We certainly don’t parse every type of asa message at present. The challenge is getting hold of good samples from the wild to extend the range. If you have samples that can be anonymised of the missing tags, it would be easy to extend the patterns library to pull those in. What we need to get that going is solid samples to base the test cases on.
If anyone can contribute test data, either by PR or even just attached to the Jira, that would be fantastic. Simon > On 17 Oct 2017, at 18:40, ed d <[email protected]> wrote: > > https://issues.apache.org/jira/browse/METRON-1259 > > > > > ________________________________ > From: ed d <[email protected]> > Sent: Tuesday, October 17, 2017 12:56 PM > To: [email protected] > Subject: ASA ciscotag error messages > > Apache metron 0.4.1, git cloned. > > Not sure what version the ASA would be, there are multiples. > > Applied the ASA parser, seems to be working for a lot of traffic, but any > traffic that has a cisco tag that doesnt match whats in the parser, seems to > not make it through. Is the ASA parser supposed to drop packets where the > cisco tag doesnt match? > > Here is a sample, and the tags are different at times. > > 2017-09-26 18:22:00.356 o.a.m.p.a.BasicAsaParser [INFO] [Metron] No pattern > for ciscotag 'ASA-5-338303' > > > >
