Cisco fields
editCisco fields
editModule for handling Cisco network device logs.
cisco
editFields from Cisco logs.
asa
editFields for Cisco ASA Firewall.
-
cisco.asa.message_id
-
The Cisco ASA message identifier.
type: keyword
-
cisco.asa.suffix
-
Optional suffix after %ASA identifier.
type: keyword
example: session
-
cisco.asa.source_interface
-
Source interface for the flow or event.
type: keyword
-
cisco.asa.destination_interface
-
Destination interface for the flow or event.
type: keyword
-
cisco.asa.rule_name
-
Name of the Access Control List rule that matched this event.
type: keyword
-
cisco.asa.source_username
-
Name of the user that is the source for this event.
type: keyword
-
cisco.asa.destination_username
-
Name of the user that is the destination for this event.
type: keyword
-
cisco.asa.mapped_source_ip
-
The translated source IP address.
type: ip
-
cisco.asa.mapped_source_host
-
The translated source host.
type: keyword
-
cisco.asa.mapped_source_port
-
The translated source port.
type: long
-
cisco.asa.mapped_destination_ip
-
The translated destination IP address.
type: ip
-
cisco.asa.mapped_destination_host
-
The translated destination host.
type: keyword
-
cisco.asa.mapped_destination_port
-
The translated destination port.
type: long
-
cisco.asa.threat_level
-
Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high.
type: keyword
-
cisco.asa.threat_category
-
Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc.
type: keyword
-
cisco.asa.connection_id
-
Unique identifier for a flow.
type: keyword
-
cisco.asa.icmp_type
-
ICMP type.
type: short
-
cisco.asa.icmp_code
-
ICMP code.
type: short
-
cisco.asa.connection_type
-
The VPN connection type
type: keyword
-
cisco.asa.dap_records
-
The assigned DAP records
type: keyword
ftd
editFields for Cisco Firepower Threat Defense Firewall.
-
cisco.ftd.message_id
-
The Cisco FTD message identifier.
type: keyword
-
cisco.ftd.suffix
-
Optional suffix after %FTD identifier.
type: keyword
example: session
-
cisco.ftd.source_interface
-
Source interface for the flow or event.
type: keyword
-
cisco.ftd.destination_interface
-
Destination interface for the flow or event.
type: keyword
-
cisco.ftd.rule_name
-
Name of the Access Control List rule that matched this event.
type: keyword
-
cisco.ftd.source_username
-
Name of the user that is the source for this event.
type: keyword
-
cisco.ftd.destination_username
-
Name of the user that is the destination for this event.
type: keyword
-
cisco.ftd.mapped_source_ip
-
The translated source IP address. Use ECS source.nat.ip.
type: ip
-
cisco.ftd.mapped_source_host
-
The translated source host.
type: keyword
-
cisco.ftd.mapped_source_port
-
The translated source port. Use ECS source.nat.port.
type: long
-
cisco.ftd.mapped_destination_ip
-
The translated destination IP address. Use ECS destination.nat.ip.
type: ip
-
cisco.ftd.mapped_destination_host
-
The translated destination host.
type: keyword
-
cisco.ftd.mapped_destination_port
-
The translated destination port. Use ECS destination.nat.port.
type: long
-
cisco.ftd.threat_level
-
Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high.
type: keyword
-
cisco.ftd.threat_category
-
Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc.
type: keyword
-
cisco.ftd.connection_id
-
Unique identifier for a flow.
type: keyword
-
cisco.ftd.icmp_type
-
ICMP type.
type: short
-
cisco.ftd.icmp_code
-
ICMP code.
type: short
-
cisco.ftd.security
-
Raw fields for Security Events.
type: object
-
cisco.ftd.connection_type
-
The VPN connection type
type: keyword
-
cisco.ftd.dap_records
-
The assigned DAP records
type: keyword
ios
editFields for Cisco IOS logs.
-
cisco.ios.access_list
-
Name of the IP access list.
type: keyword
-
cisco.ios.facility
-
The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message.
type: keyword
example: SEC