Skip to main content

 

 

Cisco Defense Orchestrator

ASA Event Types

When filtering ASA events logged by Cisco Security Analytics and Monitoring, you can choose from a list of event types. Those event types represent groups of syslog IDs. The table below shows which syslog IDs are included in which ASA event type. If you want to learn more about a specific syslog ID, you can search for it in the Cisco ASA Series Syslog Messages guide.

Some syslog events will have the additional attribute “EventName". You will be able to filter the events table to find events using the EventName attribute by filtering by attribute:value pairs. See Event Name Attributes for Syslog Events.

Some syslog events will have the additional attributes “EventGroup” and “EventGroupDefinition”. You will be able to filter the events table to find events using these additional attributes by filtering by attribute:value pairs. See EventGroup and EventGroupDefinition Attributes for Some Syslog Messages.

NetFlow events are different than syslog events. The NetFlow filter searches for all NetFlow events IDs that resulted in an NSEL record. Those NetFlow event IDs are defined in the Cisco ASA NetFlow Implementation Guide

Filter Name Corresponding Syslog Event or NetFlow Event
AAA

109001-109035

113001-113027

BotNet

338001-338310

Failover

101001-101005, 102001, 103001-103007, 104001-104004, 105001-105048

210001-210022

311001-311004 

709001-709007

Firewall Denied

106001, 106007, 106012, 106013, 106015, 106016, 106017, 106020, 106021, 106022, 106023, 106025, 106027

Firewall Denied events may be contained in a NetFlow and may be reported with NetFlow event IDs as well as syslog IDs.

Firewall Traffic

106001-106100, 108001-108007, 110002-110003

201002-201013, 209003-209005, 215001

302002-302304, 302022-302027, 303002-303005, 313001-313008, 317001-317006, 324000-324301, 337001-337009

400001-400050, 401001-401005, 406001-406003, 407001-407003, 408001-408003, 415001-415020, 416001, 418001-418002, 419001-419003, 424001-424002, 431001-431002, 450001

500001-500005, 508001-508002

607001-607003, 608001-608005, 609001-609002, 616001

703001-703003, 726001

Firewall Traffic events may be contained in a NetFlow and may be reported with NetFlow event IDs as well as syslog IDs.

IPSec VPN

402001-402148, 602102-602305, 702304-702307

NAT

201002-201013, 202001-202011, 305005-305012

SSL VPN

716001-716060, 722001-722053, 723001-723014, 724001-724004, 725001-725015

NetFlow

0, 1, 2, 3, 5

 

  • Was this article helpful?