Whitespace in Cisco ASA output breaks firewall pattern

[jordansissel]

(This issue was originally filed by @roderickm at https://github.com/elastic/logstash/issues/2101)

---

If a Cisco ASA has a logging device-id set (for instance with logging device-id string asa.sfo), the syslog message emitted does not match the grok pattern CISCO_TAGGED_SYSLOG. An additional space should be allowed by the pattern between the device_id and the colon.

Here are example messages to demonstrate:

without device-id: <164>Nov 19 2014 17:27:56: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. ...

with device-id: <164>Nov 19 2014 17:30:36 asa.sfo : %ASA-4-733100: [ Scanning] drop rate-1 exceeded. ...

The example with device-id is not matched by CISCO_TAGGED_SYSLOG because of the space in asa.sfo :

[roderickm]

This is a duplicate of #2.

Also, I signed the CLA back in January, but the cla_check test is still failing because the work email address with which I signed the CLA is a secondary address on my github account. See comments on elastic/logstash#2102 for more detail.

[roderickm]

Now that #2 has been merged, this can be closed, too. Thanks!