The tags beginning with vpn.cisco
identify log events generated by Cisco ASA VPN.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as vpn.cisco
. The third level identifies the product and the fourth is the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Cisco ASA VPN |
|
|
For more information, read more about Devo tags.
Table structure
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
host |
| |
Severity |
| |
EventID |
| |
Group |
| |
User |
| |
srcIP |
| |
srcPort |
| |
dstIP |
| |
dstPort |
| |
interface |
| |
clientType |
| |
ipv4Address |
| |
ipv6Address |
| |
SessionType |
| |
Duration |
| |
BytesXmt |
| |
BytesRcv |
| |
Reason |
| |
svcMessage |
| |
svcMessageCode |
| |
Type |
| |
error |
| |
message |
| |
rawMessage |
| |
hostchain |
| |
tag |
| ✓ |
raw |
| ✓ |
rawSource |
| ✓ |