Getting Data In

cisco ASA web content filtering and access logs

ranjitbrhm1
Communicator

Hello All, I was following a splunk document for Syslog NG where they were showing how to filter out cisco ASA logs forthe syslog-NG server. Here is what i have followed.
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html

destination d_cisco_asa { file("/home/syslog/logs/cisco/asa/$HOST/$YEAR-$MONTH-$DAY-cisco-asa.log" create_dirs(yes)); };
log { source(s_network); filter(f_cisco_asa); destination(d_cisco_asa); };
filter f_cisco_asa { match("%ASA" value("PROGRAM")) or match("%ASA" value("MESSAGE")); };

The above is working fine for now. Now i need to filter out the logs for both the content filtering and the access logs. As a matter of fact it would be nice if someone could guide me to all the cisco options there are on the syslog. Currently They seems to be filtered out to my catchall file. Does anyone know how to get the logs filtered in based on cathegories for the cisco asa so that they can be fed into the cisco app in splunk?

0 Karma

laurazeno
Explorer

I have all the ASA logs going to a catchall filter then use the Splunk Add-On for Cisco ASA to parse through them. If you make the sourcetype of the catch all folder to "syslog" the transforms in the ASA Add-on will define the sourcetypes, field aliases, etc. for you.

Cisco ASA Add-on https://splunkbase.splunk.com/app/1620/

Hope that helps.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...