Skip to content

Commit

Permalink
Merge pull request #389 from splunk/feature/cisco-ftd
Browse files Browse the repository at this point in the history 
Support cisco FTD as Cisco ASA
  • Loading branch information
Ryan Faircloth authored and GitHub committed Apr 1, 2020
2 parents 7568570 + 8c13eab commit 2fc693b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
4 changes: 2 additions & 2 deletions docs/sources/Cisco/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ index=<asconfigured> sourcetype=cisco:apic:*

Verify timestamp, and host values match as expected

## Product - ASA (Pre Firepower)
## Product - ASA AND FTD (Firepower)

| Ref | Link |
|----------------|---------------------------------------------------------------------------------------------------------|
Expand All @@ -109,7 +109,7 @@ Verify timestamp, and host values match as expected

| sourcetype | notes |
|----------------|---------------------------------------------------------------------------------------------------------|
| cisco:asa | None |
| cisco:asa | cisco FTD Firepower will also use this source type |
| cisco:pix | Not supported |
| cisco:fwsm | Not supported |

Expand Down
7 changes: 5 additions & 2 deletions package/etc/conf.d/filters/cisco/asa.conf
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
filter f_cisco_asa {
message('^%ASA-\d+-\d{1,10}: ') or
match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR"));
match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR")) or
message('^%FTD-\d+-\d{1,10}: ') or
match('^%FTD-\d+-\d{1,10}:', value("LEGACY_MSGHDR"));
};

filter f_cisco_asa_nohost {
match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR"));
match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR"))
or match('^%FTD-\d+-\d{1,10}:', value("LEGACY_MSGHDR"));
};

0 comments on commit 2fc693b

Please sign in to comment.