In order to correctly log Cisco device in Graylog2 setup the below configuration.
This has now been added to the Graylog Marketplace https://marketplace.graylog.org/
Cisco ASA Configuration:
logging enable logging trap informational logging asdm informational logging device-id hostname logging host <network> <ip-address> <udp-tcp>/<port>
Create a Raw/PlainText input with the settings you require.
Then select action -> Manage Extractors.
Now select actions -> Import Extractors, in the box add the below configuration. This will format the messages correctly with the IP Address of the firewall as the source.
If you would like the Source to be the IP Address Change this line:
"regex_value": ">: (.+?):"