...
Valid tags and data tables
The full tag must have two 4 levels. The first two are fixed asvpn.cisco
. The third level identifies the product and the fourth is the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Cisco ASA |
AnyConnect |
|
| ||
|
| |||
Cisco FTD AnyConnect |
|
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in these tables:
Anchor | ||||||
---|---|---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
host |
| vhost | |
logType |
|
| |
Severity |
|
int
| |
EventID |
|
int
| |||
Group |
|
| |
User |
|
| |
srcIP |
ip
|
| ||
srcIPV6 |
|
| |
srcPort |
|
int
| |
dstIP |
|
ip
| |
dstPort |
int
|
| ||
interface |
|
| |
clientType |
|
| |
ipv4Address |
ip
|
| ||
ipv6Address |
|
| |
SessionType |
|
| |
Duration |
|
| |
BytesXmt |
int
|
| |
BytesRcv |
|
int
| |||
Reason |
|
| |
svcMessage |
|
| |
svcMessageCode |
|
| |
Type |
|
| |
error |
|
| |
message |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
rawMessage |
| rawSource |
Anchor | ||||||
---|---|---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
host |
| vhost | |
logType |
|
hostchain
str
tag
str
✓
raw
str
✓
rawSource
str
| |||
Severity |
|
| |
EventID |
|
| |
Group |
|
| |
User |
|
| |
srcIP |
|
| |
srcIPV6 |
|
| |
srcPort |
|
| |
dstIP |
|
| |
dstPort |
|
| |
interface |
|
| |
clientType |
|
| |
ipv4Address |
|
| |
ipv6Address |
|
| |
SessionType |
|
| |
Duration |
|
| |
BytesXmt |
|
| |
BytesRcv |
|
| |
Reason |
|
| |
svcMessage |
|
| |
svcMessageCode |
|
| |
Type |
|
| |
error |
|
| |
message |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
rawMessage |
| rawSource |