Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

cisco ASA web content filtering and access logs

ranjitbrhm1
Communicator
‎03-18-2018 01:49 AM

Hello All, I was following a splunk document for Syslog NG where they were showing how to filter out cisco ASA logs forthe syslog-NG server. Here is what i have followed.
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html

destination d_cisco_asa { file("/home/syslog/logs/cisco/asa/$HOST/$YEAR-$MONTH-$DAY-cisco-asa.log" create_dirs(yes)); };
log { source(s_network); filter(f_cisco_asa); destination(d_cisco_asa); };
filter f_cisco_asa { match("%ASA" value("PROGRAM")) or match("%ASA" value("MESSAGE")); };

The above is working fine for now. Now i need to filter out the logs for both the content filtering and the access logs. As a matter of fact it would be nice if someone could guide me to all the cisco options there are on the syslog. Currently They seems to be filtered out to my catchall file. Does anyone know how to get the logs filtered in based on cathegories for the cisco asa so that they can be fed into the cisco app in splunk?

0 Karma
Reply

laurazeno
Explorer
‎03-22-2018 04:43 PM

I have all the ASA logs going to a catchall filter then use the Splunk Add-On for Cisco ASA to parse through them. If you make the sourcetype of the catch all folder to "syslog" the transforms in the ASA Add-on will define the sourcetypes, field aliases, etc. for you.

Cisco ASA Add-on https://splunkbase.splunk.com/app/1620/

Hope that helps.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...