Session

Cisco ASA firewall logs are parsed against a standardized session log schema.

Type	Field	Display Name	Description
Integer	severity	Severity
String	msg_code	Message code	e.g. 106100
IP address	src_ip	Source IP
Integer	src_port	Source port
IP address	dst_ip	Destination IP
Integer	dst_port	Destination port
String	protocol	Protocol	e.g. TCP, UDP, ICMP
String	app	Application	e.g. snmp
String	action	Action	e.g. PERMIT, DENY, DROP, CLOSE
IP address	nat_src_ip	NAT source IP
Integer	nat_src_port	NAT source port
IP address	nat_dst_ip	NAT destination IP
Integer	nat_dst_port	NAT destination port
String	policy	Policy	e.g. outside_access_in
Integer	duration	Duration	in seconds
Long	total_bytes	Total bytes
String	src_country	Source country
String	dst_country	Destination country