It looks like with 8.3 of Cisco ASA software the logging format has changed some.
Old Version:
Mar 15 13:39:13 192.168.1.1 %ASA-6-302015: Built inbound UDP connection 80311398 for External:192.168.2.29/64493 (192.168.2.29/64493) to Internal:192.168.100.1/53 (192.168.100.1/53) (RobinM)
New Format
Mar 15 13:39:15 192.168.100.100 :%ASA-session-6-302021: Teardown ICMP connection for faddr 172.16.49.19/768 gaddr 192.168.162.2/0 laddr 192.168.162.2/0
The ":%ASA-session" is what has changed. Is there a easy way to fix/modify the inputs. The pre-canned reports don't find the new log entries, and the field extractions are not correct. You can still search manually through splunk though.
... View more