Session
Cisco ASA firewall logs are parsed against a standardized session log schema.
Type | Field | Display Name | Description |
---|---|---|---|
Integer | severity | Severity | |
String | msg_code | Message code | e.g. 106100 |
IP address | src_ip | Source IP | |
Integer | src_port | Source port | |
IP address | dst_ip | Destination IP | |
Integer | dst_port | Destination port | |
String | protocol | Protocol | e.g. TCP, UDP, ICMP |
String | app | Application | e.g. snmp |
String | action | Action | e.g. PERMIT, DENY, DROP, CLOSE |
IP address | nat_src_ip | NAT source IP | |
Integer | nat_src_port | NAT source port | |
IP address | nat_dst_ip | NAT destination IP | |
Integer | nat_dst_port | NAT destination port | |
String | policy | Policy | e.g. outside_access_in |
Integer | duration | Duration | in seconds |
Long | total_bytes | Total bytes | |
String | src_country | Source country | |
String | dst_country | Destination country |