebeat. I quickly tried it in our test environment and saw the following issue:
The ASA will log HTTP requests that it is able to inspect like this:
Jun 26 09:23:11 2001:db8:beef::1 %ASA-5-304001: 2001:db8:beef::250 Accessed URL 2001:db8:beef:10::201:http://mirror.example.com
But this causes the following filebeat error, because it is not able to parse the IPv6 address correctly:
{"type":"mapper_parsing_exception","reason":"failed to parse field [destination.ip] of type [ip] in document with id 'CUizkmsBK1dsQzpOSnZ2'",
"caused_by":{"type":"illegal_argument_exception","reason":"'2001' is not an IP string literal."}}
Other than that, it seems to work fine.