Skip to content

Commit

Permalink
bring cisco asa into the new year
Browse files Browse the repository at this point in the history
  • Loading branch information
@efd6
efd6 committed Jan 4, 2022
1 parent d8921fc commit 3721b6b
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 210 deletions.
36 changes: 18 additions & 18 deletions x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,12 +181,12 @@
"event.code": 609002,
"event.dataset": "cisco.asa",
"event.duration": 0,
"event.end": "2021-05-05T17:51:17.000-02:00",
"event.end": "2022-05-05T17:51:17.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%FTD-7-609002: Teardown local-host net:192.168.2.2 duration 0:00:00",
"event.severity": 7,
"event.start": "2021-05-05T19:51:17.000Z",
"event.start": "2022-05-05T19:51:17.000Z",
"event.timezone": "-02:00",
"event.type": [
"connection",
Expand Down Expand Up @@ -701,12 +701,12 @@
"event.code": 609002,
"event.dataset": "cisco.asa",
"event.duration": 0,
"event.end": "2021-05-05T18:24:31.000-02:00",
"event.end": "2022-05-05T18:24:31.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-7-609002: Teardown local-host identity:10.10.10.10 duration 0:00:00",
"event.severity": 7,
"event.start": "2021-05-05T20:24:31.000Z",
"event.start": "2022-05-05T20:24:31.000Z",
"event.timezone": "-02:00",
"event.type": [
"connection",
Expand Down Expand Up @@ -849,13 +849,13 @@
"event.code": 302014,
"event.dataset": "cisco.asa",
"event.duration": 0,
"event.end": "2021-05-05T18:29:32.000-02:00",
"event.end": "2022-05-05T18:29:32.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-6-302014: Teardown TCP connection 2960892904 for out111:10.10.10.10/443 to fw111:192.168.2.2/55225 duration 0:00:00 bytes 0 TCP Reset-I",
"event.reason": "TCP Reset-I",
"event.severity": 6,
"event.start": "2021-05-05T20:29:32.000Z",
"event.start": "2022-05-05T20:29:32.000Z",
"event.timezone": "-02:00",
"event.type": [
"connection",
Expand Down Expand Up @@ -966,12 +966,12 @@
"event.code": 305012,
"event.dataset": "cisco.asa",
"event.duration": 0,
"event.end": "2021-05-05T18:29:32.000-02:00",
"event.end": "2022-05-05T18:29:32.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-6-305012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00",
"event.severity": 6,
"event.start": "2021-05-05T20:29:32.000Z",
"event.start": "2022-05-05T20:29:32.000Z",
"event.timezone": "-02:00",
"event.type": [
"connection",
Expand Down Expand Up @@ -1175,12 +1175,12 @@
"event.code": 302016,
"event.dataset": "cisco.asa",
"event.duration": 124000000000,
"event.end": "2021-05-05T18:40:50.000-02:00",
"event.end": "2022-05-05T18:40:50.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-2-302016: Teardown UDP connection 1671727 for intfacename:10.10.10.10/161 to net:192.186.2.2/53356 duration 0:02:04 bytes 64585",
"event.severity": 2,
"event.start": "2021-05-05T20:38:46.000Z",
"event.start": "2022-05-05T20:38:46.000Z",
"event.timezone": "-02:00",
"event.type": [
"connection",
Expand Down Expand Up @@ -1812,13 +1812,13 @@
"event.code": 302023,
"event.dataset": "cisco.asa",
"event.duration": 0,
"event.end": "2021-05-05T19:02:58.000-02:00",
"event.end": "2022-05-05T19:02:58.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-6-302023: Teardown stub TCP connection for fw111:10.10.10.10/39210 to net:192.168.2.2/10051 duration 0:00:00 forwarded bytes 0 Cluster flow with CLU closed on owner",
"event.reason": "Cluster flow with CLU closed on owner",
"event.severity": 6,
"event.start": "2021-05-05T21:02:58.000Z",
"event.start": "2022-05-05T21:02:58.000Z",
"event.timezone": "-02:00",
"event.type": [
"info"
Expand Down Expand Up @@ -1868,13 +1868,13 @@
"event.code": 302023,
"event.dataset": "cisco.asa",
"event.duration": 0,
"event.end": "2021-05-05T19:02:58.000-02:00",
"event.end": "2022-05-05T19:02:58.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-6-302023: Teardown stub TCP connection for net:10.10.10.10/10051 to unknown:192.168.2.2/39222 duration 0:00:00 forwarded bytes 0 Forwarding or redirect flow removed to create director or backup flow",
"event.reason": "Forwarding or redirect flow removed to create director or backup flow",
"event.severity": 6,
"event.start": "2021-05-05T21:02:58.000Z",
"event.start": "2022-05-05T21:02:58.000Z",
"event.timezone": "-02:00",
"event.type": [
"info"
Expand Down Expand Up @@ -2687,13 +2687,13 @@
"event.code": 302304,
"event.dataset": "cisco.asa",
"event.duration": 3602000000000,
"event.end": "2021-04-27T04:12:23.000-02:00",
"event.end": "2022-04-27T04:12:23.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-6-302304: Teardown TCP state-bypass connection 2751765169 from server.deflan:81.2.69.143/54242 to server.deflan:67.43.156.12/9101 duration 1:00:02 bytes 245 Connection timeout",
"event.reason": "Connection timeout",
"event.severity": 6,
"event.start": "2021-04-27T05:12:21.000Z",
"event.start": "2022-04-27T05:12:21.000Z",
"event.timezone": "-02:00",
"event.type": [
"connection",
Expand Down Expand Up @@ -3228,13 +3228,13 @@
"event.code": 113019,
"event.dataset": "cisco.asa",
"event.duration": 1936000000000,
"event.end": "2021-04-27T02:03:03.000-02:00",
"event.end": "2022-04-27T02:03:03.000-02:00",
"event.kind": "event",
"event.module": "cisco",
"event.original": "%ASA-4-113019: Group = 81.2.69.143, Username = 81.2.69.143, IP = 81.2.69.143, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:32m:16s, Bytes xmt: 297103, Bytes rcv: 1216163, Reason: User Requested",
"event.reason": "User Requested",
"event.severity": 4,
"event.start": "2021-04-27T03:30:47.000Z",
"event.start": "2022-04-27T03:30:47.000Z",
"event.timezone": "-02:00",
"event.type": [
"info"
Expand Down
Loading

0 comments on commit 3721b6b

Please sign in to comment.