Cisco fields
editCisco fields
editModule for handling Cisco network device logs.
cisco
editFields from Cisco logs.
asa
editFields for Cisco ASA Firewall.
-
cisco.asa.message_id -
The Cisco ASA message identifier.
type: keyword
-
cisco.asa.suffix -
Optional suffix after %ASA identifier.
type: keyword
example: session
-
cisco.asa.source_interface -
Source interface for the flow or event.
type: keyword
-
cisco.asa.destination_interface -
Destination interface for the flow or event.
type: keyword
-
cisco.asa.list_id -
Name of the Access Control List that matched this event.
type: keyword
-
cisco.asa.source_username -
Name of the user that is the source for this event.
type: keyword
-
cisco.asa.destination_username -
Name of the user that is the destination for this event.
type: keyword
-
cisco.asa.mapped_source_ip -
The translated source IP address.
type: ip
-
cisco.asa.mapped_source_port -
The translated source port.
type: long
-
cisco.asa.mapped_destination_ip -
The translated destination IP address.
type: ip
-
cisco.asa.mapped_destination_port -
The translated destination port.
type: long
-
cisco.asa.threat_level -
Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high.
type: keyword
-
cisco.asa.threat_category -
Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc.
type: keyword
-
cisco.asa.connection_id -
Unique identifier for a flow.
type: keyword
-
cisco.asa.icmp_type -
ICMP type.
type: short
-
cisco.asa.icmp_code -
ICMP code.
type: short
ios
editFields for Cisco IOS logs.
-
cisco.ios.access_list -
Name of the IP access list.
type: keyword
-
cisco.ios.facility -
The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message.
type: keyword
example: SEC