CEF and Cisco ASA logs are no longer part of the same pipeline

[susalgado]

Hi team,

In regard to point 2:

"Forward Cisco ASA logs to Syslog agent" "Configure Cisco ASA to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent."

While CEF (Common Event Format) is a log format used by many different security devices, including some Cisco devices, it's important to note that the Cisco ASA device does not use CEF for logging. Instead, it uses the Cisco ASA format. In the past, the Azure Log Analytics service (which is now part of Azure Monitor) used to collect both CEF and Cisco ASA logs through the same pipeline. This meant that both types of logs were processed and analyzed together in the same workspace. However, CEF and Cisco ASA logs are no longer part of the same pipeline.

Thank you, Kind regards Susana

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: e146382c-6605-b9a8-1421-054a929d98b2
• Version Independent ID: 8152985f-6263-8aa0-1563-6ca1e49ec79c
• Content: Cisco ASA connector for Microsoft Sentinel
• Content Source: articles/sentinel/data-connectors/cisco-asa.md
• Service: microsoft-sentinel
• GitHub Login: @cwatson-cat
• Microsoft Alias: cwatson

[ManoharLakkoju-MSFT]

@susalgado Thanks for your feedback! We will investigate and update as appropriate.

[ManoharLakkoju-MSFT]

@susalgado Thank you for bringing this to our attention. I've delegated this to content author @cwatson-cat, who will review it and offer their insightful opinions.

[batamig]

Thank you for your comment! We'll investigate and get back to you.

label:"backlog-item-created"

[batamig]

label:"automated-data-connectors"

[cwatson-cat]

The referenced content is autogenerated content from the public repo: https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoASA. Looks like it's since been updated. #please-close