Parsing Cisco ACS logs

Hi,

Is there is any predefined patterns through which Cisco ACS logs can be filtered like the syslog?

Have you had any success? I have been playing around with configs found here:
http://lists.adiscon.net/pipermail/rsyslog/2014-April/037243.html

and here:
https://www.linkedin.com/pulse/cisco-syslog-logstash-daniel-gilbertson-5994871489260695552

but I have not had any luck yet.

Hey Guys,
May be I can help you :slight_smile:
as far as I know there is no predefined patterns for ACS in logstash
In my setup I have 10 ACS servers, which sending more or less 100 logs per seconds. I have created the attached filters based on my requirements with the help of google :slight_smile:
I am not able to attach config text file here, looks authorization issue. If you dont mind, you can share your email id, i will sent it to you, and do the necessary modification to fit your needs,
kindly remember, most of the ACS logs are multiline, and Logstash use single thread for multiline filter.
In my setup, I am using KV and prune filters also, so you need to install those filters in logstash. And you need to load the ACS pattern also which I have attached.

1 Like