You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Hema malini <nh...@gmail.com> on 2019/11/08 12:53:06 UTC
Metron parser for firewall
Hi,
Any parser available for firewall logs for Metron. I am trying to integrate
ciscoasa firewall logs with Metron.
Thanks and regards,
Hema
Re: Metron parser for firewall
Posted by Hema malini <nh...@gmail.com>.
Thanks a lot..sure will do
On Fri, 8 Nov, 2019, 9:31 PM Simon Elliston Ball, <
simon@simonellistonball.com> wrote:
> Grok cannot easily parse asa on it’s own, which is why there is a separate
> parser class for asa. Consider using they parser class in your
> configuration (you’ll find details on that in the parser documentation). If
> there are messages that are not covered in ten existing map and patterns,
> you should consider submitting a PR.
>
> Simon
>
> On Fri, 8 Nov 2019 at 07:58, Hema malini <nh...@gmail.com> wrote:
>
>> Hi ,
>>
>> How can i enable that parser? Also the grok patterns in that is missing
>> few more sys log firewall messages. Do i have to add that as additional
>> parser or can i use grok patterns.
>>
>> Thanks and Regards,
>> Hema
>>
>> On Fri, 8 Nov, 2019, 8:32 PM Simon Elliston Ball, <
>> simon@simonellistonball.com> wrote:
>>
>>> There is a Cisco ASA parser built into metron. I suggest using that.
>>>
>>> Simon
>>>
>>> On Fri, 8 Nov 2019 at 04:50, Hema malini <nh...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>> Any parser available for firewall logs for Metron. I am trying to
>>>> integrate ciscoasa firewall logs with Metron.
>>>>
>>>> Thanks and regards,
>>>> Hema
>>>>
>>> --
>>> --
>>> simon elliston ball
>>> @sireb
>>>
>> --
> --
> simon elliston ball
> @sireb
>
Re: Metron parser for firewall
Posted by Simon Elliston Ball <si...@simonellistonball.com>.
Grok cannot easily parse asa on it’s own, which is why there is a separate
parser class for asa. Consider using they parser class in your
configuration (you’ll find details on that in the parser documentation). If
there are messages that are not covered in ten existing map and patterns,
you should consider submitting a PR.
Simon
On Fri, 8 Nov 2019 at 07:58, Hema malini <nh...@gmail.com> wrote:
> Hi ,
>
> How can i enable that parser? Also the grok patterns in that is missing
> few more sys log firewall messages. Do i have to add that as additional
> parser or can i use grok patterns.
>
> Thanks and Regards,
> Hema
>
> On Fri, 8 Nov, 2019, 8:32 PM Simon Elliston Ball, <
> simon@simonellistonball.com> wrote:
>
>> There is a Cisco ASA parser built into metron. I suggest using that.
>>
>> Simon
>>
>> On Fri, 8 Nov 2019 at 04:50, Hema malini <nh...@gmail.com> wrote:
>>
>>> Hi,
>>> Any parser available for firewall logs for Metron. I am trying to
>>> integrate ciscoasa firewall logs with Metron.
>>>
>>> Thanks and regards,
>>> Hema
>>>
>> --
>> --
>> simon elliston ball
>> @sireb
>>
> --
--
simon elliston ball
@sireb
Re: Metron parser for firewall
Posted by Hema malini <nh...@gmail.com>.
Hi ,
How can i enable that parser? Also the grok patterns in that is missing few
more sys log firewall messages. Do i have to add that as additional parser
or can i use grok patterns.
Thanks and Regards,
Hema
On Fri, 8 Nov, 2019, 8:32 PM Simon Elliston Ball, <
simon@simonellistonball.com> wrote:
> There is a Cisco ASA parser built into metron. I suggest using that.
>
> Simon
>
> On Fri, 8 Nov 2019 at 04:50, Hema malini <nh...@gmail.com> wrote:
>
>> Hi,
>> Any parser available for firewall logs for Metron. I am trying to
>> integrate ciscoasa firewall logs with Metron.
>>
>> Thanks and regards,
>> Hema
>>
> --
> --
> simon elliston ball
> @sireb
>
Re: Metron parser for firewall
Posted by Simon Elliston Ball <si...@simonellistonball.com>.
There is a Cisco ASA parser built into metron. I suggest using that.
Simon
On Fri, 8 Nov 2019 at 04:50, Hema malini <nh...@gmail.com> wrote:
> Hi,
> Any parser available for firewall logs for Metron. I am trying to
> integrate ciscoasa firewall logs with Metron.
>
> Thanks and regards,
> Hema
>
--
--
simon elliston ball
@sireb