https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614306#M1090278 <P>I am currently parsing a very big environment with a large amount of network devices.&nbsp; My job...&nbsp; to parse the data as a whole to display audit events like Logins, Log off, object creations, access, and so on.&nbsp; At the moment I have these types of devices.&nbsp;</P><P>1. ASR1002</P><P>2.F5 Big IP 5050</P><P>3. Catalyst devices</P><P>4.ASA devices</P><P>5.&nbsp; and so on....&nbsp;&nbsp;</P><P>&nbsp;</P><P>Syslog is already being sent to a syslog server which Splunk collects in its indexers.&nbsp; I can create the Splunk SPL to parse the message with regular expressions but my concern is that each different Cisco device type/model sends log messages in different formats for example.&nbsp;</P><P>&nbsp;</P><P>ASA ----&gt;&nbsp; &nbsp; "ASA-6-611101"&nbsp; &nbsp;vs. "%SEC_LOGIN-5-LOGIN_SUCCESS"</P><P>&nbsp;</P><P>I want to make sure I capture all necessary events or log types per cisco device/type;&nbsp; if this is even a thing.... ?!</P><P>&nbsp;</P><P>is there a place I can find syslog type format per device?</P><P>maybe a location I can find a list of ASA log messages?&nbsp;</P><P>is ASA type only for ASA devices or all firewall devices?&nbsp;</P><P>forgive my ignorance usually don't deal with syslog messages often.&nbsp;</P><P>&nbsp;</P> Fri, 20 May 2022 18:05:13 GMT CarlosColon2948 2022-05-20T18:05:13Z https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614306#M1090278 <P>I am currently parsing a very big environment with a large amount of network devices.&nbsp; My job...&nbsp; to parse the data as a whole to display audit events like Logins, Log off, object creations, access, and so on.&nbsp; At the moment I have these types of devices.&nbsp;</P><P>1. ASR1002</P><P>2.F5 Big IP 5050</P><P>3. Catalyst devices</P><P>4.ASA devices</P><P>5.&nbsp; and so on....&nbsp;&nbsp;</P><P>&nbsp;</P><P>Syslog is already being sent to a syslog server which Splunk collects in its indexers.&nbsp; I can create the Splunk SPL to parse the message with regular expressions but my concern is that each different Cisco device type/model sends log messages in different formats for example.&nbsp;</P><P>&nbsp;</P><P>ASA ----&gt;&nbsp; &nbsp; "ASA-6-611101"&nbsp; &nbsp;vs. "%SEC_LOGIN-5-LOGIN_SUCCESS"</P><P>&nbsp;</P><P>I want to make sure I capture all necessary events or log types per cisco device/type;&nbsp; if this is even a thing.... ?!</P><P>&nbsp;</P><P>is there a place I can find syslog type format per device?</P><P>maybe a location I can find a list of ASA log messages?&nbsp;</P><P>is ASA type only for ASA devices or all firewall devices?&nbsp;</P><P>forgive my ignorance usually don't deal with syslog messages often.&nbsp;</P><P>&nbsp;</P> Fri, 20 May 2022 18:05:13 GMT https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614306#M1090278 CarlosColon2948 2022-05-20T18:05:13Z https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614695#M1090294 <P>is there a place I can find syslog type format per device?</P> <P><FONT color="#FF0000">Google is your friend when it comes to finding the formats, or setup a virtual lab with each device you need and check the syslog format for each message there.</FONT></P> <P>&nbsp;</P> <P>maybe a location I can find a list of ASA log messages?&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html</A></P> <P>&nbsp;</P> <P>is ASA type only for ASA devices or all firewall devices?&nbsp;</P> <P><FONT color="#FF0000">Syslog ID's and messages for ASA are only for ASA for the most part, though some have been brought forward into FTD.&nbsp; CheckPoint, Fortigate, Palo Alto, etc. all have different syslog messages and IDs as far as I know.</FONT></P> <P>&nbsp;</P> Sat, 21 May 2022 19:50:05 GMT https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614695#M1090294 Marius Gunnerud 2022-05-21T19:50:05Z https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614732#M1090303 <P>Thank you. &nbsp;I have tried good and not to many answers…. &nbsp;Whats yhe best virtual environment?! GNS3? &nbsp; &nbsp;Any web browser type virtual environments</P> Sun, 22 May 2022 01:29:21 GMT https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614732#M1090303 CarlosColon2948 2022-05-22T01:29:21Z https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614860#M1090304 <P>I personally use Cisco Modeling Lab (CML) installed on VMware. In addition I have FMC and FTD virtual installed on the VMware running trial license.</P> Sun, 22 May 2022 05:32:10 GMT https://community.cisco.com/t5/network-security/syslog-messages-per-device/m-p/4614860#M1090304 Marius Gunnerud 2022-05-22T05:32:10Z