Forum Discussion
Has anyone successfully got a Cisco ASA data connector working?
I have a Cisco ASA successfully sending the logs to rsyslog via UDP 514 on an Ubuntu 18.04 server. The logs are successfully processed by the OMSAgent and sent to sentinal as syslogs and are not pars...
See my reply to a post about the Cisco ASA workbook: https://techcommunity.microsoft.com/t5/azure-sentinel/cisco-asa-integration/m-p/1295542.
I will probably write a detailed article on this subject and post it here, the only challenge is that I don't have access "real" Cisco ASA, just a small one in our lab. As I mentioned in the other post, the ASA logs are not easy to deal with and the log format is very inconsistent hence the limitations on the Sentinel parser (so your connector is probably configured properly but there is only that much that it can do).
Adrian Grigorof
http://www.managedsentinel.com
Any further updates on the same, even am facing the same problem.