Hello All, I was following a splunk document for Syslog NG where they were showing how to filter out cisco ASA logs forthe syslog-NG server. Here is what i have followed.
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html
destination d_cisco_asa { file("/home/syslog/logs/cisco/asa/$HOST/$YEAR-$MONTH-$DAY-cisco-asa.log" create_dirs(yes)); };
log { source(s_network); filter(f_cisco_asa); destination(d_cisco_asa); };
filter f_cisco_asa { match("%ASA" value("PROGRAM")) or match("%ASA" value("MESSAGE")); };
The above is working fine for now. Now i need to filter out the logs for both the content filtering and the access logs. As a matter of fact it would be nice if someone could guide me to all the cisco options there are on the syslog. Currently They seems to be filtered out to my catchall file. Does anyone know how to get the logs filtered in based on cathegories for the cisco asa so that they can be fed into the cisco app in splunk?
↧