Public Pastes
daily pastebin goal
23%
SHARE
TWEET

40-ciscoasa.conf

a guest Aug 1st, 2016 66 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. input {
  2.         udp {
  3.                 port => 10514
  4.                 type => "cisco-fw"
  5.         }
  6. }
  7.  
  8. filter {
  9.  
  10.         # Extract fields from the each of the detailed message types
  11.         # The patterns provided below are included in core of LogStash 1.4.2.
  12.         grok {
  13.                 match => [
  14.                         "message", "%{CISCOFW106001}",
  15.                         "message", "%{CISCOFW106006_106007_106010}",
  16.                         "message", "%{CISCOFW106014}",
  17.                         "message", "%{CISCOFW106015}",
  18.                         "message", "%{CISCOFW106021}",
  19.                         "message", "%{CISCOFW106023}",
  20.                         "message", "%{CISCOFW106100}",
  21.                         "message", "%{CISCOFW110002}",
  22.                         "message", "%{CISCOFW302010}",
  23.                         "message", "%{CISCOFW302013_302014_302015_302016}",
  24.                         "message", "%{CISCOFW302020_302021}",
  25.                         "message", "%{CISCOFW305011}",
  26.                         "message", "%{CISCOFW313001_313004_313008}",
  27.                         "message", "%{CISCOFW313005}",
  28.                         "message", "%{CISCOFW402117}",
  29.                         "message", "%{CISCOFW402119}",
  30.                         "message", "%{CISCOFW419001}",
  31.                         "message", "%{CISCOFW419002}",
  32.                         "message", "%{CISCOFW500004}",
  33.                         "message", "%{CISCOFW602303_602304}",
  34.                         "message", "%{CISCOFW710001_710002_710003_710005_710006}",
  35.                         "message", "%{CISCOFW713172}",
  36.                         "message", "%{CISCOFW733100}"
  37.                 ]
  38.         }
  39.  
  40.         # Parse the syslog severity and facility
  41.         syslog_pri { }
  42.  
  43. # Do a DNS lookup for the sending host
  44. # Otherwise host field will contain an
  45. # IP address instead of a hostname
  46. dns {
  47.     reverse => [ "host" ]
  48.     action => "replace"
  49.   }
  50.  
  51. geoip {
  52.       source => "src_ip"
  53.       target => "geoip"
  54.       database => "/etc/logstash/GeoLiteCity.dat"
  55.       add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
  56.       add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
  57.     }
  58.     mutate {
  59.       convert => [ "[geoip][coordinates]", "float"]
  60.     }
  61.     # do GeoIP lookup for the ASN/ISP information.
  62.     geoip {
  63.       database => "/etc/logstash/GeoIPASNum.dat"
  64.       source => "src_ip"
  65.     }
  66. }
  67.  
  68. output {
  69.   elasticsearch { host => localhost }
  70. }
  71. Note: When using Logstash 2.0, the output section should look like this:
  72.  
  73. output {
  74.   elasticsearch { hosts => localhost }
  75. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top