Cisco ASA Syslog

Quote

Do you have any examples on collecting Cisco ASA syslogs?

Quote

Here is a pretty thorough guide on how to do it. 

Some modifications will be needed for sure, but the same approach should still apply:

1) Create a logstash instance and use this guide to inform your configuration. A key difference being that your logstash output would point to your Vizion Elastic App instead of creating an ES instance from scratch. The logstash filter may have to be adjusted to precisely fit what you're getting from your logs, but I would imagine it will be largely the same.

2) Make a stdout from Cisco ASA Syslog that points to the logstash instance.

If you haven't setup logstash and connected it to Vizion Elastic, I can work on writing up a guide for that.

Quote

I have not setup logstash yet on our Cisco ASA's yet.   It would be great to have a guide for that.   I've seen others but no any Vizion.ai specific.  This is very exciting information.   Thank you.

Quote

Full disclosure.   I'm pretty new to the subject.  What do you think of this video?  https://www.youtube.com/watch?v=Kqs7UcCJquM

 

Quote

Thanks for sharing that video! I think it's well done and gives a good overview of what Logstash does. After watching, does Logstash seem like the right tool for your needs?Please let me know about your progress and I hope to be able to help with any issues you may run into.