Hi,
For the Cisco Firewalls App, do I absolutely need to have Cisco ASA traffic coming in on a different port than other syslog traffic (UDP 514)? Right now in my search results its showing that sourcetype=syslog and source=udp:514. In the regular search as well as the Cisco Firewall Search, it doesnt look like splunk is doing proper field extraction. Source/destination IPs and ports are empty. I've been spinning my wheels on this for a long time and would really appreciate it if someone could point me in the right direction.
Thanks!
Dom
... View more