Our ASA sends its logs to a server where they handled by rsyslog and placed in the necessary directories. FIlebeat, running on the same server, then sends them to Elasticsearch using the cisco module. It looks like everything is coming across correctly but Filebeat is not parsing the actual message part of the ASA log entry. So I will see all the fields that Filebeat adds and then at the end will be (IP and ports replaced with X's):
Oct 9 11:20:30 XX.XX.XX.X %ASA-6-305011: Built dynamic TCP translation from inside:XX.XX.XX.XX/XXXXX to outside:XXX.XXX.XX.XXX/XXXXX
I can't seem to figure out how to get it to work. Any help would be greatly appreciated.