Grok cannot easily parse asa on it’s own, which is why there is a separate parser class for asa. Consider using they parser class in your configuration (you’ll find details on that in the parser documentation). If there are messages that are not covered in ten existing map and patterns, you should consider submitting a PR.
Simon On Fri, 8 Nov 2019 at 07:58, Hema malini <nhemamalin...@gmail.com> wrote: > Hi , > > How can i enable that parser? Also the grok patterns in that is missing > few more sys log firewall messages. Do i have to add that as additional > parser or can i use grok patterns. > > Thanks and Regards, > Hema > > On Fri, 8 Nov, 2019, 8:32 PM Simon Elliston Ball, < > si...@simonellistonball.com> wrote: > >> There is a Cisco ASA parser built into metron. I suggest using that. >> >> Simon >> >> On Fri, 8 Nov 2019 at 04:50, Hema malini <nhemamalin...@gmail.com> wrote: >> >>> Hi, >>> Any parser available for firewall logs for Metron. I am trying to >>> integrate ciscoasa firewall logs with Metron. >>> >>> Thanks and regards, >>> Hema >>> >> -- >> -- >> simon elliston ball >> @sireb >> > -- -- simon elliston ball @sireb
