Skip to main content
Skip table of contents

Syslog - Cisco ASA

Device Details

Device NameSyslog - Cisco ASA



Device Type

Firewall and Network Security

Supported Model Name/Number

Windows Server 2008, 2012, 2016+

Supported Software Version(s)


Collection Method


Configurable Log Output?


Log Source Type

Syslog - Cisco ASA

Log Processing Policy

LogRhythm Default



Additional Information

Supported Log Messages

TypeProduct VersionSupported Schema Fields
Catch All : Level 1 10N/A<severity>, <tag1>
Catch All : Level 3 7N/A<vmid>, <vendorinfo>, <severity>, <login>, <objecttype>, <reason>, <tag1>
111008 : Configuration UpdateN/A<vmid>, <severity>, <login>, <session>, <object>, <objectname>, <command>, <tag1>
111009 : User Executed CommandN/A<vmid>, <severity>, <login>, <command>
Address ID ReceivedN/A<vmid>, <sip>, <dip>, <object>, <group>, <tag1>
AnyConnect Session MessagesN/A<vmid>, <sip>, <dip>, <login>, <group>, <command>
ASA 113010 : AAA Challenge Received for UserN/A<vmid>, <severity>, <dip>, <dname>, <login>
ASA 113015 : AAA User Authentication RejectedN/A<vmid>, <severity>, <login>, <subject><sip>
ASA 734003 : Session Attribute InformationN/A<vmid>, <severity>, <dip>, <login>, <objectname>
ASA Hardware Accelerator ErrorN/A<subject>, <command>, <reason>, <responsecode>
ASA-1-104001 : Switching Failover Pair RoleN/A<vmid>, <severity>, <object>, <subject>, <command>, <tag1>
ASA-3-202010 : NAT/PAT Pool ExhaustedN/A<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sinterface>, <dinterface>, <sport>, <dport>
ASA-3-713123 : IKE Peer Connection TerminatedN/A<vmid>, <sip>, <login>, <group>, <tag1>
ASA-4-313009 : Denied Invalid ICMP CodeN/A<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sname>, <dname>, <sport>, <dport>, <protname>, <objecttype>, <objectname>, <action>, <responsecode>
ASA-4-411002 : Line Protocol DownN/A<vmid>, <object>, <dinterface>
ASA-4-420002 : IPS Drop PacketN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <command>
ASA-4-420002 : ISP Request to Drop PacketN/A<vmid>, <protname>, <sname>, <sip>, <sport>, <dname>, <dip>, <dport>
ASA-4-420003 : IPS Request to Reset ConnectionN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object>
ASA-4-713903 : Packet DiscardedN/A<vmid>, <sip>, <sport>, <dport>
ASA-4-717037 : Search Using Cert Maps FailedN/A<vmid>, <severity>, <dname>, <object>, <objectname>, <subject>, <serialnumber>, <hash>
ASA-4-722051 : Address Assigned to SessionN/A<vmid>, <severity>, <sip>, <dip>, <group>, <login>, <object>
ASA-4-733100 : Drop Rate ExceededN/A<vmid>, <severity>, <object>, <rate>, <amount>, <quantity>, <tag1>, <tag2>
ASA-4-733101 : Subnet Targeted & Host AttackingN/A<vmid>, <sip>, <dip>, <rate>, <quantity>
ASA-5-305013 : Asymmetric NAT Rules MatchedN/A<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sport>, <dport>, <protname>, <result>
ASA-5-502101 & 502102 : User Added And DeletedN/A<vmid>, <severity>, <account>, <object>, <objectname>, <tag1>
ASA-5-502103 : User Privileges ChangedN/A<vmid>, <login>, <object>
ASA-5-713041 : IKE Rekeying MessagesN/A<vmid>, <group>, <dip>, <tag1>, <tag2>, <tag3>
ASA-5-713904 : Received Packet DroppedN/A<vmid>, <sip>
ASA-6-80500 : Traffic FlowN/A<vmid>, <protname>, <dip>, <sip>, <sport>, <dport>, <session>, <subject>
ASA-6-199018 : Local Command ExecutedN/A<vmid>, <severity>, <sip>, <vendorinfo>, <dname>, <sinterface>, <command>
ASA-6-302010 : TCP Connections in UseN/A<vmid>, <quantity>
ASA-6-434004 : Flow Bypass RequestN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <object>, <sinterface>, <dinterface>, <protname>, <subject>
ASA-6-721016 : WebVPN Login SuccessfulN/A<vmid>, <severity>, <sip>, <dinterface>, <login>, <sessiontype>, <command>
ASA-6-734001 : DAP Record ConnectionN/A<vmid>, <severity>, <sip>, <dname>, <sinterface>, <login>, <process>, <object>, <subject>, <tag1>
ASA-6-737014 : Freeing AAA AddressN/A<vmid>, <severity>, <dip>, <process>, <command>
ASA-7-710007 : Keepalive ReceivedN/A<vmid>, <sport>, <sip>, <dip>, <dport>
ASA-7-713906 : Proposal InformationN/A<vmid>, <sip>, <object>, <group>, <tag1>
ASA-7-715001 : Constructing Process ResourceN/A<vmid>, <group>, <sip>, <object>
Build/Teardown ICMP ConnectionsN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <sinterface>, <protname>, <domain>
Build/Teardown Outbound TCP/UDP ConnectionsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size>
Build/Teardown TCP/UDP ConnectionsN/A<vmid>, <severity>, <sip>, <dip>, <dname>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size>, <tag1>
Cached Flow Log Limit ReachedN/A<subject>, <quantity>
Certificate ExpiredN/A<domainorigin>, <object>, <serialnumber>, <subject>, <url>
Certificate Validation FailedN/A<login>, <account>, <serialnumber>, <action>, <url>, <reason>
Cipher MessagesN/A<vmid>, <sip>, <sport>, <object>, <quantity>, <tag1>
Cisco MonitoringN/A<vmid>, <severity>, <dip>, <dname>, <dport>, <session>, <process>, <object>, <objectname>, <command>, <tag1>, <tag2>, <tag3>, <tag4>, <tag5>
Cisco UPDOWN MessageN/A<vmid>, <vendorinfo>, <severity>, <dname>, <dinterface>, <processid>, <subject>, <tag1>, <tag2>, <tag3>
Client Address RequestsN/A<vmid>, <severity>, <dip>, <dname>, <process>, <command>, <subject>, <tag1>
Configuration ChangesN/A<vmid>, <severity>, <sip>, <sname>, <login>, <command>, <session>
Connection Information 1N/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <login>, <reason>
Connection to Useragent AttemptedN/A<vmid>, <severity>, <sip>, <login>, <version>, <useragent>, <policy>
Constructing/Processing PayloadN/A<vmid>, <group>, <login>, <sip>, <tag1>, <object>
Deny TCPN/A<vmid>, <protname>, <sip>, <sport>, <dip>, <dport>, <object>
DNS Lookup Failed 1N/A<vmid>, <severity>, <dname>, <subject>, <tag1>
Dropped ICMP PacketN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <account>, <domainorigin>, <object>
Error Processing PayloadN/A<seveirty>, <vmid>, <sip>, <object>
ESP Packet MessagesN/A<vmid>, <severity>, <sip>, <dip>, <login>
Event Log 1N/A<sip>, <dip>, <severity>, <sinterface>, <dinterface>, <subject>, <session>, <tag1>, <status>
EVID 113034 : Webtype Filter OverrideN/A<vmid>, <sip>, <login>, <account>, <object>, <group>
EVID 500005 : Connection TerminationN/A<vmid>, <sip>, <dip>, <sinterface>, <dinterface>, <sport>, <dport>, <protname>, <object>, <subject>
EVID 737003 : No Viable Servers FoundN/A<vmid>, <severity>, <protname>, <group>
Failed to Locate EgressN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <protname>
FSM Error HistoryN/A<vmid>, <sip>, <protname>, <session>, <object>, <tag1>
FTP Data Stored/RetrievedN/A<seveirty>, <vmid>, <subject>, <sname>, <sip>, <Sport>, <dname>, <dip>, <dport>, <login>, <command>, <tag1>, <object>
HA Status CallbackN/A<vmid>, <object>
Hash Generation ErrorN/A<subject>, <reason>
Hostscan Results RejectedN/A<sip>, <subject>, <quantity>, <reason>
ICMP Built Connection LogsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin>
IKE Decode MessageN/A<vmid>, <sip>, <tag1>, <session>, <object>, <size>
IKE Initiator Quick Mode MessageN/A<vmid>, <group>, <sip>, <protname>, <tag1>, <session>
IKE Receiving/DeletingN/A<vmid>, <sip>, <object>, <group>, <tag1>
IKE Tunnel MessagesN/A<vmid>, <severity>, <object>, <subject>, <protname>, <processid>
Information Status EventsN/A<vmid>, <severity>, <sip>, <dip>, <login>, <group>, <command>, <tag1>
Interface Failover TestingN/A<vmid>, <severity>, <dinterface>, <group>, <tag1>
IP Built/TeardownN/A<vmid>, <tag1>, <session>, <sip>, <dip>
IPSec Access MessagesN/A<vmid>, <severity>, <dip>, <dname>, <account>, <session>, <object>, <process>, <objectname>, <subject>
IPSec Rekeying InformationN/A<vmid>, <sip>, <dip>, <group>, <login>, <duration>, <size>, <tag1>, <status>
IPSec Security Association MessagesN/A<vmid>, <sip>, <dip>, <login>, <dname>, <session>, <tag1>, <tag2>
Last Message Repeated 11N/A<severity>, <dname>, <protname>, <subject>, <url>, <responsecode>, <quantity>
Login Denied and PermittedN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <tag1>
Module Ips Data Channel Status Is UPN/A<vmid>, <severity>, <dname>
Object Deleted/Created/ModifiedN/A<severity>, <object>, <policy>, <account>, <action>
Packet LogN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <login>, <protname>, <protnum>, <object>, <objectname>, <duration>, <amount>, <tag1>, <tag2>
Pattern : PIX-4-106100 : ConnectionsN/A<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <object>, <objectname>, <group>, <amount>, <tag1>
Pattern 1 : PIX Traffic MessagesN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <protname>, <sender>, <size>, <url>
Pattern 2 : PIX AuthenticationsN/A<vmid>, <severity>, <sip>, <login>, <session>, <object>, <threatname>, <group>, <command>
Pattern 3 : PIX Authorization and AuthenticationN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname>
Pattern 4 : PIX TrafficN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <sinterface>, <login>, <protname>, <object>, <group>, <command>, <tag1>, <reason>, <duration>, <bytesin>, <bytesout>
Pattern 5 : PIX TrafficN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname>, <group>
Pattern 6 : PIX TrafficN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <tag1>, <tag2>
Pattern 7 : PIX ConnectionsN/A<severity>, <vmid>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport><login>, <protname>, <tag1>, <object>, <responsecode>
Pattern 8 : PIX TunnelN/A<vmid>, <dip>, <dport>
Pattern 9 : PIX TrafficN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <protname>
Pattern 10 : PIX General AuthenticationN/A<severity>, <vmid>, <sip>, <dip>, <sport>, <login>
Pattern 11 : PIX Traffic MessagesN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <protnum>, <object>, <objectname>, <threatname>, <reason>, <duration>, <size>
Pattern 12 : TrafficN/A<vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <login>, <protname>, <domainorigin>, <bytesin>, <duration>
Pattern 13 : TrafficN/A<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <size>, <protname>
Pattern 14 : TrafficN/A<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>
Pattern 15 : TrafficN/A<vmid>, <sip>, <dname>, <sport>, <dport>, <protname>
Pattern 16 : TrafficN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <object>, <command>, <duration>, <bytesin>
Pattern 17 : TrafficN/A<vmid>, <sip>, <sname>, <dname>, <sport>, <dport>, <protname>
Pattern 18 : Build/Teardown ConnectionsN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <dnatip>, <dnatport>, <protname>, <login>, <domain>, <session>, <result>, <reason>, <bytesin>, <bytesout>, <duration>, <size>, <tag1>
Pattern 19 : URL Request FailuresN/A<vmid>, <dip>, <dname>, <url>, <tag1>
Pattern 20 : TrafficN/A<vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <protname>, <object>, <threatname>, <threatid>, <url>, <tag1>, <tag3>
Pattern 21 : IPSec VPN ActivityN/A<vmid>, <sip>, <login>, <group>, <tag1>
Pattern 22 : TrafficN/A<vmid>, <sip>, <login>, <group>, <reason>, <tag1>, <tag2>
Phase 1 Failure : Mismatched AttributeN/A<vmid>, <object>
Phase 2 Exchange Message to Standby UnitN/A<vmid>, <process>, <object>, <tag1>, <tag2>
PIX-5-304001 : Accessed URLN/A<vmid>, <domain>, <sip>, <dip>, <sname>, <dname>, <url>
PIX-X-305006 : Regular Translation Creation FailedN/A<vmid>, <sip>, <dip>, <protnum>
Queuing KEY-ACQUIRE MessagesN/A<vmid>, <dip>, <tag1>
Radius Server StatusN/A<sip>, <group>, <status>
Received ARP CollisionN/A<vmid>, <sip>, <sinterface>, <protname>, <object>
Received Delete for Rekeyed CentryN/A<vmid>, <sip>, <dip>, <session>, <protname>, <object>, <group>
Received Key MessageN/A<vmid>, <sip>, <object>, <group>, <tag1>
Rekey TimerN/A<vmid>, <sip>, <duration>, <group>
Routing Hop LogsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport><sinterface>, <dinterface>, <protname>, <subject>
Security Association Negotiation StatusN/A<vmid>, <sip>, <dip>, <login>, <group>, <tag2>, <severity>, <subject>
Sending/Received KeepaliveN/A<vmid>, <group>, <login>, <sip>, <tag1>, <object>, <session>
Session Is Being Torn DownN/A<vmid>, <group>, <login>, <dip>, <reason>, <tag1>
Shun ActivityN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <process>, <object>
SSL Messages 1N/A<vmid>, <severity>, <dip>, <dname>, <dnatip>, <dnatport>, <session>, <dport>
SVC Connect FailureN/A<sip>, <subject>, <action>
SVC Connection InformationN/A<vmid>, <severity>, <sip>, <protname>, <subject>, <login>, <object>, <group>
System MemoryN/A<vmid>, <severity>, <amount>
TCP InformationN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <session>, <duration>, <size>, <tag1>
Teardown Connection LogsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin>, <session>, <bytesout>, <duration>, <size>
Teardown Stub InformationN/A<severity>, <sip>, <dip>, <sport>, <dport>, <sname>, <dname>, <protname>, <account>, <object>, <bytesout>
Threat Detection Added Host to Shun ListN/A<vmid>, <dip>
Transmitting Large PacketN/A<vmid>, <severity>, <login>, <group>, <domain>, <sip>, <tag1>, <bytesin>, <size>
Trust-Point Connection InformationN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>
UDP Connection DeniedN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <object>, <protname>
User Information Message IDs 746001XN/A<vmid>, <severity>, <sip>, <sname>, <login>, <domainorigin>, <result>, <reason>, <tag1>
VMID 434002 : SFR Request to Drop PacketN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <sinterface>, <dinterface>
VMID 434003 : SFR Request to Reset ConnectionN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object>
WebVPN MessagesN/A<vmid>, <sip>, <login>, <group>, <tag1>

Revision History

KB Version

Log Type

Change Type


KB 7.1.588.0Syslog - Cisco ASACreated DocumentationN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.