Skip to main content

 

 

Cisco Defense Orchestrator

Parsed ASA Syslog Events

Parsed syslog events contain more event attributes than other syslog events and let you search on any specific parsed field. The SEC forwards all ASA events you specify to the Cisco cloud but only the syslog messages in the table below are parsed. All parsed Syslogs events are shown with their EvenTypes italicised to help you identify.

Syslog  ID 

Syslog Category

Purpose of syslog messge

106015 Firewall Represents out of state TCP Deny
106023 Firewall A real IP packet was denied by the ACL. This message appears even if you do not have the log option enabled for an ACL.
106100 Access Lists/User Session Packet was permitted or denied by an ACL.
113019 User Authentication Critical AnyConnect
302013, 302015, 302017, 302020 User Session Connection start and end syslogs for TCP, UDP, GRE, and ICMP connection creation. 
302014, 302016, 302018, 302021

User Session

Connection start and end syslogs for TCP, UDP, GRE, and ICMP connection teardown. 

302020 - 302021 User Session ICMP session establishment and teardown.
305006 User Session/NAT and PAT NAT connection failure
305011-305014 User Session/NAT and PAT NAT Build/Teardown related
313001, 313008 IP Stack Represents denied connections to the box
414004 System Critical AnyConnect
609001 - 609002 Firewall A network state container was reserved/removed for host ip-address connected to a zone.
710002,710004 710005 User Session To the box connections failures
710003 User Session Represents denied connections to the box
746012, 746013 User Session Critical AnyConnect

For detailed explanations of syslogs see, Cisco ASA Series Syslog Messages.

Related Articles

  • Was this article helpful?