05-20-2022 11:05 AM
I am currently parsing a very big environment with a large amount of network devices. My job... to parse the data as a whole to display audit events like Logins, Log off, object creations, access, and so on. At the moment I have these types of devices.
1. ASR1002
2.F5 Big IP 5050
3. Catalyst devices
4.ASA devices
5. and so on....
Syslog is already being sent to a syslog server which Splunk collects in its indexers. I can create the Splunk SPL to parse the message with regular expressions but my concern is that each different Cisco device type/model sends log messages in different formats for example.
ASA ----> "ASA-6-611101" vs. "%SEC_LOGIN-5-LOGIN_SUCCESS"
I want to make sure I capture all necessary events or log types per cisco device/type; if this is even a thing.... ?!
is there a place I can find syslog type format per device?
maybe a location I can find a list of ASA log messages?
is ASA type only for ASA devices or all firewall devices?
forgive my ignorance usually don't deal with syslog messages often.
05-21-2022 12:50 PM
is there a place I can find syslog type format per device?
Google is your friend when it comes to finding the formats, or setup a virtual lab with each device you need and check the syslog format for each message there.
maybe a location I can find a list of ASA log messages?
https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html
is ASA type only for ASA devices or all firewall devices?
Syslog ID's and messages for ASA are only for ASA for the most part, though some have been brought forward into FTD. CheckPoint, Fortigate, Palo Alto, etc. all have different syslog messages and IDs as far as I know.
05-21-2022 06:29 PM
Thank you. I have tried good and not to many answers…. Whats yhe best virtual environment?! GNS3? Any web browser type virtual environments
05-21-2022 10:32 PM
I personally use Cisco Modeling Lab (CML) installed on VMware. In addition I have FMC and FTD virtual installed on the VMware running trial license.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide