Grok filter for Cisco ASA

Question

How can i get port from cisco ASA syslog using grok pattern.

I have tried some methods and its not working . We are using graylog for collecting log data.

Eg Log :

%ASA-6-301014: Teardown TCP connection 1846898154 for Vodafone:107.23.89.178/443 to Management:192.168.100.244/32790 duration 0:00:02 bytes 6923 TCP FINs

From this example log , we need to fetch 443 port.

Regards.

score 2 · Accepted Answer · answered Apr 07 '19 at 11:18

2

This should work:

\%ASA-6-301014:.*%{IPV4:ip}/%{INT:port} to.*

You can use GrokDebugger to test your filters:

https://grokdebug.herokuapp.com/

answered Apr 07 '19 at 11:18

Swisstone

6,357
7
21
32

Grok filter for Cisco ASA

1 Answers1