The Cisco logs are a right pain, but we need to be able to parse these successfully. The most important thing is being able to point to a specific value based on word order. This will allow something like:
Jan 3 07:05:06 10.2.9.20 %ASA-4-400015: IDS:2005 ICMP time exceeded from 70.34.152.9 to 164.68.1.1 on interface outside
So we can pick up on the %ASA-4-00015:
Also need to start adding regex validating of certain fields.
The Cisco logs are a right pain, but we need to be able to parse these successfully. The most important thing is being able to point to a specific value based on word order. This will allow something like:
Jan 3 07:05:06 10.2.9.20 %ASA-4-400015: IDS:2005 ICMP time exceeded from 70.34.152.9 to 164.68.1.1 on interface outside
So we can pick up on the %ASA-4-00015:
Also need to start adding regex validating of certain fields.