Forum Discussion
Has anyone successfully got a Cisco ASA data connector working?
I have a Cisco ASA successfully sending the logs to rsyslog via UDP 514 on an Ubuntu 18.04 server. The logs are successfully processed by the OMSAgent and sent to sentinal as syslogs and are not pars...
I got it working, but Sentinel parser parses only main ASA messages, specifically Connection logs. There is also glitch in parsing connection logs, where UserID isn't extracted by the parser.
You need to disable logging timestamp at the ASA. And you should find the logs mapped to the CEF table, if you don't find the logs there but you find them in Syslog table, there must be an issue in the local log forwarding from syslog daemon to the correct Fluentd plugin within the OMSAgent, needs more focused troubleshooting.