Is there any ways to set a forwarder to listen on a port and forward logs from my Cisco ASA? I dont want to have syslogs being streamed from a remote location to my logscape server. I'd rather have them sent to a local host and then have them sent onto my indexer.
I hope I have understood what you are asking. It sounds like you don't want your Cisco ASA shipping directly to the Logscape Syslog Server. To get what you want,
1.) you should set up a syslog server on the localhost to collect your Cisco ASA data. They will be stored somewhere in /var/log depending on your configuration.
2.) Install the forwarder on that host and create a data source pointing to the location where your Cisco ASA syslogs are being collected
3.) As data comes through, it will be searchable from within Logscape.
Once you get this far you can then start exploring your Cisco ASA logs by typing in Cisco error codes or extract fields from the data.
I think it may be a good idea to start a new thread called something like, Cisco Search Recipes' or FAQ so that other users can get started quickly with searching Cisco logs.
