Syslog - Cisco ASA
Device Details
| Device Name | Syslog - Cisco ASA |
|---|---|
Vendor | Cisco |
Device Type | Firewall and Network Security |
Supported Model Name/Number | Windows Server 2008, 2012, 2016+ |
Supported Software Version(s) | N/A |
Collection Method | Syslog |
Configurable Log Output? | No |
Log Source Type | Syslog - Cisco ASA |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://www.cisco.com/c/en_in/products/security/adaptive-security-appliance-asa-software/index.html https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html |
Supported Log Messages
| Type | Product Version | Supported Schema Fields |
|---|---|---|
| Catch All : Level 1 10 | N/A | <severity>, <tag1> |
| Catch All : Level 3 7 | N/A | <vmid>, <vendorinfo>, <severity>, <login>, <objecttype>, <reason>, <tag1> |
| 111008 : Configuration Update | N/A | <vmid>, <severity>, <login>, <session>, <object>, <objectname>, <command>, <tag1> |
| 111009 : User Executed Command | N/A | <vmid>, <severity>, <login>, <command> |
| Address ID Received | N/A | <vmid>, <sip>, <dip>, <object>, <group>, <tag1> |
| AnyConnect Session Messages | N/A | <vmid>, <sip>, <dip>, <login>, <group>, <command> |
| ASA 113010 : AAA Challenge Received for User | N/A | <vmid>, <severity>, <dip>, <dname>, <login> |
| ASA 113015 : AAA User Authentication Rejected | N/A | <vmid>, <severity>, <login>, <subject><sip> |
| ASA 734003 : Session Attribute Information | N/A | <vmid>, <severity>, <dip>, <login>, <objectname> |
| ASA Hardware Accelerator Error | N/A | <subject>, <command>, <reason>, <responsecode> |
| ASA-1-104001 : Switching Failover Pair Role | N/A | <vmid>, <severity>, <object>, <subject>, <command>, <tag1> |
| ASA-3-202010 : NAT/PAT Pool Exhausted | N/A | <vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sinterface>, <dinterface>, <sport>, <dport> |
| ASA-3-713123 : IKE Peer Connection Terminated | N/A | <vmid>, <sip>, <login>, <group>, <tag1> |
| ASA-4-313009 : Denied Invalid ICMP Code | N/A | <vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sname>, <dname>, <sport>, <dport>, <protname>, <objecttype>, <objectname>, <action>, <responsecode> |
| ASA-4-411002 : Line Protocol Down | N/A | <vmid>, <object>, <dinterface> |
| ASA-4-420002 : IPS Drop Packet | N/A | <vmid>, <severity>, <sip>, <sname>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <command> |
| ASA-4-420002 : ISP Request to Drop Packet | N/A | <vmid>, <protname>, <sname>, <sip>, <sport>, <dname>, <dip>, <dport> |
| ASA-4-420003 : IPS Request to Reset Connection | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object> |
| ASA-4-713903 : Packet Discarded | N/A | <vmid>, <sip>, <sport>, <dport> |
| ASA-4-717037 : Search Using Cert Maps Failed | N/A | <vmid>, <severity>, <dname>, <object>, <objectname>, <subject>, <serialnumber>, <hash> |
| ASA-4-722051 : Address Assigned to Session | N/A | <vmid>, <severity>, <sip>, <dip>, <group>, <login>, <object> |
| ASA-4-733100 : Drop Rate Exceeded | N/A | <vmid>, <severity>, <object>, <rate>, <amount>, <quantity>, <tag1>, <tag2> |
| ASA-4-733101 : Subnet Targeted & Host Attacking | N/A | <vmid>, <sip>, <dip>, <rate>, <quantity> |
| ASA-5-305013 : Asymmetric NAT Rules Matched | N/A | <vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sport>, <dport>, <protname>, <result> |
| ASA-5-502101 & 502102 : User Added And Deleted | N/A | <vmid>, <severity>, <account>, <object>, <objectname>, <tag1> |
| ASA-5-502103 : User Privileges Changed | N/A | <vmid>, <login>, <object> |
| ASA-5-713041 : IKE Rekeying Messages | N/A | <vmid>, <group>, <dip>, <tag1>, <tag2>, <tag3> |
| ASA-5-713904 : Received Packet Dropped | N/A | <vmid>, <sip> |
| ASA-6-80500 : Traffic Flow | N/A | <vmid>, <protname>, <dip>, <sip>, <sport>, <dport>, <session>, <subject> |
| ASA-6-199018 : Local Command Executed | N/A | <vmid>, <severity>, <sip>, <vendorinfo>, <dname>, <sinterface>, <command> |
| ASA-6-302010 : TCP Connections in Use | N/A | <vmid>, <quantity> |
| ASA-6-434004 : Flow Bypass Request | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <object>, <sinterface>, <dinterface>, <protname>, <subject> |
| ASA-6-721016 : WebVPN Login Successful | N/A | <vmid>, <severity>, <sip>, <dinterface>, <login>, <sessiontype>, <command> |
| ASA-6-734001 : DAP Record Connection | N/A | <vmid>, <severity>, <sip>, <dname>, <sinterface>, <login>, <process>, <object>, <subject>, <tag1> |
| ASA-6-737014 : Freeing AAA Address | N/A | <vmid>, <severity>, <dip>, <process>, <command> |
| ASA-7-710007 : Keepalive Received | N/A | <vmid>, <sport>, <sip>, <dip>, <dport> |
| ASA-7-713906 : Proposal Information | N/A | <vmid>, <sip>, <object>, <group>, <tag1> |
| ASA-7-715001 : Constructing Process Resource | N/A | <vmid>, <group>, <sip>, <object> |
| Build/Teardown ICMP Connections | N/A | <vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <sinterface>, <protname>, <domain> |
| Build/Teardown Outbound TCP/UDP Connections | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size> |
| Build/Teardown TCP/UDP Connections | N/A | <vmid>, <severity>, <sip>, <dip>, <dname>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size>, <tag1> |
| Cached Flow Log Limit Reached | N/A | <subject>, <quantity> |
| Certificate Expired | N/A | <domainorigin>, <object>, <serialnumber>, <subject>, <url> |
| Certificate Validation Failed | N/A | <login>, <account>, <serialnumber>, <action>, <url>, <reason> |
| Cipher Messages | N/A | <vmid>, <sip>, <sport>, <object>, <quantity>, <tag1> |
| Cisco Monitoring | N/A | <vmid>, <severity>, <dip>, <dname>, <dport>, <session>, <process>, <object>, <objectname>, <command>, <tag1>, <tag2>, <tag3>, <tag4>, <tag5> |
| Cisco UPDOWN Message | N/A | <vmid>, <vendorinfo>, <severity>, <dname>, <dinterface>, <processid>, <subject>, <tag1>, <tag2>, <tag3> |
| Client Address Requests | N/A | <vmid>, <severity>, <dip>, <dname>, <process>, <command>, <subject>, <tag1> |
| Configuration Changes | N/A | <vmid>, <severity>, <sip>, <sname>, <login>, <command>, <session> |
| Connection Information 1 | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <login>, <reason> |
| Connection to Useragent Attempted | N/A | <vmid>, <severity>, <sip>, <login>, <version>, <useragent>, <policy> |
| Constructing/Processing Payload | N/A | <vmid>, <group>, <login>, <sip>, <tag1>, <object> |
| Deny TCP | N/A | <vmid>, <protname>, <sip>, <sport>, <dip>, <dport>, <object> |
| DNS Lookup Failed 1 | N/A | <vmid>, <severity>, <dname>, <subject>, <tag1> |
| Dropped ICMP Packet | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <account>, <domainorigin>, <object> |
| Error Processing Payload | N/A | <seveirty>, <vmid>, <sip>, <object> |
| ESP Packet Messages | N/A | <vmid>, <severity>, <sip>, <dip>, <login> |
| Event Log 1 | N/A | <sip>, <dip>, <severity>, <sinterface>, <dinterface>, <subject>, <session>, <tag1>, <status> |
| EVID 113034 : Webtype Filter Override | N/A | <vmid>, <sip>, <login>, <account>, <object>, <group> |
| EVID 500005 : Connection Termination | N/A | <vmid>, <sip>, <dip>, <sinterface>, <dinterface>, <sport>, <dport>, <protname>, <object>, <subject> |
| EVID 737003 : No Viable Servers Found | N/A | <vmid>, <severity>, <protname>, <group> |
| Failed to Locate Egress | N/A | <vmid>, <sip>, <dip>, <sport>, <dport>, <protname> |
| FSM Error History | N/A | <vmid>, <sip>, <protname>, <session>, <object>, <tag1> |
| FTP Data Stored/Retrieved | N/A | <seveirty>, <vmid>, <subject>, <sname>, <sip>, <Sport>, <dname>, <dip>, <dport>, <login>, <command>, <tag1>, <object> |
| HA Status Callback | N/A | <vmid>, <object> |
| Hash Generation Error | N/A | <subject>, <reason> |
| Hostscan Results Rejected | N/A | <sip>, <subject>, <quantity>, <reason> |
| ICMP Built Connection Logs | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin> |
| IKE Decode Message | N/A | <vmid>, <sip>, <tag1>, <session>, <object>, <size> |
| IKE Initiator Quick Mode Message | N/A | <vmid>, <group>, <sip>, <protname>, <tag1>, <session> |
| IKE Receiving/Deleting | N/A | <vmid>, <sip>, <object>, <group>, <tag1> |
| IKE Tunnel Messages | N/A | <vmid>, <severity>, <object>, <subject>, <protname>, <processid> |
| Information Status Events | N/A | <vmid>, <severity>, <sip>, <dip>, <login>, <group>, <command>, <tag1> |
| Interface Failover Testing | N/A | <vmid>, <severity>, <dinterface>, <group>, <tag1> |
| IP Built/Teardown | N/A | <vmid>, <tag1>, <session>, <sip>, <dip> |
| IPSec Access Messages | N/A | <vmid>, <severity>, <dip>, <dname>, <account>, <session>, <object>, <process>, <objectname>, <subject> |
| IPSec Rekeying Information | N/A | <vmid>, <sip>, <dip>, <group>, <login>, <duration>, <size>, <tag1>, <status> |
| IPSec Security Association Messages | N/A | <vmid>, <sip>, <dip>, <login>, <dname>, <session>, <tag1>, <tag2> |
| Last Message Repeated 11 | N/A | <severity>, <dname>, <protname>, <subject>, <url>, <responsecode>, <quantity> |
| Login Denied and Permitted | N/A | <vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <tag1> |
| Module Ips Data Channel Status Is UP | N/A | <vmid>, <severity>, <dname> |
| Object Deleted/Created/Modified | N/A | <severity>, <object>, <policy>, <account>, <action> |
| Packet Log | N/A | <vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <login>, <protname>, <protnum>, <object>, <objectname>, <duration>, <amount>, <tag1>, <tag2> |
| Pattern : PIX-4-106100 : Connections | N/A | <vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <object>, <objectname>, <group>, <amount>, <tag1> |
| Pattern 1 : PIX Traffic Messages | N/A | <vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <protname>, <sender>, <size>, <url> |
| Pattern 2 : PIX Authentications | N/A | <vmid>, <severity>, <sip>, <login>, <session>, <object>, <threatname>, <group>, <command> |
| Pattern 3 : PIX Authorization and Authentication | N/A | <vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname> |
| Pattern 4 : PIX Traffic | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <sinterface>, <login>, <protname>, <object>, <group>, <command>, <tag1>, <reason>, <duration>, <bytesin>, <bytesout> |
| Pattern 5 : PIX Traffic | N/A | <vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname>, <group> |
| Pattern 6 : PIX Traffic | N/A | <vmid>, <sip>, <dip>, <sport>, <dport>, <tag1>, <tag2> |
| Pattern 7 : PIX Connections | N/A | <severity>, <vmid>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport><login>, <protname>, <tag1>, <object>, <responsecode> |
| Pattern 8 : PIX Tunnel | N/A | <vmid>, <dip>, <dport> |
| Pattern 9 : PIX Traffic | N/A | <vmid>, <sip>, <dip>, <sport>, <dport>, <protname> |
| Pattern 10 : PIX General Authentication | N/A | <severity>, <vmid>, <sip>, <dip>, <sport>, <login> |
| Pattern 11 : PIX Traffic Messages | N/A | <vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <protnum>, <object>, <objectname>, <threatname>, <reason>, <duration>, <size> |
| Pattern 12 : Traffic | N/A | <vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <login>, <protname>, <domainorigin>, <bytesin>, <duration> |
| Pattern 13 : Traffic | N/A | <vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <size>, <protname> |
| Pattern 14 : Traffic | N/A | <vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname> |
| Pattern 15 : Traffic | N/A | <vmid>, <sip>, <dname>, <sport>, <dport>, <protname> |
| Pattern 16 : Traffic | N/A | <vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <object>, <command>, <duration>, <bytesin> |
| Pattern 17 : Traffic | N/A | <vmid>, <sip>, <sname>, <dname>, <sport>, <dport>, <protname> |
| Pattern 18 : Build/Teardown Connections | N/A | <vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <dnatip>, <dnatport>, <protname>, <login>, <domain>, <session>, <result>, <reason>, <bytesin>, <bytesout>, <duration>, <size>, <tag1> |
| Pattern 19 : URL Request Failures | N/A | <vmid>, <dip>, <dname>, <url>, <tag1> |
| Pattern 20 : Traffic | N/A | <vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <protname>, <object>, <threatname>, <threatid>, <url>, <tag1>, <tag3> |
| Pattern 21 : IPSec VPN Activity | N/A | <vmid>, <sip>, <login>, <group>, <tag1> |
| Pattern 22 : Traffic | N/A | <vmid>, <sip>, <login>, <group>, <reason>, <tag1>, <tag2> |
| Phase 1 Failure : Mismatched Attribute | N/A | <vmid>, <object> |
| Phase 2 Exchange Message to Standby Unit | N/A | <vmid>, <process>, <object>, <tag1>, <tag2> |
| PIX-5-304001 : Accessed URL | N/A | <vmid>, <domain>, <sip>, <dip>, <sname>, <dname>, <url> |
| PIX-X-305006 : Regular Translation Creation Failed | N/A | <vmid>, <sip>, <dip>, <protnum> |
| Queuing KEY-ACQUIRE Messages | N/A | <vmid>, <dip>, <tag1> |
| Radius Server Status | N/A | <sip>, <group>, <status> |
| Received ARP Collision | N/A | <vmid>, <sip>, <sinterface>, <protname>, <object> |
| Received Delete for Rekeyed Centry | N/A | <vmid>, <sip>, <dip>, <session>, <protname>, <object>, <group> |
| Received Key Message | N/A | <vmid>, <sip>, <object>, <group>, <tag1> |
| Rekey Timer | N/A | <vmid>, <sip>, <duration>, <group> |
| Routing Hop Logs | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport><sinterface>, <dinterface>, <protname>, <subject> |
| Security Association Negotiation Status | N/A | <vmid>, <sip>, <dip>, <login>, <group>, <tag2>, <severity>, <subject> |
| Sending/Received Keepalive | N/A | <vmid>, <group>, <login>, <sip>, <tag1>, <object>, <session> |
| Session Is Being Torn Down | N/A | <vmid>, <group>, <login>, <dip>, <reason>, <tag1> |
| Shun Activity | N/A | <vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <process>, <object> |
| SSL Messages 1 | N/A | <vmid>, <severity>, <dip>, <dname>, <dnatip>, <dnatport>, <session>, <dport> |
| SVC Connect Failure | N/A | <sip>, <subject>, <action> |
| SVC Connection Information | N/A | <vmid>, <severity>, <sip>, <protname>, <subject>, <login>, <object>, <group> |
| System Memory | N/A | <vmid>, <severity>, <amount> |
| TCP Information | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <session>, <duration>, <size>, <tag1> |
| Teardown Connection Logs | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin>, <session>, <bytesout>, <duration>, <size> |
| Teardown Stub Information | N/A | <severity>, <sip>, <dip>, <sport>, <dport>, <sname>, <dname>, <protname>, <account>, <object>, <bytesout> |
| Threat Detection Added Host to Shun List | N/A | <vmid>, <dip> |
| Transmitting Large Packet | N/A | <vmid>, <severity>, <login>, <group>, <domain>, <sip>, <tag1>, <bytesin>, <size> |
| Trust-Point Connection Information | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport> |
| UDP Connection Denied | N/A | <vmid>, <sip>, <dip>, <sport>, <dport>, <object>, <protname> |
| User Information Message IDs 746001X | N/A | <vmid>, <severity>, <sip>, <sname>, <login>, <domainorigin>, <result>, <reason>, <tag1> |
| VMID 434002 : SFR Request to Drop Packet | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <sinterface>, <dinterface> |
| VMID 434003 : SFR Request to Reset Connection | N/A | <vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object> |
| WebVPN Messages | N/A | <vmid>, <sip>, <login>, <group>, <tag1> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.588.0 | Syslog - Cisco ASA | Created Documentation | N/A |