The source type for the log monitor (\anchqqsw108m\logs) is set to automatic.
Do I have to shift the monitor source type to syslog?
example event log:
2014-05-22 13:11:49 Local4.Warning anchqq-asa1-outside May 22 2014 13:11:50: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 3 per second, max configured rate is 10; Current average rate is 13 per second, max configured rate is 5; Cumulative total count is 8224
host = anchqq-asa1-outside source = \anchqqsw108m\logs\anchqq-asa1-outside\2014-05-22\daily-syslog.txt sourcetype = daily-syslog-14