[filebeat ASA Module] outbound traffic log is parsed in reverse for the source and destination IP

Keunwoo_Lee · July 26, 2023, 7:53am

Hi.

I am collecting logs using the cisco asa module, and the outbound traffic log is parsed in reverse for the source and destination IP.

eg) DNS query traffic

elasticsearch 8.8.1
kibana 8.8.1
filebeat 8.8.2

/modules.d/cisco.yml

- module: cisco
  asa:
    enabled: true

    var.syslog_host: 0.0.0.0
    #var.internal_zones: [ "Internal" ]
    #var.external_zones: [ "External" ]
    #var.timezone_offset: UTC

Any help please?

leandrojmp · July 26, 2023, 12:54pm

You need to open an issue in the beats repository as this needs to be fixed in the module itself.

system · August 23, 2023, 2:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.