ok. I understand.
The acceptFrom = < parameter> in your inputs.conf, let you list a set of networks or addresses to accept connections from.
Each rule can be in the following forms:
1. A single IPv4 or IPv6 address (examples: "10.1.2.3", "fe80::4a3")
2. A CIDR block of addresses (examples: "10/8", "fe80:1234/32")
3. A DNS name, possibly with a '' used as a wildcard (examples:"myhost.example.com", ".splunk.com")
Means, if you exactly know which machine is sending cisco ASA syslog, you could be able to do something like this:
[udp://<remote server>:<port>]
acceptFrom =10.1.2.3
sourcetype = cisco:asa
index = cisco_asa
source=udp1026
.......
Do the same for your Cisco ISE logs
Thanks
... View more