[Filebeat] Fix Cisco ASA dissect pattern for 313008 & 313009

[ajoliveira]

What does this PR do?

Corrects parsing errors for message IDs 313008 & 313009 that have space after comma that lead to 'Unable to find match for dissect pattern' error.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[elasticmachine]

💚 Build Succeeded

Expand to view the summary

Build stats

• Build Cause: [Started by user Adrian Serrano, Replayed #9]

• Start Time: 2020-06-16T07:09:44.578+0000

• Duration: 48 min 30 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2346
Skipped	382
Total	2728

[sayden]

Hi @ajoliveira 🙂 Do you mind to add an example line on https://github.com/elastic/beats/blob/master/x-pack/filebeat/module/cisco/asa/test/asa-fix.log and re-run tests to commit the result of the "expected" file (same folder), please? 🙂

I've just checked their docs and it seems they have the same "typo" there:
https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs3.html#con_4771141

[ajoliveira]

@sayden I was able to track down an example for the 313008 but not 313009, so added that one at least. I assumed the typo was the same for both when I compared your doc link to another I found - https://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4771141 as well as link for Messages Listed by Severity Level in the doc you noted, you see it without extra space.

I added the example line as requested for 313008. Let me know if okay to leave the other or need to revert it.

[sayden]

LGTM