This time I tried the Cisco for Firewalls App and the Cisco Security Suite app.
STILL no events showing even thought it is definitely logging:
This search has completed and found 7,504 matching events. However, the transforming commands in the highlighted portion of the following search:
search eventtype="cisco_firewall" | bin _time span=5m | search eventtype="cisco_firewall" | stats count by eventtype, src_ip, dest_ip, host,log_level_desc,event_desc, _time
over the time range: 8/20/12 5:27:16.000 PM – 8/21/12 5:27:16.000 AM
generated no results.
Again lots of raw events in the log with the correct source_type:
5:29:44.000 AM Aug 21 05:29:44 10.11.121.2 %ASA-6-302020: Built outbound ICMP connection for faddr x.x.81.124/0 gaddr x.x.247.193/28571 laddr 10.1.5.62/28571host=splunk Options| sourcetype=udp:514 Options| source=udp:514 Options
2 » 8/21/12
5:29:44.000 AM Aug 21 05:29:44 10.11.121.2 %ASA-6-305011: Built dynamic ICMP translation from any:10.1.5.62/28571 to outside:x.x.247.193/28571host=splunk Options| sourcetype=udp:514 Options| source=udp:514 Options
3 » 8/21/12
5:29:44.000 AM Aug 21 05:29:44 10.11.121.2 %ASA-6-305012: Teardown dynamic UDP translation from any:10.1.1.65/50482 to outside:x.x.247.193/50482 duration 0:00:30host=splunk Options| sourcetype=udp:514 Options| source=udp:514 Options
4 » 8/21/12
5:29:44.000 AM Aug 21 05:29:44 10.11.121.2 %ASA-6-305012: Teardown dynamic ICMP translation from any:10.1.5.62/61987 to outside:x.x.247.193/61987 duration 0:00:32
Splunk: 4.3.3 b128297
ASA: 8.4(4)
... View more