Table of Contents | ||||
---|---|---|---|---|
|
The tags beginning with firewall.cisco
and with vpn.cisco
identify log events generated by the following Cisco technologies:
Cisco ASA
Cisco ASA VPN
Cisco Firepower Threat Defense
Cisco Firepower Management Central
Cisco PIX
Cisco Firewall Services Module
...
Valid tags and data tables
The full firewall.cisco
tags have just three tag must have two levels. The first two are fixed asfirewallvpn.cisco
. The third level identifies the technology type and must be one of asa, ftd, fmc, fwsm, or pix.
For the Cisco ASA AnyConnect VPN events, there is just one tag vpn.cisco.asa.anyconnect
Therefore, the valid tags includeevents sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables | Cisco Firewall Services |
| |
---|---|---|---|---|---|
Cisco ASA VPN |
|
|
For more information, read more about Devo tags.
Table structure
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
host |
| |
Severity |
| |
EventID |
| |
Group |
| |
User |
| |
srcIP |
| |
srcPort |
| |
dstIP |
| |
dstPort |
| |
interface |
| |
clientType |
| |
ipv4Address |
| |
ipv6Address |
| |
SessionType |
| |
Duration |
| |
BytesXmt |
| |
BytesRcv |
| |
Reason |
| |
svcMessage |
| |
svcMessageCode |
| |
Type |
| |
error |
| |
message |
| |
rawMessage |
| |
hostchain |
| |
tag |
| ✓ |
raw |
| ✓ |
rawSource |
| ✓ |
Cisco Firewall Configuration
...