[filebeat ASA Module] outbound traffic log is parsed in reverse for the source and destination IP

Keunwoo_Lee · July 26, 2023, 7:53am

Hi.

I am collecting logs using the cisco asa module, and the outbound traffic log is parsed in reverse for the source and destination IP.

eg) DNS query traffic

elasticsearch 8.8.1
kibana 8.8.1
filebeat 8.8.2

/modules.d/cisco.yml

- module: cisco
  asa:
    enabled: true

    var.syslog_host: 0.0.0.0
    #var.internal_zones: [ "Internal" ]
    #var.external_zones: [ "External" ]
    #var.timezone_offset: UTC

Any help please?

leandrojmp · July 26, 2023, 12:54pm

You need to open an issue in the beats repository as this needs to be fixed in the module itself.

system · August 23, 2023, 2:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat 7.2.0 - Cisco ASA module not parsing IPv6 correctly Beats	1	326	July 24, 2019
Message "failed to find message" event.dataset "cisco.asa" Beats filebeat	12	3043	June 26, 2020
Filebeat, Cisco ASA and ECS fields Beats filebeat	6	1493	August 13, 2020
Filebeat 7.3.2 Cisco Module Parsing issue for ASA Syslog rfc3164 Beats filebeat	3	1147	November 21, 2019
Sending syslog to FileBeat from Cisco Asa Beats filebeat	4	2916	July 17, 2019

[filebeat ASA Module] outbound traffic log is parsed in reverse for the source and destination IP

Related Topics