Usage of Cisco module's "asa" fileset usage in Logstash pipeline bypassing filebeat

The current architecture of my set up is as follows:

Cisco VPN --> Logstash pipeline ---> Elasticsearch

I would like to use Cisco module asa fileset directly in the pipeline somehow so that I don't have to write the logic for parsing the messages in the Logstash pipeline and want to use the dashboards that come with this module. Is it possible if so how?

Question is more about how we can use Filebeat modules directly in Logstash pipeline and bypassing featbeats in this requirement. I didn't see a plugin for Cisco asa fileset plugin in Logstash input/filter/output section. It is only available in filebeat.


input {
  tcp {
    port => 6001
  }
}
 
output { 
    elasticsearch {
      hosts => ["https://xxx.xxx.xxx.xxx:9200"]
      manage_template => false
      index => "vpn-%{+YYYY.ww}"
      user => "elastic"
      password => "${es_pwd}"
      cacert => "/etc/logstash/certs/cacert.pem"
    }
}

In the output section, I have a requirement to send some of the messages to Splunk which I implemented using the HTTP plugin and filtered the required ASAfor Splunk in the filter section. I have not included the complete Logstash pipeline details to minimize the Logstahs pipeline details.

The version of Logstash is 7.8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.