Dear Bernd, thanks for your helpful responde....but now I have a new question.
I have a Graylog2 server with just one INPUT "Syslog UDP" listening on port UDP/10514, and the tutorial said I have to create another INPUT "Raw" suppose listening on port UDP/5555. How can I connect the raw input with the syslog input ??? I got lost... Thanks in advance, Roberto El viernes, 27 de febrero de 2015, 13:57:08 (UTC-3), Bernd Ahlers escribió: > > Roberto, > > the Cisco ASA does not send valid Syslog, unfortunately. You have to > create a "Raw" input and create extractors. > > There is a blog post about this here: > http://spottedhyena.co.uk/2015/01/graylog2-cisco-asa-cisco-catalyst/ > > Hope that helps! > > Regards, > Bernd > > On 27 February 2015 at 15:57, <roberto...@gmail.com <javascript:>> > wrote: > > Dear, I have a Graylog2 version 0.20.6 as our syslog server of our > company. > > > > I defined an INPUT "Syslog UDP" running on port UDP/10514, and after > that we > > point several Windows and Linux servers to the Graylog2 with no > problems. > > > > But in the case of the Cisco ASA firewalls, we have a problem because > the > > source sometimes matches something like: > > > > :%ASA-session-6-302013: > > > > In the Cisco ASA's I setup: > > > > logging enable > > logging emblem > > logging trap informational > > logging history debugging > > logging asdm debugging > > logging device-id hostname > > logging host inside_Frontend 10.1.1.1 format emblem > > > > I want to have the original hostname in the "source" field, so what can > I > > do??? > > > > Regards, > > > > Roberto > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "graylog2" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to graylog2+u...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog company > Steckelhörn 11 > 20457 Hamburg > Germany > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
