I have just got my hands on a Cisco firewall . The firewall is accessed by syslog . I am a new in using Syslog . From Syslog i can get outputs like this in a txt file .
08-03-2017 16:45:21 Local4.Info 192.168.1.1 %ASA-6-302013: Built outbound TCP connection 922 for outside:172.16.0.6/13000 (172.16.0.6/13000) to inside:192.168.1.10/50276 (210.4.73.234/50276)
08-03-2017 16:45:09 Local4.Info 192.168.1.1 %ASA-6-305012: Teardown dynamic TCP translation from inside:192.168.1.10/50274 to outside:210.4.73.234/50274 duration 0:00:30
I want the output to be similar like this .
Built outbound , TCP , outside , 172.16.0.6/13000 , inside , 192.168.1.10/50276
Teardown dynamic, TCP , inside , 192.168.1.10/50274 , outside , 210.4.73.234/50274
Basically i want to remove the unnecessary words and keep the important ones .
The Java code for this is fairly trivial, I'll leave it for someone else to post it.
However, if you need this to be reusable/scalable, I strongly recommend you look at logstash/elk. Using the logstash syslog input plugin, you can process syslog files from multiple hosts and logstash will parse them and push them into almost any columned format you desire.
Note: No, I don't work for elastic, I'm just a satisfied user of this particular open source stack.