Cisco fields
editCisco fields
editModule for handling Cisco network device logs.
cisco
editFields from Cisco logs.
asa
editFields for Cisco ASA Firewall.
-
cisco.asa.message_id
-
The Cisco ASA message identifier.
type: keyword
-
cisco.asa.suffix
-
Optional suffix after %ASA identifier.
type: keyword
example: session
-
cisco.asa.source_interface
-
Source interface for the flow or event.
type: keyword
-
cisco.asa.destination_interface
-
Destination interface for the flow or event.
type: keyword
-
cisco.asa.list_id
-
Name of the Access Control List that matched this event.
type: keyword
-
cisco.asa.source_username
-
Name of the user that is the source for this event.
type: keyword
-
cisco.asa.destination_username
-
Name of the user that is the destination for this event.
type: keyword
-
cisco.asa.mapped_source_ip
-
The translated source IP address.
type: ip
-
cisco.asa.mapped_source_port
-
The translated source port.
type: long
-
cisco.asa.mapped_destination_ip
-
The translated destination IP address.
type: ip
-
cisco.asa.mapped_destination_port
-
The translated destination port.
type: long
-
cisco.asa.threat_level
-
Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high.
type: keyword
-
cisco.asa.threat_category
-
Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc.
type: keyword
-
cisco.asa.connection_id
-
Unique identifier for a flow.
type: keyword
-
cisco.asa.icmp_type
-
ICMP type.
type: short
-
cisco.asa.icmp_code
-
ICMP code.
type: short
ios
editFields for Cisco IOS logs.
-
cisco.ios.access_list
-
Name of the IP access list.
type: keyword
-
cisco.ios.facility
-
The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message.
type: keyword
example: SEC