diff --git a/docs/sources/Cisco/index.md b/docs/sources/Cisco/index.md index ae72697..bec8942 100644 --- a/docs/sources/Cisco/index.md +++ b/docs/sources/Cisco/index.md @@ -97,7 +97,7 @@ index= sourcetype=cisco:apic:* Verify timestamp, and host values match as expected -## Product - ASA (Pre Firepower) +## Product - ASA AND FTD (Firepower) | Ref | Link | |----------------|---------------------------------------------------------------------------------------------------------| @@ -109,7 +109,7 @@ Verify timestamp, and host values match as expected | sourcetype | notes | |----------------|---------------------------------------------------------------------------------------------------------| -| cisco:asa | None | +| cisco:asa | cisco FTD Firepower will also use this source type | | cisco:pix | Not supported | | cisco:fwsm | Not supported | diff --git a/package/etc/conf.d/filters/cisco/asa.conf b/package/etc/conf.d/filters/cisco/asa.conf index a7ac9b7..cda9eed 100644 --- a/package/etc/conf.d/filters/cisco/asa.conf +++ b/package/etc/conf.d/filters/cisco/asa.conf @@ -1,8 +1,11 @@ filter f_cisco_asa { message('^%ASA-\d+-\d{1,10}: ') or - match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR")); + match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR")) or + message('^%FTD-\d+-\d{1,10}: ') or + match('^%FTD-\d+-\d{1,10}:', value("LEGACY_MSGHDR")); }; filter f_cisco_asa_nohost { - match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR")); + match('^%ASA-\d+-\d{1,10}:', value("LEGACY_MSGHDR")) + or match('^%FTD-\d+-\d{1,10}:', value("LEGACY_MSGHDR")); };