In order to correctly log Cisco device in Graylog2 setup the below configuration.

This has now been added to the Graylog Marketplace https://marketplace.graylog.org/

Cisco ASA Configuration:

logging enable
logging trap informational
logging asdm informational
logging device-id hostname
logging host <network> <ip-address> <udp-tcp>/<port>

Create a Raw/PlainText input with the settings you require.

Then select action -> Manage Extractors.

Now select actions -> Import Extractors, in the box add the below configuration. This will format the messages correctly with the IP Address of the firewall as the source.

If you would like the Source to be the IP Address Change this line:

"regex_value": ">(.+?)%"

To this:

"regex_value": "&gt;: (.+?):"

Cisco-ASA-Extractor.json