Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.

Device Details

Device NameSyslog - Cisco ASA



Device Type

Firewall and Network Security

Supported Model Name/Number

Windows Server 2008, 2012, 2016+

Supported Software Version(s)


Collection Method


Configurable Log Output?


Log Source Type

Syslog - Cisco ASA

Log Processing Policy

LogRhythm Default



Additional Information

Supported Log Messages

TypeProduct VersionSupported Schema Fields
Catch All : Level 1 (Cisco ASA)N/A<severity>, <tag1>
Catch All : Level 3 (Cisco ASA)N/A<vmid>, <vendorinfo>, <severity>, <login>, <objecttype>, <reason>, <tag1>
111008 : Configuration UpdateN/A<vmid>, <severity>, <login>, <session>, <object>, <objectname>, <command>, <tag1>
111009 : User Executed CommandN/A<vmid>, <severity>, <login>, <command>
Address ID ReceivedN/A<vmid>, <sip>, <dip>, <object>, <group>, <tag1>
AnyConnect Session MessagesN/A<vmid>, <sip>, <dip>, <login>, <group>, <command>
ASA 113010 : AAA Challenge Received for UserN/A<vmid>, <severity>, <dip>, <dname>, <login>
ASA 113015 : AAA User Authentication RejectedN/A<vmid>, <severity>, <login>, <subject><sip>
ASA 734003 : Session Attribute InformationN/A<vmid>, <severity>, <dip>, <login>, <objectname>
ASA Hardware Accelerator ErrorN/A<subject>, <command>, <reason>, <responsecode>
ASA-1-104001 : Switching Failover Pair RoleN/A<vmid>, <severity>, <object>, <subject>, <command>, <tag1>
ASA-3-202010 : NAT/PAT Pool ExhaustedN/A<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sinterface>, <dinterface>, <sport>, <dport>
ASA-3-713123 : IKE Peer Connection TerminatedN/A<vmid>, <sip>, <login>, <group>, <tag1>
ASA-4-313009 : Denied Invalid ICMP CodeN/A<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sname>, <dname>, <sport>, <dport>, <protname>, <objecttype>, <objectname>, <action>, <responsecode>
ASA-4-411002 : Line Protocol DownN/A<vmid>, <object>, <dinterface>
ASA-4-420002 : IPS Drop PacketN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <command>
ASA-4-420002 : ISP Request to Drop PacketN/A<vmid>, <protname>, <sname>, <sip>, <sport>, <dname>, <dip>, <dport>
ASA-4-420003 : IPS Request to Reset ConnectionN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object>
ASA-4-713903 : Packet DiscardedN/A<vmid>, <sip>, <sport>, <dport>
ASA-4-717037 : Search Using Cert Maps FailedN/A<vmid>, <severity>, <dname>, <object>, <objectname>, <subject>, <serialnumber>, <hash>
ASA-4-722051 : Address Assigned to SessionN/A<vmid>, <severity>, <sip>, <dip>, <group>, <login>, <object>
ASA-4-733100 : Drop Rate ExceededN/A<vmid>, <severity>, <object>, <rate>, <amount>, <quantity>, <tag1>, <tag2>
ASA-4-733101 : Subnet Targeted & Host AttackingN/A<vmid>, <sip>, <dip>, <rate>, <quantity>
ASA-5-305013 : Asymmetric NAT Rules MatchedN/A<vmid>, <severity>, <sip>, <dip>, <vendorinfo>, <sport>, <dport>, <protname>, <result>
ASA-5-502101 & 502102 : User Added And DeletedN/A<vmid>, <severity>, <account>, <object>, <objectname>, <tag1>
ASA-5-502103 : User Privileges ChangedN/A<vmid>, <login>, <object>
ASA-5-713041 : IKE Rekeying MessagesN/A<vmid>, <group>, <dip>, <tag1>, <tag2>, <tag3>
ASA-5-713904 : Received Packet DroppedN/A<vmid>, <sip>
ASA-6-80500 : Traffic FlowN/A<vmid>, <protname>, <dip>, <sip>, <sport>, <dport>, <session>, <subject>
ASA-6-199018 : Local Command ExecutedN/A<vmid>, <severity>, <sip>, <vendorinfo>, <dname>, <sinterface>, <command>
ASA-6-302010 : TCP Connections in UseN/A<vmid>, <quantity>
ASA-6-434004 : Flow Bypass RequestN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <object>, <sinterface>, <dinterface>, <protname>, <subject>
ASA-6-721016 : WebVPN Login SuccessfulN/A<vmid>, <severity>, <sip>, <dinterface>, <login>, <sessiontype>, <command>
ASA-6-734001 : DAP Record ConnectionN/A<vmid>, <severity>, <sip>, <dname>, <sinterface>, <login>, <process>, <object>, <subject>, <tag1>
ASA-6-737014 : Freeing AAA AddressN/A<vmid>, <severity>, <dip>, <process>, <command>
ASA-7-710007 : Keepalive ReceivedN/A<vmid>, <sport>, <sip>, <dip>, <dport>
ASA-7-713906 : Proposal InformationN/A<vmid>, <sip>, <object>, <group>, <tag1>
ASA-7-715001 : Constructing Process ResourceN/A<vmid>, <group>, <sip>, <object>
Build/Teardown ICMP ConnectionsN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <sinterface>, <protname>, <domain>
Build/Teardown Outbound TCP/UDP ConnectionsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size>
Build/Teardown TCP/UDP ConnectionsN/A<vmid>, <severity>, <sip>, <dip>, <dname>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <session>, <bytesout>, <duration>, <size>, <tag1>
Cached Flow Log Limit ReachedN/A<subject>, <quantity>
Certificate ExpiredN/A<domainorigin>, <object>, <serialnumber>, <subject>, <url>
Certificate Validation Failed (Cisco ASA)N/A<login>, <account>, <serialnumber>, <action>, <url>, <reason>
Cipher MessagesN/A<vmid>, <sip>, <sport>, <object>, <quantity>, <tag1>
Cisco MonitoringN/A<vmid>, <severity>, <dip>, <dname>, <dport>, <session>, <process>, <object>, <objectname>, <command>, <tag1>, <tag2>, <tag3>, <tag4>, <tag5>
Cisco UPDOWN MessageN/A<vmid>, <vendorinfo>, <severity>, <dname>, <dinterface>, <processid>, <subject>, <tag1>, <tag2>, <tag3>
Client Address RequestsN/A<vmid>, <severity>, <dip>, <dname>, <process>, <command>, <subject>, <tag1>
Configuration ChangesN/A<vmid>, <severity>, <sip>, <sname>, <login>, <command>, <session>
Connection Information (Cisco ASA)N/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <login>, <reason>
Connection to Useragent AttemptedN/A<vmid>, <severity>, <sip>, <login>, <version>, <useragent>, <policy>
Constructing/Processing PayloadN/A<vmid>, <group>, <login>, <sip>, <tag1>, <object>
Deny TCPN/A<vmid>, <protname>, <sip>, <sport>, <dip>, <dport>, <object>
DNS Lookup FailedN/A<vmid>, <severity>, <dname>, <subject>, <tag1>
Dropped ICMP PacketN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <account>, <domainorigin>, <object>
Error Processing PayloadN/A<seveirty>, <vmid>, <sip>, <object>
ESP Packet MessagesN/A<vmid>, <severity>, <sip>, <dip>, <login>
Event LogN/A<sip>, <dip>, <severity>, <sinterface>, <dinterface>, <subject>, <session>, <tag1>, <status>
EVID 113034 : Webtype Filter OverrideN/A<vmid>, <sip>, <login>, <account>, <object>, <group>
EVID 500005 : Connection TerminationN/A<vmid>, <sip>, <dip>, <sinterface>, <dinterface>, <sport>, <dport>, <protname>, <object>, <subject>
EVID 737003 : No Viable Servers FoundN/A<vmid>, <severity>, <protname>, <group>
Failed to Locate EgressN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <protname>
FSM Error HistoryN/A<vmid>, <sip>, <protname>, <session>, <object>, <tag1>
FTP Data Stored/RetrievedN/A<seveirty>, <vmid>, <subject>, <sname>, <sip>, <Sport>, <dname>, <dip>, <dport>, <login>, <command>, <tag1>, <object>
HA Status CallbackN/A<vmid>, <object>
Hash Generation ErrorN/A<subject>, <reason>
Hostscan Results RejectedN/A<sip>, <subject>, <quantity>, <reason>
ICMP Built Connection LogsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin>
IKE Decode MessageN/A<vmid>, <sip>, <tag1>, <session>, <object>, <size>
IKE Initiator Quick Mode MessageN/A<vmid>, <group>, <sip>, <protname>, <tag1>, <session>
IKE Receiving/DeletingN/A<vmid>, <sip>, <object>, <group>, <tag1>
IKE Tunnel MessagesN/A<vmid>, <severity>, <object>, <subject>, <protname>, <processid>
Information Status EventsN/A<vmid>, <severity>, <sip>, <dip>, <login>, <group>, <command>, <tag1>
Interface Failover TestingN/A<vmid>, <severity>, <dinterface>, <group>, <tag1>
IP Built/TeardownN/A<vmid>, <tag1>, <session>, <sip>, <dip>
IPSec Access MessagesN/A<vmid>, <severity>, <dip>, <dname>, <account>, <session>, <object>, <process>, <objectname>, <subject>
IPSec Rekeying InformationN/A<vmid>, <sip>, <dip>, <group>, <login>, <duration>, <size>, <tag1>, <status>
IPSec Security Association MessagesN/A<vmid>, <sip>, <dip>, <login>, <dname>, <session>, <tag1>, <tag2>
Last Message Repeated (Cisco ASA)N/A<severity>, <dname>, <protname>, <subject>, <url>, <responsecode>, <quantity>
Login Denied and PermittedN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <tag1>
Module Ips Data Channel Status Is UPN/A<vmid>, <severity>, <dname>
Object Deleted/Created/ModifiedN/A<severity>, <object>, <policy>, <account>, <action>
Packet LogN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <login>, <protname>, <protnum>, <object>, <objectname>, <duration>, <amount>, <tag1>, <tag2>
Pattern : PIX-4-106100 : ConnectionsN/A<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <login>, <object>, <objectname>, <group>, <amount>, <tag1>
Pattern 1 : PIX Traffic MessagesN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <protname>, <sender>, <size>, <url>
Pattern 2 : PIX AuthenticationsN/A<vmid>, <severity>, <sip>, <login>, <session>, <object>, <threatname>, <group>, <command>
Pattern 3 : PIX Authorization and AuthenticationN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname>
Pattern 4 : PIX TrafficN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <sinterface>, <login>, <protname>, <object>, <group>, <command>, <tag1>, <reason>, <duration>, <bytesin>, <bytesout>
Pattern 5 : PIX TrafficN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <login>, <protname>, <group>
Pattern 6 : PIX TrafficN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <tag1>, <tag2>
Pattern 7 : PIX ConnectionsN/A<severity>, <vmid>, <sip>, <dip>, <sport>, <dport>, <dnatip>, <dnatport><login>, <protname>, <tag1>, <object>, <responsecode>
Pattern 8 : PIX TunnelN/A<vmid>, <dip>, <dport>
Pattern 9 : PIX TrafficN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <protname>
Pattern 10 : PIX General AuthenticationN/A<severity>, <vmid>, <sip>, <dip>, <sport>, <login>
Pattern 11 : PIX Traffic MessagesN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <protnum>, <object>, <objectname>, <threatname>, <reason>, <duration>, <size>
Pattern 12 : TrafficN/A<vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <login>, <protname>, <domainorigin>, <bytesin>, <duration>
Pattern 13 : TrafficN/A<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <size>, <protname>
Pattern 14 : TrafficN/A<vmid>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>
Pattern 15 : TrafficN/A<vmid>, <sip>, <dname>, <sport>, <dport>, <protname>
Pattern 16 : TrafficN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <protname>, <object>, <command>, <duration>, <bytesin>
Pattern 17 : TrafficN/A<vmid>, <sip>, <sname>, <dname>, <sport>, <dport>, <protname>
Pattern 18 : Build/Teardown ConnectionsN/A<vmid>, <severity>, <sip>, <dip>, <sname>, <dname>, <sport>, <dport>, <dnatip>, <dnatport>, <protname>, <login>, <domain>, <session>, <result>, <reason>, <bytesin>, <bytesout>, <duration>, <size>, <tag1>
Pattern 19 : URL Request FailuresN/A<vmid>, <dip>, <dname>, <url>, <tag1>
Pattern 20 : TrafficN/A<vmid>, <sip>, <dip>, <dname>, <sport>, <dport>, <protname>, <object>, <threatname>, <threatid>, <url>, <tag1>, <tag3>
Pattern 21 : IPSec VPN ActivityN/A<vmid>, <sip>, <login>, <group>, <tag1>
Pattern 22 : TrafficN/A<vmid>, <sip>, <login>, <group>, <reason>, <tag1>, <tag2>
Phase 1 Failure : Mismatched AttributeN/A<vmid>, <object>
Phase 2 Exchange Message to Standby UnitN/A<vmid>, <process>, <object>, <tag1>, <tag2>
PIX-5-304001 : Accessed URLN/A<vmid>, <domain>, <sip>, <dip>, <sname>, <dname>, <url>
PIX-X-305006 : Regular Translation Creation FailedN/A<vmid>, <sip>, <dip>, <protnum>
Queuing KEY-ACQUIRE MessagesN/A<vmid>, <dip>, <tag1>
Radius Server StatusN/A<sip>, <group>, <status>
Received ARP CollisionN/A<vmid>, <sip>, <sinterface>, <protname>, <object>
Received Delete for Rekeyed CentryN/A<vmid>, <sip>, <dip>, <session>, <protname>, <object>, <group>
Received Key MessageN/A<vmid>, <sip>, <object>, <group>, <tag1>
Rekey TimerN/A<vmid>, <sip>, <duration>, <group>
Routing Hop LogsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport><sinterface>, <dinterface>, <protname>, <subject>
Security Association Negotiation StatusN/A<vmid>, <sip>, <dip>, <login>, <group>, <tag2>, <severity>, <subject>
Sending/Received KeepaliveN/A<vmid>, <group>, <login>, <sip>, <tag1>, <object>, <session>
Session Is Being Torn DownN/A<vmid>, <group>, <login>, <dip>, <reason>, <tag1>
Shun ActivityN/A<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <process>, <object>
SSL MessagesN/A<vmid>, <severity>, <dip>, <dname>, <dnatip>, <dnatport>, <session>, <dport>
SVC Connect FailureN/A<sip>, <subject>, <action>
SVC Connection InformationN/A<vmid>, <severity>, <sip>, <protname>, <subject>, <login>, <object>, <group>
System MemoryN/A<vmid>, <severity>, <amount>
TCP InformationN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <session>, <duration>, <size>, <tag1>
Teardown Connection LogsN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin>, <session>, <bytesout>, <duration>, <size>
Teardown Stub InformationN/A<severity>, <sip>, <dip>, <sport>, <dport>, <sname>, <dname>, <protname>, <account>, <object>, <bytesout>
Threat Detection Added Host to Shun ListN/A<vmid>, <dip>
Transmitting Large PacketN/A<vmid>, <severity>, <login>, <group>, <domain>, <sip>, <tag1>, <bytesin>, <size>
Trust-Point Connection InformationN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>
UDP Connection DeniedN/A<vmid>, <sip>, <dip>, <sport>, <dport>, <object>, <protname>
User Information Message IDs 746001XN/A<vmid>, <severity>, <sip>, <sname>, <login>, <domainorigin>, <result>, <reason>, <tag1>
VMID 434002 : SFR Request to Drop PacketN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <sinterface>, <dinterface>
VMID 434003 : SFR Request to Reset ConnectionN/A<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <objectname>, <object>
WebVPN MessagesN/A<vmid>, <sip>, <login>, <group>, <tag1>

Revision History

KB Version

Log Type

Change Type


KB 7.1.588.0Syslog - Cisco ASACreated DocumentationN/A