topic Re: Cisco Anyconnect via Syslog in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Cisco-Anyconnect-via-Syslog/m-p/461616#M79652 <P>You have to install the <CODE>Splunk Add-on for Cisco ASA</CODE>:<BR /> <A href="https://splunkbase.splunk.com/app/1620/">https://splunkbase.splunk.com/app/1620/</A></P> Mon, 30 Mar 2020 23:36:37 GMT woodcock 2020-03-30T23:36:37Z Cisco Anyconnect via Syslog https://community.splunk.com/t5/Getting-Data-In/Cisco-Anyconnect-via-Syslog/m-p/461615#M79651 <P>Greetings. This may be elementary, but I have our Cisco ASA 5516 sending logs via a syslog server to Splunk. I configured a basic inputs.conf file to do so.</P> <P>The logs get into Splunk but the parsing isn't very good. I seem to have to extract most fields (like I saw in another question re: message_id field.) Shouldn't those fields be parsed automatically? I don't see an AnyConnect TA or app except for NVM which my infrastructure team says we're not using.</P> <P>Any guidance would be much appreciated.</P> <P>Thanks!</P> Mon, 30 Mar 2020 21:43:32 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-Anyconnect-via-Syslog/m-p/461615#M79651 sbgoldberg13 2020-03-30T21:43:32Z Re: Cisco Anyconnect via Syslog https://community.splunk.com/t5/Getting-Data-In/Cisco-Anyconnect-via-Syslog/m-p/461616#M79652 <P>You have to install the <CODE>Splunk Add-on for Cisco ASA</CODE>:<BR /> <A href="https://splunkbase.splunk.com/app/1620/">https://splunkbase.splunk.com/app/1620/</A></P> Mon, 30 Mar 2020 23:36:37 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-Anyconnect-via-Syslog/m-p/461616#M79652 woodcock 2020-03-30T23:36:37Z