use source instead of destination

Author: taylor-swanson

packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json

@@ -22829,10 +22829,6 @@
  },
  {
  "@timestamp": "2023-01-11T13:34:06.000Z",
- "destination": {
- "address": "192.168.124.24",
- "ip": "192.168.124.24"
- },
  "ecs": {
  "version": "8.11.0"
  },
@@ -22873,6 +22869,10 @@
  "192.168.124.24"
  ]
  },
+ "source": {
+ "address": "192.168.124.24",
+ "ip": "192.168.124.24"
+ },
  "tags": [
  "preserve_original_event"
  ]

packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -358,7 +358,7 @@ processors:
  tag: parse_111007
  field: "message"
  description: "111007"
- pattern: "Begin configuration: %{destination.address} %{}"
+ pattern: "Begin configuration: %{source.address} %{}"
  - grok:
  if: "ctx._temp_.cisco.message_id == '111009'"
  tag: parse_111009