Device Details
|
Device Name |
Syslog - Cisco ASA |
|---|---|
|
Vendor |
Cisco |
|
Device Type |
Firewall and Network Security |
|
Supported Model Name/Number |
Windows Server 2008, 2012, 2016+ |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
No |
|
Log Source Type |
Syslog - Cisco ASA |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://www.cisco.com/c/en_in/products/security/adaptive-security-appliance-asa-software/index.html https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html |
Supported Log Messages
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
| Catch All : Level 1 10 |
N/A |
<severity>, <tag1> |
| Catch All : Level 3 7 |
N/A |
<vmid>, <vendorinfo>, <severity>, <login>, <objecttype>, <reason>, <tag1> |
| 111008 : Configuration Update |
N/A |
<vmid>, <severity>, <login>, <session>, <object>, <objectname>, <command>, <tag1> |
| 111009 : User Executed Command |
N/A |
<vmid>, <severity>, <login>, <command> |
| Address ID Received |
N/A |
<vmid>, <sip>, <dip>, <object>, <group>, <tag1> |
| AnyConnect Session Messages |
N/A |
<vmid>, <sip>, <dip>, <login>, <group>, <command> |
| ASA 113010 : AAA Challenge Received for User |
N/A |
<vmid>, <severity>, <dip>, <dname>, <login> |
| ASA 113015 : AAA User Authentication Rejected |
N/A |
<vmid>, <severity>, <login>, <subject><sip> |
| ASA 734003 : Session Attribute Information |
N/A |
<vmid>, <severity>, <dip>, <login>, <objectname> |
| ASA Hardware Accelerator Error |
N/A |
<subject>, <command>, <reason>, <responsecode> |
| ASA-1-104001 : Switching Failover Pair Role |
N/A |
<vmid>, <severity>, <object>, <subject>, <command>, <tag1> |
| ASA-3-202010 : NAT/PAT Pool Exhausted |
N/A |
<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sinterface>, <dinterface>, <sport>, <dport> |
| ASA-3-713123 : IKE Peer Connection Terminated |
N/A |
<vmid>, <sip>, <login>, <group>, <tag1> |
| ASA-4-313009 : Denied Invalid ICMP Code |
N/A |
<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sname>, <dname>, <sport>, <dport>, <protname>, <objecttype>, <objectname>, <action>, <responsecode> |
| ASA-4-411002 : Line Protocol Down |
N/A |
<vmid>, <object>, <dinterface> |
| ASA-4-420002 : IPS Drop Packet |
N/A |
<vmid>, <severity>, <sip>, <sname>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <command> |
| ASA-4-420002 : ISP Request to Drop Packet |
N/A |
<vmid>, <protname>, <sname>, <sip>, <sport>, <dname>, <dip>, <dport> |
| ASA-4-420003 : IPS Request to Reset Connection |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object> |
| ASA-4-713903 : Packet Discarded |
N/A |
<vmid>, <sip>, <sport>, <dport> |
| ASA-4-717037 : Search Using Cert Maps Failed |
N/A |
<vmid>, <severity>, <dname>, <object>, <objectname>, <subject>, <serialnumber>, <hash> |
| ASA-4-722051 : Address Assigned to Session |
N/A |
<vmid>, <severity>, <sip>, <dip>, <group>, <login>, <object> |
| ASA-4-733100 : Drop Rate Exceeded |
N/A |
<vmid>, <severity>, <object>, <rate>, <amount>, <quantity>, <tag1>, <tag2> |
|
ASA-4-733101 : Subnet Targeted & Host Attacking |
N/A |
<vmid>, <sip>, <dip>, <rate>, <quantity> |
| ASA-5-305013 : Asymmetric NAT Rules Matched |
N/A |
<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sport>, <dport>, <protname>, <result> |
|
ASA-5-502101 & 502102 : User Added And Deleted |
N/A |
<vmid>, <severity>, <account>, <object>, <objectname>, <tag1> |
| ASA-5-502103 : User Privileges Changed |
N/A |
<vmid>, <login>, <object> |
| ASA-5-713041 : IKE Rekeying Messages |
N/A |
<vmid>, <group>, <dip>, <tag1>, <tag2>, <tag3> |
| ASA-5-713904 : Received Packet Dropped |
N/A |
<vmid>, <sip> |
| ASA-6-80500 : Traffic Flow |
N/A |
<vmid>, <protname>, <dip>, <sip>, <sport>, <dport>, <session>, <subject> |
| ASA-6-199018 : Local Command Executed |
N/A |
<vmid>, <severity>, <sip>, <vendorinfo>, <dname>, <sinterface>, <command> |
| ASA-6-302010 : TCP Connections in Use |
N/A |
<vmid>, <quantity> |
| ASA-6-434004 : Flow Bypass Request |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <object>, <sinterface>, <dinterface>, <protname>, <subject> |
| ASA-6-721016 : WebVPN Login Successful |
N/A |
<vmid>, <severity>, <sip>, <dinterface>, <login>, <sessiontype>, <command> |
| ASA-6-734001 : DAP Record Connection |
N/A |
<vmid>, <severity>, <sip>, <dname>, <sinterface>, <login>, <process>, <object>, <subject>, <tag1> |
| ASA-6-737014 : Freeing AAA Address |
N/A |
<vmid>, <severity>, <dip>, <process>, <command> |
| ASA-7-710007 : Keepalive Received |
N/A |
<vmid>, <sport>, <sip>, <dip>, <dport> |
| ASA-7-713906 : Proposal Information |
N/A |
<vmid>, <sip>, <object>, <group>, <tag1> |
| ASA-7-715001 : Constructing Process Resource |
N/A |
<vmid>, <group>, <sip>, <object> |
| Build/Teardown ICMP Connections |
N/A |
<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <sinterface>, <protname>, <domain> |
| Build/Teardown Outbound TCP/UDP Connections |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size> |
| Build/Teardown TCP/UDP Connections |
N/A |
<vmid>, <severity>, <sip>, <dip>, <dname>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size>, <tag1> |
| Cached Flow Log Limit Reached |
N/A |
<subject>, <quantity> |
| Certificate Expired |
N/A |
<domainorigin>, <object>, <serialnumber>, <subject>, <url> |
| Certificate Validation Failed |
N/A |
<login>, <account>, <serialnumber>, <action>, <url>, <reason> |
| Cipher Messages |
N/A |
<vmid>, <sip>, <sport>, <object>, <quantity>, <tag1> |
| Cisco Monitoring |
N/A |
<vmid>, <severity>, <dip>, <dname>, <dport>, <session>, <process>, <object>, <objectname>, <command>, <tag1>, <tag2>, <tag3>, <tag4>, <tag5> |
| Cisco UPDOWN Message |
N/A |
<vmid>, <vendorinfo>, <severity>, <dname>, <dinterface>, <processid>, <subject>, <tag1>, <tag2>, <tag3> |
| Client Address Requests |
N/A |
<vmid>, <severity>, <dip>, <dname>, <process>, <command>, <subject>, <tag1> |
| Configuration Changes |
N/A |
<vmid>, <severity>, <sip>, <sname>, <login>, <command>, <session> |
| Connection Information 1 |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <login>, <reason> |
| Connection to Useragent Attempted |
N/A |
<vmid>, <severity>, <sip>, <login>, <version>, <useragent>, <policy> |
| Constructing/Processing Payload |
N/A |
<vmid>, <group>, <login>, <sip>, <tag1>, <object> |
| Deny TCP |
N/A |
<vmid>, <protname>, <sip>, <sport>, <dip>, <dport>, <object> |
| DNS Lookup Failed 1 |
N/A |
<vmid>, <severity>, <dname>, <subject>, <tag1> |
| Dropped ICMP Packet |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <account>, <domainorigin>, <object> |
| Error Processing Payload |
N/A |
<seveirty>, <vmid>, <sip>, <object> |
| ESP Packet Messages |
N/A |
<vmid>, <severity>, <sip>, <dip>, <login> |
| Event Log 1 |
N/A |
<sip>, <dip>, <severity>, <sinterface>, <dinterface>, <subject>, <session>, <tag1>, <status> |
| EVID 113034 : Webtype Filter Override |
N/A |
<vmid>, <sip>, <login>, <account>, <object>, <group> |
| EVID 500005 : Connection Termination |
N/A |
<vmid>, <sip>, <dip>, <sinterface>, <dinterface>, <sport>, <dport>, <protname>, <object>, <subject> |
| EVID 737003 : No Viable Servers Found |
N/A |
<vmid>, <severity>, <protname>, <group> |
| Failed to Locate Egress |
N/A |
<vmid>, <sip>, <dip>, <sport>, <dport>, <protname> |
| FSM Error History |
N/A |
<vmid>, <sip>, <protname>, <session>, <object>, <tag1> |
| FTP Data Stored/Retrieved |
N/A |
<seveirty>, <vmid>, <subject>, <sname>, <sip>, <Sport>, <dname>, <dip>, <dport>, <login>, <command>, <tag1>, <object> |
| HA Status Callback |
N/A |
<vmid>, <object> |
| Hash Generation Error |
N/A |
<subject>, <reason> |
| Hostscan Results Rejected |
N/A |
<sip>, <subject>, <quantity>, <reason> |
| ICMP Built Connection Logs |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin> |
| IKE Decode Message |
N/A |
<vmid>, <sip>, <tag1>, <session>, <object>, <size> |
| IKE Initiator Quick Mode Message |
N/A |
<vmid>, <group>, <sip>, <protname>, <tag1>, <session> |
| IKE Receiving/Deleting |
N/A |
<vmid>, <sip>, <object>, <group>, <tag1> |
| IKE Tunnel Messages |
N/A |
<vmid>, <severity>, <object>, <subject>, <protname>, <processid> |
| Information Status Events |
N/A |
<vmid>, <severity>, <sip>, <dip>, <login>, <group>, <command>, <tag1> |
| Interface Failover Testing |
N/A |
<vmid>, <severity>, <dinterface>, <group>, <tag1> |
| IP Built/Teardown |
N/A |
<vmid>, <tag1>, <session>, <sip>, <dip> |
| IPSec Access Messages |
N/A |
<vmid>, <severity>, <dip>, <dname>, <account>, <session>, <object>, <process>, <objectname>, <subject> |
|
N/A |
<vmid>, <sip>, <dip>, <group>, <login>, <duration>, <size>, <tag1>, <status> |
|
| IPSec Security Association Messages |
N/A |
<vmid>, <sip>, <dip>, <login>, <dname>, <session>, <tag1>, <tag2> |
| Last Message Repeated 11 |
N/A |
<severity>, <dname>, <protname>, <subject>, <url>, <responsecode>, <quantity> |
| Login Denied and Permitted |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <tag1> |
| Module Ips Data Channel Status Is UP |
N/A |
<vmid>, <severity>, <dname> |
| Object Deleted/Created/Modified |
N/A |
<severity>, <object>, <policy>, <account>, <action> |
| Packet Log |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <login>, <protname>, <protnum>, <object>, <objectname>, <duration>, <amount>, <tag1>, <tag2> |
| Pattern : PIX-4-106100 : Connections |
N/A |
<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <object>, <objectname>, <group>, <amount>, <tag1> |
| Pattern 1 : PIX Traffic Messages |
N/A |
<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <protname>, <sender>, <size>, <url> |
| Pattern 2 : PIX Authentications |
N/A |
<vmid>, <severity>, <sip>, <login>, <session>, <object>, <threatname>, <group>, <command> |
| Pattern 3 : PIX Authorization and Authentication |
N/A |
<vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname> |
| Pattern 4 : PIX Traffic |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <sinterface>, <login>, <protname>, <object>, <group>, <command>, <tag1>, <reason>, <duration>, <bytesin>, <bytesout> |
| Pattern 5 : PIX Traffic |
N/A |
<vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname>, <group> |
| Pattern 6 : PIX Traffic |
N/A |
<vmid>, <sip>, <dip>, <sport>, <dport>, <tag1>, <tag2> |
| Pattern 7 : PIX Connections |
N/A |
<severity>, <vmid>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport><login>, <protname>, <tag1>, <object>, <responsecode> |
| Pattern 8 : PIX Tunnel |
N/A |
<vmid>, <dip>, <dport> |
| Pattern 9 : PIX Traffic |
N/A |
<vmid>, <sip>, <dip>, <sport>, <dport>, <protname> |
| Pattern 10 : PIX General Authentication |
N/A |
<severity>, <vmid>, <sip>, <dip>, <sport>, <login> |
| Pattern 11 : PIX Traffic Messages |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <protnum>, <object>, <objectname>, <threatname>, <reason>, <duration>, <size> |
| Pattern 12 : Traffic |
N/A |
<vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <login>, <protname>, <domainorigin>, <bytesin>, <duration> |
| Pattern 13 : Traffic |
N/A |
<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <size>, <protname> |
| Pattern 14 : Traffic |
N/A |
<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname> |
| Pattern 15 : Traffic |
N/A |
<vmid>, <sip>, <dname>, <sport>, <dport>, <protname> |
| Pattern 16 : Traffic |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <object>, <command>, <duration>, <bytesin> |
| Pattern 17 : Traffic |
N/A |
<vmid>, <sip>, <sname>, <dname>, <sport>, <dport>, <protname> |
| Pattern 18 : Build/Teardown Connections |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <dnatip>, <dnatport>, <protname>, <login>, <domain>, <session>, <result>, <reason>, <bytesin>, <bytesout>, <duration>, <size>, <tag1> |
| Pattern 19 : URL Request Failures |
N/A |
<vmid>, <dip>, <dname>, <url>, <tag1> |
| Pattern 20 : Traffic |
N/A |
<vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <protname>, <object>, <threatname>, <threatid>, <url>, <tag1>, <tag3> |
| Pattern 21 : IPSec VPN Activity |
N/A |
<vmid>, <sip>, <login>, <group>, <tag1> |
| Pattern 22 : Traffic |
N/A |
<vmid>, <sip>, <login>, <group>, <reason>, <tag1>, <tag2> |
| Phase 1 Failure : Mismatched Attribute |
N/A |
<vmid>, <object> |
| Phase 2 Exchange Message to Standby Unit |
N/A |
<vmid>, <process>, <object>, <tag1>, <tag2> |
| PIX-5-304001 : Accessed URL |
N/A |
<vmid>, <domain>, <sip>, <dip>, <sname>, <dname>, <url> |
| PIX-X-305006 : Regular Translation Creation Failed |
N/A |
<vmid>, <sip>, <dip>, <protnum> |
| Queuing KEY-ACQUIRE Messages |
N/A |
<vmid>, <dip>, <tag1> |
| Radius Server Status |
N/A |
<sip>, <group>, <status> |
| Received ARP Collision |
N/A |
<vmid>, <sip>, <sinterface>, <protname>, <object> |
| Received Delete for Rekeyed Centry |
N/A |
<vmid>, <sip>, <dip>, <session>, <protname>, <object>, <group> |
| Received Key Message |
N/A |
<vmid>, <sip>, <object>, <group>, <tag1> |
| Rekey Timer |
N/A |
<vmid>, <sip>, <duration>, <group> |
| Routing Hop Logs |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport><sinterface>, <dinterface>, <protname>, <subject> |
|
N/A |
<vmid>, <sip>, <dip>, <login>, <group>, <tag2>, <severity>, <subject> |
|
| Sending/Received Keepalive |
N/A |
<vmid>, <group>, <login>, <sip>, <tag1>, <object>, <session> |
| Session Is Being Torn Down |
N/A |
<vmid>, <group>, <login>, <dip>, <reason>, <tag1> |
| Shun Activity |
N/A |
<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <process>, <object> |
| SSL Messages 1 |
N/A |
<vmid>, <severity>, <dip>, <dname>, <dnatip>, <dnatport>, <session>, <dport> |
| SVC Connect Failure |
N/A |
<sip>, <subject>, <action> |
| SVC Connection Information |
N/A |
<vmid>, <severity>, <sip>, <protname>, <subject>, <login>, <object>, <group> |
| System Memory |
N/A |
<vmid>, <severity>, <amount> |
| TCP Information |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <session>, <duration>, <size>, <tag1> |
| Teardown Connection Logs |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin>, <session>, <bytesout>, <duration>, <size> |
| Teardown Stub Information |
N/A |
<severity>, <sip>, <dip>, <sport>, <dport>, <sname>, <dname>, <protname>, <account>, <object>, <bytesout> |
| Threat Detection Added Host to Shun List |
N/A |
<vmid>, <dip> |
| Transmitting Large Packet |
N/A |
<vmid>, <severity>, <login>, <group>, <domain>, <sip>, <tag1>, <bytesin>, <size> |
| Trust-Point Connection Information |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport> |
| UDP Connection Denied |
N/A |
<vmid>, <sip>, <dip>, <sport>, <dport>, <object>, <protname> |
| User Information Message IDs 746001X |
N/A |
<vmid>, <severity>, <sip>, <sname>, <login>, <domainorigin>, <result>, <reason>, <tag1> |
| VMID 434002 : SFR Request to Drop Packet |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <sinterface>, <dinterface> |
| VMID 434003 : SFR Request to Reset Connection |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object> |
| WebVPN Messages |
N/A |
<vmid>, <sip>, <login>, <group>, <tag1> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.588.0 |
Syslog - Cisco ASA |
Created Documentation |
N/A |