08-04-2020 12:11 PM
The quick 'n dirty:
- Cisco ASAs logging informational level send to a server running syslog-ng, which is ingested into Splunk Enterprise Security.
- Client wants to see xlate / NAT translations in the search of the log
- Is the only way to really achieve this to have an API call of a show xlate / show conn so it can be logged, searchable, and retained within Splunk?
- As a workaround I am offering the "built connection" log from the ASA to see if that can satisfy.
Thanks!
08-04-2020 06:25 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide