Build/Teardown TCP/UDP Connections

Rule Name

Rule Type

Common Event

Classification

Build/Teardown TCP/UDP Connections

Base Rule

General Firewall Log

Network Traffic

ASA-6-302013 : Built Inbound TCP Connection

Sub Rule

Connection Built

Network Traffic

ASA-6-302014 : Teardown Inbound TCP Connection

Sub Rule

Connection Teardown

Network Traffic

ASA-6-302015 : Built Inbound UDP Connection

Sub Rule

Built UDP Connection

Network Traffic

ASA-6-302016 : Teardown Inbound UDP Connection

Sub Rule

Connection Teardown

Network Traffic

ASA-6-302013 : Built Outbound TCP Connection

Sub Rule

Connection Built

Network Traffic

ASA-6-302014 : Teardown Outbound TCP Connection

Sub Rule

Connection Teardown

Network Traffic

ASA-6-302015 : Built Outbound UDP Connection

Sub Rule

Built UDP Connection

Network Traffic

ASA-6-302016 : Teardown Outbound UDP Connection

Sub Rule

Connection Teardown

Network Traffic

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<vmid>

Number

N/A

<severity>

Number

N/A

<sip>

Number

N/A

<dip>

Number

N/A

<dname>

Text/String

N/A

<sport>

Number

N/A

<dport>

Number

N/A

<snatip>

Number

N/A

<dnatip>

Number

N/A

<snatport>

Number

N/A

<dnatport>

Number

N/A

<sinterface>

Text/String

N/A

<dinterface>

Text/String

N/A

<protname>

Text/String

N/A

<session>

Number

N/A

<bytesout>

Number

N/A

<duration>

Number

N/A

<size>

Number

N/A

<tag1>

Text/String