Versions Compared

Old Version 10

changes.mady.by.user Sarah Bigault

Saved on

compared with

New Version 11

changes.mady.by.user Sarah Bigault

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

The tags beginning with firewall.cisco and with vpn.cisco identify log events generated by the following Cisco technologies:

  • Cisco ASA

  • Cisco ASA VPN

  • Cisco Firepower Threat Defense

  • Cisco Firepower Management Central

  • Cisco PIX 

  • Cisco Firewall Services Module

...

Valid tags and data tables

The full firewall.cisco tags have just three tag must have two levels. The first two are fixed asfirewallvpn.cisco. The third level identifies the technology type and must be one of asa, ftd, fmcfwsm, or pix

For the Cisco ASA AnyConnect VPN events, there is just one tag vpn.cisco.asa.anyconnect

Therefore, the valid tags includeevents sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

firewall.cisco.asa

firewall.cisco.asa

firewall.cisco.fmc

firewall.cisco.fmc

firewall.cisco.ftd

firewall.cisco.ftd

firewall.cisco.fwsm

firewall.cisco.fwsm

firewall.cisco.pix

Product / Service

Tags

Data tables

Cisco Firewall Services

firewall.cisco.pix

Cisco ASA VPN

vpn.cisco.asa.anyconnect

vpn.cisco.asa.anyconnect

For more information, read more about Devo tags.

Table structure

Field

Type

Extra fields

eventdate

timestamp

host

str

Severity

int

EventID

int

Group

str

User

str

srcIP

ip

srcPort

int

dstIP

ip

dstPort

int

interface

str

clientType

str

ipv4Address

ip

ipv6Address

str

SessionType

str

Duration

str

BytesXmt

int

BytesRcv

int

Reason

str

svcMessage

str

svcMessageCode

str

Type

str

error

str

message

str

rawMessage

str

hostchain

str

tag

str

raw

str

rawSource

str

Cisco Firewall Configuration

...