Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
836
Views
0
Helpful
3
Replies

Syslog Messages Per Device

CarlosColon2948
Level 1
Level 1

‎05-20-2022 11:05 AM

I am currently parsing a very big environment with a large amount of network devices.  My job...  to parse the data as a whole to display audit events like Logins, Log off, object creations, access, and so on.  At the moment I have these types of devices. 

1. ASR1002

2.F5 Big IP 5050

3. Catalyst devices

4.ASA devices

5.  and so on....  

 

Syslog is already being sent to a syslog server which Splunk collects in its indexers.  I can create the Splunk SPL to parse the message with regular expressions but my concern is that each different Cisco device type/model sends log messages in different formats for example. 

 

ASA ---->    "ASA-6-611101"   vs. "%SEC_LOGIN-5-LOGIN_SUCCESS"

 

I want to make sure I capture all necessary events or log types per cisco device/type;  if this is even a thing.... ?!

 

is there a place I can find syslog type format per device?

maybe a location I can find a list of ASA log messages? 

is ASA type only for ASA devices or all firewall devices? 

forgive my ignorance usually don't deal with syslog messages often. 

 

Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎05-21-2022 12:50 PM

is there a place I can find syslog type format per device?

Google is your friend when it comes to finding the formats, or setup a virtual lab with each device you need and check the syslog format for each message there.

 

maybe a location I can find a list of ASA log messages? 

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html

 

is ASA type only for ASA devices or all firewall devices? 

Syslog ID's and messages for ASA are only for ASA for the most part, though some have been brought forward into FTD.  CheckPoint, Fortigate, Palo Alto, etc. all have different syslog messages and IDs as far as I know.

 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

CarlosColon2948
Level 1
Level 1
In response to Marius Gunnerud

‎05-21-2022 06:29 PM

Thank you.  I have tried good and not to many answers….  Whats yhe best virtual environment?! GNS3?    Any web browser type virtual environments

0 Helpful

Marius Gunnerud
VIP
VIP
In response to CarlosColon2948

‎05-21-2022 10:32 PM

I personally use Cisco Modeling Lab (CML) installed on VMware. In addition I have FMC and FTD virtual installed on the VMware running trial license.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card