Skip to content

cisco_asa: Event code 106023 - Source/Destination IP not being parsed into respective source.ip or destination.ip field when interface nameif has a full colon (:) #9184

New issue
New issue
Closed
#10917
Closed
cisco_asa: Event code 106023 - Source/Destination IP not being parsed into respective source.ip or destination.ip field when interface nameif has a full colon (:)#9184
#10917

Description

@kenmaina

kenmaina
openedon Feb 15, 2024

Elastic, Kibana v8.12
Cisco ASA integration v2.30.1
Logs sent from ASAs v9.12, v9.18

Log messages 106023 with src or dst interface nameif with a full colon not getting source.ip and destination.ip fields parsed.

source.ip not set: Syslog message: LOCAL4.WARNING: fw-1 %ASA-4-106023: Deny udp src v1:outside:10.8.1.9/54864 dst inside:172.16.1.3/53 by access-group "outside_acl" [0x0, 0x0]\n

source.ip and destination.ip not set: Syslog message: LOCAL4.WARNING: fw-1 %ASA-4-106023: Deny udp src v1:outside:10.8.1.9/54864 dst v2:inside:172.16.1.3/53 by access-group "outside_acl" [0x0, 0x0]\n

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Integration:cisco_asaCisco ASATeam:Security-Deployment and DevicesDeployment and Devices Security team [elastic/sec-deployment-and-devices]bugSomething isn't working, use only for issues

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions