The quick 'n dirty:
- Cisco ASAs logging informational level send to a server running syslog-ng, which is ingested into Splunk Enterprise Security.
- Client wants to see xlate / NAT translations in the search of the log
- Is the only way to really achieve this to have an API call of a show xlate / show conn so it can be logged, searchable, and retained within Splunk?
- As a workaround I am offering the "built connection" log from the ASA to see if that can satisfy.
Thanks!