Roberto, the Cisco ASA does not send valid Syslog, unfortunately. You have to create a "Raw" input and create extractors.
There is a blog post about this here: http://spottedhyena.co.uk/2015/01/graylog2-cisco-asa-cisco-catalyst/ Hope that helps! Regards, Bernd On 27 February 2015 at 15:57, <robertocarn...@gmail.com> wrote: > Dear, I have a Graylog2 version 0.20.6 as our syslog server of our company. > > I defined an INPUT "Syslog UDP" running on port UDP/10514, and after that we > point several Windows and Linux servers to the Graylog2 with no problems. > > But in the case of the Cisco ASA firewalls, we have a problem because the > source sometimes matches something like: > > :%ASA-session-6-302013: > > In the Cisco ASA's I setup: > > logging enable > logging emblem > logging trap informational > logging history debugging > logging asdm debugging > logging device-id hostname > logging host inside_Frontend 10.1.1.1 format emblem > > I want to have the original hostname in the "source" field, so what can I > do??? > > Regards, > > Roberto > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog company Steckelhörn 11 20457 Hamburg Germany Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
