Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

cisco ASA web content filtering and access logs

ranjitbrhm1
Communicator
‎03-18-2018 01:49 AM

Hello All, I was following a splunk document for Syslog NG where they were showing how to filter out cisco ASA logs forthe syslog-NG server. Here is what i have followed.
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html

destination d_cisco_asa { file("/home/syslog/logs/cisco/asa/$HOST/$YEAR-$MONTH-$DAY-cisco-asa.log" create_dirs(yes)); };
log { source(s_network); filter(f_cisco_asa); destination(d_cisco_asa); };
filter f_cisco_asa { match("%ASA" value("PROGRAM")) or match("%ASA" value("MESSAGE")); };

The above is working fine for now. Now i need to filter out the logs for both the content filtering and the access logs. As a matter of fact it would be nice if someone could guide me to all the cisco options there are on the syslog. Currently They seems to be filtered out to my catchall file. Does anyone know how to get the logs filtered in based on cathegories for the cisco asa so that they can be fed into the cisco app in splunk?

0 Karma
Reply

laurazeno
Explorer
‎03-22-2018 04:43 PM

I have all the ASA logs going to a catchall filter then use the Splunk Add-On for Cisco ASA to parse through them. If you make the sourcetype of the catch all folder to "syslog" the transforms in the ASA Add-on will define the sourcetypes, field aliases, etc. for you.

Cisco ASA Add-on https://splunkbase.splunk.com/app/1620/

Hope that helps.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...