11-28-2011 11:47 PM - edited 03-11-2019 02:56 PM
Hi All,
We have a Kiwi syslog server in our network to monitor and analyze the syslogs from our Firewalls.
We are getting the complete syslongs from 1-7
Now I need to analyze all the syslogs which are important and needfull.
Can someone tell me what all we need to look and prepare a report to send to the customer.
Date | Time | Facility | Level | Host Name | Message Text |
11/25/2011 | 14:17:55 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:09: %ASA-6-305011: Built dynamic TCP translation from inside:10.37.4.114/2344 to outside(inside_nat_outbound):206.206.208.4/25224 |
11/25/2011 | 14:17:55 | Local4 | Info | 10.39.40.100 | Mar 03 2003 21:00:30: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.42/0 gaddr 10.39.40.100/0 laddr 10.39.40.100/0 |
11/25/2011 | 14:17:55 | Local4 | Info | 10.39.40.100 | Mar 03 2003 21:00:30: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.42/0 gaddr 10.39.40.100/0 laddr 10.39.40.100/0 |
11/25/2011 | 14:17:55 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:30: %ASA-2-106006: Deny inbound UDP from 10.90.80..12/50030 to 10.10.10.221/6004 on interface inside |
11/25/2011 | 14:17:55 | Local4 | Info | 10.39.40.100 | Mar 03 2003 21:00:30: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.50/0 gaddr 10.39.40.100/0 laddr 10.39.40.100/0 |
11/25/2011 | 14:17:55 | Local4 | Info | 10.39.40.100 | Mar 03 2003 21:00:30: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.50/0 gaddr 10.39.40.100/0 laddr 10.39.40.100/0 |
11/25/2011 | 14:17:55 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:30: %ASA-2-106006: Deny inbound UDP from 10.90.80..12/50028 to 10.10.10.221/6004 on interface inside |
11/25/2011 | 14:17:55 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302016: Teardown UDP connection 131880 for outside:69.28.180.4/53 to inside:30.90.79.11/51105 duration 0:00:00 bytes 205 |
11/25/2011 | 14:17:55 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:29: %ASA-2-106001: Inbound TCP connection denied from 193.167.113.59/64498 to 206.206.215.90/402 flags SYN on interface outside |
11/25/2011 | 14:17:55 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302021: Teardown ICMP connection for faddr 30.90.79.60/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:55 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302020: Built inbound ICMP connection for faddr 30.90.79.60/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:55 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302015: Built outbound UDP connection 131880 for outside:69.28.180.4/53 (69.28.180.4/53) to inside:30.90.79.11/51105 (194.177.227.226/58882) |
11/25/2011 | 14:17:55 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-305011: Built dynamic UDP translation from inside:30.90.79.11/51105 to outside(inside_nat_outbound):194.177.227.226/58882 |
11/25/2011 | 14:17:54 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:08: %ASA-6-302014: Teardown TCP connection 2424813 for outside:46.59.45.233/42044 to inside:10.37.4.114/2343 duration 0:00:00 bytes 0 Failover primary closed |
11/25/2011 | 14:17:54 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:29: %ASA-2-106001: Inbound TCP connection denied from 112.210.219.103/2182 to 206.206.210.125/445 flags SYN on interface outside |
11/25/2011 | 14:17:54 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302016: Teardown UDP connection 131879 for outside:194.177.224.28/53 to inside:30.90.79.11/60777 duration 0:00:00 bytes 135 |
11/25/2011 | 14:17:54 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:29: %ASA-2-106001: Inbound TCP connection denied from 200.98.197.105/80 to 206.206.212.246/10673 flags SYN ACK on interface outside |
11/25/2011 | 14:17:54 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302015: Built outbound UDP connection 131879 for outside:194.177.224.28/53 (194.177.224.28/53) to inside:30.90.79.11/60777 (194.177.227.226/50598) |
11/25/2011 | 14:17:54 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-305011: Built dynamic UDP translation from inside:30.90.79.11/60777 to outside(inside_nat_outbound):194.177.227.226/50598 |
11/25/2011 | 14:17:54 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302016: Teardown UDP connection 131878 for outside:204.61.216.49/53 to inside:30.90.79.11/60768 duration 0:00:00 bytes 119 |
11/25/2011 | 14:17:54 | Local4 | Warning | 10.39.40.100 | Mar 03 2003 21:00:29: %ASA-4-106023: Deny tcp src outside:31.181.179.240/4646 dst inside:206.206.208.47/25 by access-group "Outside_access_in" [0x0, 0x0] |
11/25/2011 | 14:17:54 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-302015: Built outbound UDP connection 131878 for outside:204.61.216.49/53 (204.61.216.49/53) to inside:30.90.79.11/60768 (194.177.227.226/7246) |
11/25/2011 | 14:17:54 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:57: %ASA-6-305011: Built dynamic UDP translation from inside:30.90.79.11/60768 to outside(inside_nat_outbound):194.177.227.226/7246 |
11/25/2011 | 14:17:54 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:08: %ASA-6-305011: Built dynamic UDP translation from inside:10.90.80..11/60970 to outside(inside_nat_outbound):206.206.208.4/1103 |
11/25/2011 | 14:17:54 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:08: %ASA-6-305011: Built dynamic UDP translation from inside:10.90.80..11/49747 to outside(inside_nat_outbound):206.206.208.4/29109 |
11/25/2011 | 14:17:54 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:08: %ASA-6-305011: Built dynamic UDP translation from inside:10.90.80..11/60804 to outside(inside_nat_outbound):206.206.208.4/39822 |
11/25/2011 | 14:17:54 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:56: %ASA-6-305012: Teardown dynamic UDP translation from inside:30.90.79.11/60877 to outside(inside_nat_outbound):194.177.227.226/36612 duration 0:00:30 |
11/25/2011 | 14:17:54 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:07: %ASA-6-302014: Teardown TCP connection 2424811 for outside:217.209.10.202/42042 to inside:10.37.4.114/2342 duration 0:00:00 bytes 0 Failover primary closed |
11/25/2011 | 14:17:53 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:28: %ASA-2-106006: Deny inbound UDP from 124.239.195.131/1275 to 206.206.210.132/1434 on interface outside |
11/25/2011 | 14:17:53 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:07: %ASA-6-305011: Built dynamic TCP translation from inside:10.37.4.114/2342 to outside(inside_nat_outbound):206.206.208.4/36226 |
11/25/2011 | 14:17:53 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:28: %ASA-2-106006: Deny inbound UDP from 219.148.1.91/1224 to 206.206.210.50/1434 on interface outside |
11/25/2011 | 14:17:53 | Local4 | Info | 10.39.40.100 | Mar 03 2003 21:00:28: %ASA-6-106015: Deny TCP (no connection) from 10.90.80..114/135 to 10.50.79.84/47392 flags SYN ACK on interface dmz5 |
11/25/2011 | 14:17:53 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:28: %ASA-2-106001: Inbound TCP connection denied from 200.98.197.105/80 to 206.206.214.239/17358 flags SYN ACK on interface outside |
11/25/2011 | 14:17:53 | Local4 | Info | 10.39.40.100 | Mar 03 2003 21:00:28: %ASA-6-302015: Built outbound UDP connection 17256931 for outside:217.209.10.202/42042 (217.209.10.202/42042) to inside:10.37.4.114/42045 (206.206.208.4/1683) |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.42/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.50/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.42/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.50/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:27: %ASA-2-106001: Inbound TCP connection denied from 200.98.197.105/80 to 206.206.215.190/47019 flags SYN ACK on interface outside |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.42/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.50/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.42/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.50/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.42/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302021: Teardown ICMP connection for faddr 10.50.79.50/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.42/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302020: Built inbound ICMP connection for faddr 10.50.79.50/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Critical | 10.39.40.100 | Mar 03 2003 21:00:27: %ASA-2-106001: Inbound TCP connection denied from 193.167.113.59/64498 to 206.206.215.90/402 flags SYN on interface outside |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302021: Teardown ICMP connection for faddr 30.90.79.60/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.69.40.10 | Nov 25 2011 10:21:55: %ASA-6-302020: Built inbound ICMP connection for faddr 30.90.79.60/0 gaddr 10.69.40.10/0 laddr 10.69.40.10/0 |
11/25/2011 | 14:17:53 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:07: %ASA-6-302016: Teardown UDP connection 2424809 for outside:193.108.88.194/53 to inside:10.90.80..11/55643 duration 0:00:00 bytes 0 |
11/25/2011 | 14:17:52 | Local4 | Info | 10.39.40.101 | Nov 25 2011 05:28:06: %ASA-6-305011: Built dynamic UDP translation from inside:10.90.80..11/55643 to outside(inside_nat_outbound):206.206.208.4/6252 |
Regards,
Naidu
11-29-2011 12:24 AM
Hello Naidu
It depends on what your customer need , ideally we give the critical alamrs with the explanations
Regards
Harish.
11-29-2011 07:53 AM
It really depends on your customer needs and your contract responsibilities. The main part of the log is the information about successful connections and dropped attempts. All the information may be useful but it may be useless too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide