[filebeat ASA Module] outbound traffic log is parsed in reverse for the source and destination IP

Keunwoo_Lee · July 26, 2023, 7:53am

Hi.

I am collecting logs using the cisco asa module, and the outbound traffic log is parsed in reverse for the source and destination IP.

eg) DNS query traffic

elasticsearch 8.8.1
kibana 8.8.1
filebeat 8.8.2

/modules.d/cisco.yml

- module: cisco
  asa:
    enabled: true

    var.syslog_host: 0.0.0.0
    #var.internal_zones: [ "Internal" ]
    #var.external_zones: [ "External" ]
    #var.timezone_offset: UTC

Any help please?

leandrojmp · July 26, 2023, 12:54pm

You need to open an issue in the beats repository as this needs to be fixed in the module itself.

system · August 23, 2023, 2:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat cisco asa module source and destination IP showing reversed Beats filebeat	3	489	February 18, 2021
Cisco ASA module Source and Destination IP incorrect Beats filebeat	1	272	January 1, 2021
Filebeat cisco module not parsing ASA logs Beats filebeat	1	378	November 6, 2019
Cisco ASA/FTD parsing in filebeat Beats filebeat	1	371	July 2, 2021
Filebeat Cisco ASA Parsing only Firewall deny messages Beats beats-module , filebeat	1	815	November 13, 2019

[filebeat ASA Module] outbound traffic log is parsed in reverse for the source and destination IP

Related topics