Here is my updated cisco rules gist: https://gist.github.com/martin-rm/9850896
Beware, I route all cisco message through rsyslog first to be able to copy them easily - and this also lets rsyslog parse the dates and send them to graylog2 as proper dates, which makes a little less custom parsing. On Friday, 14 February 2014 22:04:05 UTC+1, Martin René Mortensen wrote: > > Here is my rules file for cisco ASA, ACE logs : > > https://gist.github.com/anonymous/9009173 > > On Friday, 14 February 2014 19:00:47 UTC+1, Jeremy Farr wrote: >> >> I'd love to see them. I know there are multiple ways to get the messages >> formatted the way you may want them i'm just curious how others are >> accomplishing this. I'd like for my extractors to be as efficient as >> possible. Thanks Martin! >> >> On Thursday, February 13, 2014 5:02:35 PM UTC-6, Martin René Mortensen >> wrote: >>> >>> I have some decent extractors for Cisco Asa and ace devices written as >>> drools rules for v0.12. Can't get much drools to work for 0.20 yet though, >>> still working on it. >>> >>> I might figure out a nice place to put them, or I could attach them here >>> if you like. >>> >>> /Martin >>> >>> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
