Document toolboxDocument toolbox

vpn.cisco

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Feb 12, 2024
1 min read
[ 1 Valid tags and data tables ] [ 2 Table structure ]

The tags beginning with vpn.cisco identify log events generated by Cisco ASA VPN.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as vpn.cisco. The third level identifies the product and the fourth is the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Cisco ASA AnyConnect

vpn.cisco.anyconnect.all

vpn.cisco.anyconnect.all

Union table - vpn.cisco.anyconnect.all

This is a union table that collects events from a set of tables for easy access and analysis.

Learn more about this union table in this article.

vpn.cisco.asa.anyconnect

vpn.cisco.asa.anyconnect

Cisco FTD AnyConnect

vpn.cisco.ftd.anyconnect

vpn.cisco.ftd.anyconnect

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables:

vpn.cisco.asa.anyconnect

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

vhost

 

logType

str

 

 

Severity

int4

 

 

EventID

int8

 

 

Group

str

 

 

User

str

 

 

srcIP

ip4

 

 

srcIPV6

ip6

 

 

srcPort

int4

 

 

dstIP

ip4

 

 

dstPort

int4

 

 

interface

str

 

 

clientType

str

 

 

ipv4Address

ip4

 

 

ipv6Address

str

 

 

SessionType

str

 

 

Duration

str

 

 

BytesXmt

int8

 

 

BytesRcv

int8

 

 

Reason

str

 

 

svcMessage

str

 

 

svcMessageCode

str

 

 

Type

str

 

 

error

str

 

 

message

str

 

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

rawSource

 

vpn.cisco.ftd.anyconnect

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

vhost

 

logType

str

 

 

Severity

int4

 

 

EventID

int8

 

 

Group

str

 

 

User

str

 

 

srcIP

ip4

 

 

srcIPV6

ip6

 

 

srcPort

int4

 

 

dstIP

ip4

 

 

dstPort

int4

 

 

interface

str

 

 

clientType

str

 

 

ipv4Address

ip4

 

 

ipv6Address

str

 

 

SessionType

str

 

 

Duration

str

 

 

BytesXmt

int8

 

 

BytesRcv

int8

 

 

Reason

str

 

 

svcMessage

str

 

 

svcMessageCode

str

 

 

Type

str

 

 

error

str

 

 

message

str

 

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

rawSource

 

Â