Time Attributes in a Syslog Event
Understanding the purposes of the different time-stamps in the Event Logging page will help you filter and find the events that interest you.
|
Number |
Label |
Description |
|---|---|---|
|
1 |
Date/Time |
The time the Secure Event Connector (SEC) processed the event. This may not be the same as the time the firewall inspected that traffic. Same value as timestamp. |
|
2 |
EventSecond |
Equals with LastPacketSecond. |
|
3 |
FirstPacketSecond |
The time at which the connection opened. The firewall inspects the packet at this time. The value of the FirstPacketSecond is calculated by subtracting the ConnectionDuration from the LastPacketSecond. For connection events logged at the beginning of the connection, the value of FirstPacketSecond, LastPacketSecond, and EventSecond will all be the same. |
|
4 |
LastPacketSecond |
The time at which the connection closed. For connection events logged at the end of the connection, LastPacketSecond and EventSecond will be equal. |
|
5 |
timestamp |
The time the Secure Event Connector (SEC) processed the event. This may not be the same as the time the firewall inspected that traffic. Same value as Date/Time. |
|
6 |
Syslog TimeStamp |
Represents the syslog originated time if ‘logging timestamp’ is used. If the syslog does not have this info, the time the SEC received the event is reflected. |
|
7 |
NetflowTimeStamp |
The time at which the ASA finished gathering enough flow records/events to fill a NetFlow packet to then send them off to a flow collector. |