ASA Event Types
When filtering ASA events logged by Secure Logging Analytics (SaaS), you can choose from a list of event types. Those event types represent groups of syslog IDs. The table below shows which syslog IDs are included in which ASA event type. If you want to learn more about a specific syslog ID, you can search for it in the Cisco ASA Series Syslog Messages guide.
Some syslog events will have the additional attribute "EventName". You will be able to filter the events table to find events using the EventName attribute by filtering by attribute:value pairs. See Event Name Attributes for Syslog Events.
Some syslog events will have the additional attributes "EventGroup" and "EventGroupDefinition". You will be able to filter the events table to find events using these additional attributes by filtering by attribute:value pairs. See EventGroup and EventGroupDefinition Attributes for Some Syslog Messages.
NetFlow events are different than syslog events. The NetFlow filter searches for all NetFlow events IDs that resulted in an NSEL record. Those NetFlow event IDs are defined in the Cisco ASA NetFlow Implementation Guide.
|
Filter Name |
Corresponding Syslog Event or NetFlow Event |
|---|---|
|
AAA |
109001-109035 113001-113027 |
|
BotNet |
338001-338310 |
|
Failover |
101001-101005, 102001, 103001-103007, 104001-104004, 105001-105048 210001-210022 311001-311004 709001-709007 |
|
Firewall Denied |
106001, 106007, 106012, 106013, 106015, 106016, 106017, 106020, 106021, 106022, 106023, 106025, 106027 Firewall Denied events may be contained in a NetFlow and may be reported with NetFlow event IDs as well as syslog IDs. |
|
Firewall Traffic |
106001-106100, 108001-108007, 110002-110003 201002-201013, 209003-209005, 215001 302002-302304, 302022-302027, 303002-303005, 313001-313008, 317001-317006, 324000-324301, 337001-337009 400001-400050, 401001-401005, 406001-406003, 407001-407003, 408001-408003, 415001-415020, 416001, 418001-418002, 419001-419003, 424001-424002, 431001-431002, 450001 500001-500005, 508001-508002 607001-607003, 608001-608005, 609001-609002, 616001 703001-703003, 726001 Firewall Traffic events may be contained in a NetFlow and may be reported with NetFlow event IDs as well as syslog IDs. |
|
IPSec VPN |
402001-402148, 602102-602305, 702304-702307 |
|
NAT |
201002-201013, 202001-202011, 305005-305012 |
|
SSL VPN |
716001-716060, 722001-722053, 723001-723014, 724001-724004, 725001-725015 |
|
NetFlow |
0, 1, 2, 3, 5 |