From a620419d2a349a10829d7fc0afea3f26f9f078e8 Mon Sep 17 00:00:00 2001
From: Joshua Williams <josh.williams@bluemedora.com>
Date: Tue, 11 Aug 2020 15:19:40 -0400
Subject: [PATCH] Added cisco asa

---
 plugins/cisco_asa.yaml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 plugins/cisco_asa.yaml

diff --git a/plugins/cisco_asa.yaml b/plugins/cisco_asa.yaml
new file mode 100644
index 00000000..5cb18bbe
--- /dev/null
+++ b/plugins/cisco_asa.yaml
@@ -0,0 +1,30 @@
+# Plugin Info
+version: 0.0.1
+title: Cisco ASA
+description: Log parser for Cisco ASA
+parameters:
+  listen_address:
+    label: Listen Address
+    description: A syslog address of the form `<ip>:<port>`
+    type: string
+    default: ":5140"
+
+# Set Defaults
+{{$listen_address := default ":5140" .listen_address}}
+
+# Pipeline Template
+pipeline:
+  - id: cisco_input
+    type: tcp_input
+    listen_address: {{ $listen_address }}
+    labels:
+      log_type: cisco_asa 
+    output: cisco_parser
+
+  - id: cisco_parser
+    type: regex_parser
+    regex: '^(?P<timestamp>[\d\w\s:\-]+?)(?: asa )?: %(?P<message_id>[\w\d-]+):\s(?P<message>.*)'
+    timestamp:
+      parse_from: timestamp
+      layout: '%b %d %Y %H:%M:%S'
+    output: {{.output}}