[ https://issues.apache.org/jira/browse/METRON-1583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
manisha tank updated METRON-1583: --------------------------------- Attachment: cisco_asa_logs_error.png > issue regarding cisco asa logs > ------------------------------ > > Key: METRON-1583 > URL: https://issues.apache.org/jira/browse/METRON-1583 > Project: Metron > Issue Type: Bug > Affects Versions: 0.4.2 > Reporter: manisha tank > Priority: Major > Fix For: 0.4.2 > > Attachments: cisco_asa_logs_error.png > > > I am trying to ingest cisco asa logs but I am facing some issue . > I have created log pattern below > CISCO_TAGGED_SYSLOG ^%\{SYSLOGTIMESTAMP} %\{SYSLOGHOST:sysloghost} > <%\{POSINT:syslog_pri}>%\{CISCOTIMESTAMP}?: %%\{CISCOTAG:ciscotag}: > %\{GREEDYDATA:message} > CISCOTIMESTAMP %\{MONTH} +%\{MONTHDAY}(?: %\{YEAR})? %\{TIME} > CISCOTAG [A-Z0-9]+-%\{INT}-(?:[A-Z0-9_]+) > sample logs > Oct 25 02:14:52 172.20.4.5 <163>Oct 24 2017 21:29:23: %ASA-3-304006: URL > Server 172.19.83.105 not responding > Oct 25 02:14:51 198.6.1.2 <164>Oct 24 2017 21:28:47: %ASA-4-410001: Dropped > UDP DNS reply from outside:198.6.1.2/53 to inside:172.20.220.87/63887; packet > length 932 bytes exceeds configured limit of 512 bytes > Oct 25 02:14:51 172.20.4.5 <164>Oct 24 2017 21:28:34: %ASA-4-733100: [ > Scanning] drop rate-1 exceeded. Current burst rate is 46 per second, max > configured rate is 10; Current average rate is 103 per second, max configured > rate is 5; Cumulative total count is 62196 > Oct 25 02:14:51 172.20.4.5 <164>Oct 24 2017 21:28:21: %ASA-4-733100: [ > SYSLOG 514] drop rate-1 exceeded. Current burst rate is 31 per second, max > configured rate is 40; Current average rate is 119 per second, max configured > rate is 20; Cumulative total count is 71776 > > Oct 25 02:14:52 192.168.19.7 <164>Oct 24 2017 21:29:29: %ASA-4-419002: > Duplicate TCP SYN from inside:192.168.19.7/64266 to outside:192.168.10.10/257 > with different initial sequence number > > PFA error facing while inegesting cisco asa logs > > !cisco_asa_logs_error.png! -- This message was sent by Atlassian JIRA (v7.6.3#76005)