Skip to main content

 

 

Cisco Defense Orchestrator

Time Attributes in a Syslog Event

Understanding the purposes of the different time-stamps in the Event Logging page will help you filter and find the events that interest you. 

event_time_description.jpg

 

syslog_timestamp_6.jpg

 

netflow_timestamp_7.jpg

Number Label Description
1

Date/Time

 

The time the Secure Event Connector (SEC) processed the event. This may not be the same as the time the firewall inspected that traffic. Same value as timestamp.

2 EventSecond Equals with LastPacketSecond.
3 FirstPacketSecond

The time at which the connection opened. The firewall inspects the packet at this time. 

The value of the FirstPacketSecond is calculated by subtracting the ConnectionDuration from the LastPacketSecond.

For connection events logged at the beginning of the connection, the value of FirstPacketSecond, LastPacketSecond, and EventSecond will all be the same.

4

LastPacketSecond

The time at which the connection closed. For connection events logged at the end of the connection, LastPacketSecond and EventSecond will be equal.

5 timestamp The time the Secure Event Connector (SEC) processed the event. This may not be the same as the time the firewall inspected that traffic. Same value as Date/Time.
6 Syslog TimeStamp Represents the syslog originated time if ‘logging timestamp’ is used. If the syslog does not have this info, the time the SEC received the event is reflected.
7 NetflowTimeStamp The time at which the ASA finished gathering enough flow records/events to fill a NetFlow packet to then send them off to a flow collector.