http://git-wip-us.apache.org/repos/asf/metron/blob/ffcb91ed/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/parsed/test.parsed ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/parsed/test.parsed b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/parsed/test.parsed new file mode 100755 index 0000000..bbf4cd0 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/parsed/test.parsed @@ -0,0 +1,128 @@ +{"syslog_host":"10.22.8.216","original_string":"<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-609001: Built local-host inside:10.22.8.205","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.74","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","original_string":"<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167725 for Outside_VPN:147.111.72.16\/26436 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 9687 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":26436,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"147.111.72.16","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805593 for outside:10.22.8.223\/59614(LOCAL\\user.name) to inside:10.22.8.78\/8102 duration 0:00:07 bytes 3433 TCP FINs (user.name)","ip_dst_addr":"10.22.8.78","ip_src_port":59614,"ip_dst_port":8102,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.223","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245503 for outside:10.22.8.233\/54209 (10.22.8.233\/54209) to inside:198.111.72.238\/443 (198.111.72.238\/443) (user.name)","ip_dst_addr":"198.111.72.238","ip_src_port":54209,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.233","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806031 for outside:10.22.8.17\/58633 (10.22.8.17\/58633)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58633,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168292 for DMZ-Inside:10.22.8.51\/51231 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2103 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51231,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.226\/45019 flags SYN ACK on interface Outside_VPN","ip_dst_addr":"204.111.72.226","ip_src_port":80,"ip_dst_port":45019,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"186.111.72.11","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604987 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64306 duration 0:00:31 bytes 10128 TCP FINs","ip_dst_addr":"10.22.8.188","ip_src_port":443,"ip_dst_port":64306,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"209.111.72.151","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604999 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64307 duration 0:00:30 bytes 6370 TCP FINs","ip_dst_addr":"10.22.8.188","ip_src_port":443,"ip_dst_port":64307,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"209.111.72.151","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167347 for Outside_VPN:198.111.72.24\/2134 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9785 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":2134,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.24","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"udp","original_string":"<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245506 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.8\/8612 (192.111.72.8\/8612) (user.name)","ip_dst_addr":"192.111.72.8","ip_src_port":49886,"ip_dst_port":8612,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.110","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805993 for outside:10.22.8.89\/56917(LOCAL\\user.name) to inside:216.111.72.126\/443 duration 0:00:00 bytes 0 TCP FINs (user.name)","ip_dst_addr":"216.111.72.126","ip_src_port":56917,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.89","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/49192 to outside:224.111.72.252\/5355","ip_dst_addr":"224.111.72.252","ip_src_port":49192,"ip_dst_port":5355,"ciscotag":"ASA-7-710005","syslog_facility":"local4","action":"discarded","ip_src_addr":"10.22.8.223","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488166143 for Outside_VPN:198.111.72.64\/80 to Inside-Trunk:10.22.8.39\/54883 duration 0:00:04 bytes 1148 TCP FINs","ip_dst_addr":"10.22.8.39","ip_src_port":80,"ip_dst_port":54883,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.64","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.84\/445 to 10.22.8.219\/60726 flags ACK on interface inside","ip_dst_addr":"10.22.8.219","ip_src_port":445,"ip_dst_port":60726,"ciscotag":"ASA-6-106015","syslog_facility":"local4","action":"deny","ip_src_addr":"10.22.8.84","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168344 for DMZ-Inside:10.22.8.53\/61682 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5648 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":61682,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.53","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168345 for DMZ-Inside:10.22.8.16\/31454 to Inside-Trunk:10.22.8.21\/443 duration 0:00:00 bytes 756 TCP FINs","ip_dst_addr":"10.22.8.21","ip_src_port":31454,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.16","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.4","protocol":"icmp","original_string":"<182>Jan 5 20:22:35 10.22.8.4 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.12\/0 gaddr 10.22.8.45\/1 laddr 10.22.8.45\/1","ip_dst_addr":"10.22.8.12","ciscotag":"ASA-6-302020","syslog_facility":"local6","action":"built","ip_src_addr":"10.22.8.45","syslog_severity":"info","timestamp":1452025355000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 50.111.72.230\/80 to 204.111.72.254\/53077 flags RST on interface Outside_VPN","ip_dst_addr":"204.111.72.254","ip_src_port":80,"ip_dst_port":53077,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"50.111.72.230","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603649 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63297 duration 0:02:01 bytes 209","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63297,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603650 for outside:207.111.72.122\/161 to inside:10.22.8.48\/63298 duration 0:02:01 bytes 209","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63298,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"207.111.72.122","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603652 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63300 duration 0:02:01 bytes 115","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63300,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603657 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63306 duration 0:02:01 bytes 115","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63306,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168436 for DMZ-Inside:10.22.8.51\/51235 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2497 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51235,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167656 for Outside_VPN:69.111.72.70\/21560 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 11410 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":21560,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"69.111.72.70","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806050 for outside:10.22.8.62\/53965 (10.22.8.62\/53965)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":53965,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806052 for outside:10.22.8.62\/56500 (10.22.8.62\/56500)(LOCAL\\user.name) to inside:198.111.72.83\/443 (198.111.72.83\/443) (user.name)","ip_dst_addr":"198.111.72.83","ip_src_port":56500,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806054 for outside:10.22.8.62\/56502 (10.22.8.62\/56502)(LOCAL\\user.name) to inside:50.111.72.252\/443 (50.111.72.252\/443) (user.name)","ip_dst_addr":"50.111.72.252","ip_src_port":56502,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.188\/64340 to outside:206.111.72.41\/2013","ip_src_port":64340,"ciscotag":"ASA-6-305011","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.188","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.33","protocol":"udp","original_string":"<166>Jan 5 15:52:35 10.22.8.33 %ASA-6-305012: Teardown dynamic UDP translation from inside:192.111.72.2\/62251 to outside:79.111.72.174\/21311 duration 0:02:30","ip_src_port":62251,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"192.111.72.2","syslog_severity":"info","timestamp":1452009155000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806058 for outside:10.22.8.221\/56631 (10.22.8.221\/56631)(LOCAL\\user.name) to inside:10.22.8.26\/389 (10.22.8.26\/389) (user.name)","ip_dst_addr":"10.22.8.26","ip_src_port":56631,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168189 for Outside_VPN:209.111.72.10\/56619 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 2477 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":56619,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"209.111.72.10","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.112\/52235 to 198.111.72.227\/80 flags ACK on interface Inside-Trunk","ip_dst_addr":"198.111.72.227","ip_src_port":52235,"ip_dst_port":80,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"10.22.8.112","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167192 for Outside_VPN:115.111.72.7\/49196 to DMZ-Inside:10.22.8.57\/443 duration 0:00:02 bytes 20588 TCP Reset-O","ip_dst_addr":"10.22.8.57","ip_src_port":49196,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"115.111.72.7","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212806055 for outside:10.22.8.62\/55383(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 349 (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":55383,"ip_dst_port":53,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168380 for Outside_VPN:74.111.72.12\/443 to Inside-Trunk:10.22.8.39\/54894 duration 0:00:00 bytes 5701 TCP FINs","ip_dst_addr":"10.22.8.39","ip_src_port":443,"ip_dst_port":54894,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"74.111.72.12","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245522 for outside:10.22.8.147\/56343 (10.22.8.147\/56343) to inside:209.111.72.151\/443 (209.111.72.151\/443) (user.name)","ip_dst_addr":"209.111.72.151","ip_src_port":56343,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.147","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168443 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.81\/64713 duration 0:00:00 bytes 2426 TCP FINs","ip_dst_addr":"10.22.8.81","ip_src_port":80,"ip_dst_port":64713,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"23.111.72.27","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488111566 for Outside_VPN:131.111.72.49\/443 to Inside-Trunk:10.22.8.127\/56558 duration 0:01:57 bytes 3614 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":443,"ip_dst_port":56558,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"131.111.72.49","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806061 for outside:10.22.8.17\/58635 (10.22.8.17\/58635)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58635,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806010 for outside:10.22.8.33\/60223(LOCAL\\user.name) to inside:10.22.8.86\/389 duration 0:00:00 bytes 416 TCP Reset-I (user.name)","ip_dst_addr":"10.22.8.86","ip_src_port":60223,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.33","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806062 for outside:10.22.8.221\/56632 (10.22.8.221\/56632)(LOCAL\\user.name) to inside:10.22.8.73\/389 (10.22.8.73\/389) (user.name)","ip_dst_addr":"10.22.8.73","ip_src_port":56632,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","original_string":"<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168231 for Outside_VPN:204.111.72.243\/3011 to Inside-Trunk:10.22.8.208\/60037 duration 0:00:00 bytes 19415 TCP FINs","ip_dst_addr":"10.22.8.208","ip_src_port":3011,"ip_dst_port":60037,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"204.111.72.243","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.41","protocol":"tcp","original_string":"<166>Jan 5 16:52:35 10.22.8.41 %ASA-6-302013: Built inbound TCP connection 45476108 for Outside:10.22.8.97\/53484 (10.22.8.97\/53484)(LOCAL\\user.name) to Inside:141.111.72.70\/7576 (141.111.72.70\/7576) (user.name)","ip_dst_addr":"141.111.72.70","ip_src_port":53484,"ip_dst_port":7576,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.97","syslog_severity":"info","timestamp":1452012755000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245527 for outside:10.22.8.97\/65195 (10.22.8.97\/65195) to inside:17.111.72.212\/5223 (17.111.72.212\/5223) (user.name)","ip_dst_addr":"17.111.72.212","ip_src_port":65195,"ip_dst_port":5223,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.97","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806018 for outside:10.22.8.17\/58632(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 0 TCP FINs (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58632,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168562 for DMZ-Inside:10.22.8.51\/51236 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2273 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51236,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806065 for outside:10.22.8.62\/59829 (10.22.8.62\/59829)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":59829,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806067 for outside:10.22.8.143\/62675 (10.22.8.143\/62675)(LOCAL\\user.name) to inside:141.111.72.12\/389 (141.111.72.12\/389) (user.name)","ip_dst_addr":"141.111.72.12","ip_src_port":62675,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.143","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/61122 to outside:224.111.72.252\/5355","ip_dst_addr":"224.111.72.252","ip_src_port":61122,"ip_dst_port":5355,"ciscotag":"ASA-7-710005","syslog_facility":"local4","action":"discarded","ip_src_addr":"10.22.8.223","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.143\/0(LOCAL\\user.name) gaddr 141.111.72.12\/0 laddr 141.111.72.12\/0 (user.name)","ip_dst_addr":"10.22.8.143","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"141.111.72.12","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168547 for Outside_VPN:107.111.72.102\/80 to Inside-Trunk:10.22.8.54\/61676 duration 0:00:00 bytes 1030 TCP FINs","ip_dst_addr":"10.22.8.54","ip_src_port":80,"ip_dst_port":61676,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"107.111.72.102","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806078 for outside:10.22.8.221\/56633 (10.22.8.221\/56633)(LOCAL\\user.name) to inside:10.22.8.20\/389 (10.22.8.20\/389) (user.name)","ip_dst_addr":"10.22.8.20","ip_src_port":56633,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.83\/59915 to outside:206.111.72.41\/22776","ip_src_port":59915,"ciscotag":"ASA-6-305011","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.83","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168044 for Outside_VPN:50.111.72.39\/80 to Inside-Trunk:10.22.8.75\/60877 duration 0:00:01 bytes 13304 TCP FINs","ip_dst_addr":"10.22.8.75","ip_src_port":80,"ip_dst_port":60877,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"50.111.72.39","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488118326 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.229\/57901 duration 0:01:45 bytes 1942 TCP FINs","ip_dst_addr":"10.22.8.229","ip_src_port":80,"ip_dst_port":57901,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"23.111.72.27","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488160565 for Outside_VPN:72.111.72.29\/80 to Inside-Trunk:10.22.8.42\/57520 duration 0:00:15 bytes 1025 TCP FINs","ip_dst_addr":"10.22.8.42","ip_src_port":80,"ip_dst_port":57520,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.29","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096423 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59096 duration 0:02:27 bytes 99347 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59096,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488095522 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59087 duration 0:02:29 bytes 154785 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59087,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488106557 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59134 duration 0:02:09 bytes 25319 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59134,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096426 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59099 duration 0:02:27 bytes 26171 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59099,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806005 for outside:10.22.8.17\/58630(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 3942 TCP FINs (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58630,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806085 for outside:10.22.8.143\/54018 (10.22.8.143\/54018)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":54018,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.143","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"icmp","original_string":"<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0 (user.name)","ip_dst_addr":"10.22.8.96","ciscotag":"ASA-6-302020","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.30","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"udp","original_string":"<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245537 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.11\/8612 (192.111.72.11\/8612) (user.name)","ip_dst_addr":"192.111.72.11","ip_src_port":49886,"ip_dst_port":8612,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.110","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.41","protocol":"tcp","original_string":"<166>Jan 5 16:52:36 10.22.8.41 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.85\/58359 to 10.22.8.11\/88 flags RST ACK on interface Outside","ip_dst_addr":"10.22.8.11","ip_src_port":58359,"ip_dst_port":88,"ciscotag":"ASA-6-106015","syslog_facility":"local4","action":"deny","ip_src_addr":"10.22.8.85","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.82\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.82","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799832 for outside:10.22.8.230\/55549(LOCAL\\user.name) to inside:10.22.8.11\/389 duration 0:02:01 bytes 354 (user.name)","ip_dst_addr":"10.22.8.11","ip_src_port":55549,"ip_dst_port":389,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.230","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799867 for outside:10.22.8.240\/138(LOCAL\\user.name) to inside:10.22.8.255\/138 duration 0:02:01 bytes 214 (user.name)","ip_dst_addr":"10.22.8.255","ip_src_port":138,"ip_dst_port":138,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.240","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","original_string":"<167>Jan 5 08:52:36 10.22.8.216 %ASA-7-609001: Built local-host inside:67.111.72.204","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245544 for outside:10.22.8.227\/54540 (10.22.8.227\/54540) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","ip_dst_addr":"63.111.72.124","ip_src_port":54540,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.227","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168135 for Outside_VPN:198.111.72.66\/36797 to DMZ-Inside:10.22.8.53\/80 duration 0:00:01 bytes 89039 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":36797,"ip_dst_port":80,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.66","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805836 for outside:10.22.8.62\/56471(LOCAL\\user.name) to inside:208.111.72.1\/443 duration 0:00:04 bytes 1700 TCP FINs (user.name)","ip_dst_addr":"208.111.72.1","ip_src_port":56471,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245546 for outside:10.22.8.227\/54542 (10.22.8.227\/54542) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","ip_dst_addr":"63.111.72.124","ip_src_port":54542,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.227","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.74","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"icmp","original_string":"<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302020: Built outbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0","ip_dst_addr":"10.22.8.96","ciscotag":"ASA-6-302020","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.30","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168388 for DMZ-Inside:10.22.8.10\/49771 to Inside-Trunk:10.22.8.128\/443 duration 0:00:00 bytes 19132 TCP Reset-O","ip_dst_addr":"10.22.8.128","ip_src_port":49771,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.10","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168692 for DMZ-Inside:10.22.8.53\/61694 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5660 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":61694,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.53","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245552 for outside:10.22.8.92\/51042 (10.22.8.92\/51042) to inside:10.22.8.193\/9100 (10.22.8.193\/9100) (user.name)","ip_dst_addr":"10.22.8.193","ip_src_port":51042,"ip_dst_port":9100,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.92","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.41","protocol":"udp","original_string":"<166>Jan 5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474680 for Outside:10.22.8.49\/137(LOCAL\\user.name) to Inside:10.22.8.12\/137 duration 0:02:03 bytes 486 (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":137,"ip_dst_port":137,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.49","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.41","protocol":"udp","original_string":"<166>Jan 5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474694 for Outside:10.22.8.49\/138(LOCAL\\user.name) to Inside:10.22.8.12\/138 duration 0:02:01 bytes 184 (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":138,"ip_dst_port":138,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.49","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167720 for Outside_VPN:198.111.72.75\/1033 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9634 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":1033,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.75","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488165627 for Outside_VPN:170.111.72.22\/27463 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9756 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":27463,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"170.111.72.22","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan 5 08:52:32 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212805854 for outside:10.22.8.62\/54704(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 114 (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":54704,"ip_dst_port":53,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"icmp","original_string":"<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-302020: Built inbound ICMP connection for faddr 207.111.72.122\/0 gaddr 206.111.72.24\/512 laddr 10.22.8.57\/512","ip_dst_addr":"207.111.72.122","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.57","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-302013: Built outbound TCP connection 17605397 for outside:69.111.72.0\/80 (69.111.72.0\/80) to inside:10.22.8.102\/55659 (206.111.72.41\/40627)","ip_dst_addr":"10.22.8.102","ip_src_port":80,"ip_dst_port":55659,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"69.111.72.0","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.212","protocol":"udp","original_string":"<174>Jan 5 14:52:32 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245230 for outside:10.22.8.96\/123 (10.22.8.96\/123) to inside:10.22.8.12\/123 (10.22.8.12\/123) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":123,"ip_dst_port":123,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.96","syslog_severity":"info","timestamp":1452005552000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031413 for Outside_VPN:184.111.72.216\/50341 to DMZ-Inside:10.22.8.57\/443 duration 0:05:01 bytes 13543 TCP Reset-O","ip_dst_addr":"10.22.8.57","ip_src_port":50341,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"184.111.72.216","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.41","protocol":"icmp","original_string":"<166>Jan 5 16:52:32 10.22.8.41 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.95\/1(LOCAL\\user.name) gaddr 10.22.8.12\/0 laddr 10.22.8.12\/0 (user.name)","ip_dst_addr":"10.22.8.95","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.12","syslog_severity":"info","timestamp":1452012752000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","original_string":"<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030393 for DMZ-Inside:[10.22.8.10\/57109 to Inside-Trunk:10.22.8.128\/443 duration 0:05:04 bytes 13541 TCP Reset-O","ciscotag":"ASA-6-302014","syslog_facility":"local1","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62156 to outside:206.111.72.41\/19576 duration 0:00:44","ip_src_port":62156,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.149","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62159 to outside:206.111.72.41\/39634 duration 0:00:44","ip_src_port":62159,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.149","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031793 for Outside_VPN:198.111.72.146\/28026 to DMZ-Inside:10.22.8.53\/443 duration 0:05:00 bytes 119 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":28026,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.146","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030810 for DMZ-Inside:10.22.8.10\/56930 to Inside-Trunk:10.22.8.128\/443 duration 0:05:03 bytes 13543 TCP Reset-O","ip_dst_addr":"10.22.8.128","ip_src_port":56930,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.10","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.199\/61438 flags SYN ACK on interface Outside_VPN","ip_dst_addr":"204.111.72.199","ip_src_port":80,"ip_dst_port":61438,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"186.111.72.11","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan 5 08:52:32 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212805863 for outside:10.22.8.144\/61999 (10.22.8.144\/61999)(LOCAL\\user.name) to inside:10.22.8.163\/80 (10.22.8.163\/80) (user.name)","ip_dst_addr":"10.22.8.163","ip_src_port":61999,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.144","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"syslog_host":"10.22.8.216","original_string":"<167>Jan 5 08:52:32 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983952000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"udp","original_string":"<166>Aug 06 2016 20:39:42: %ASA-6-110002: Failed to locate egress interface for UDP from Inside:10.25.14.52\/56544 to 172.18.106.2\/161","ip_dst_addr":"172.18.106.2","ip_src_port":56544,"ip_dst_port":161,"ciscotag":"ASA-6-110002","syslog_facility":"local4","ip_src_addr":"10.25.14.52","syslog_severity":"info","timestamp":1470515982000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<165>Aug 11 2016 15:42:07: %ASA-5-111010: User 'admin', running 'N\/A' from IP 10.25.112.191, executed 'service-object object TCP44720-44722'","ciscotag":"ASA-5-111010","syslog_facility":"local4","syslog_severity":"notice","timestamp":1470930127000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<165>Aug 06 2016 18:05:27: %ASA-5-713202: IP = 192.168.140.20, Duplicate first packet detected. Ignoring packet.","ciscotag":"ASA-5-713202","syslog_facility":"local4","syslog_severity":"notice","timestamp":1470506727000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<165>Aug 07 2016 22:38:41: %ASA-5-713904: IP = 206.16.173.28, Received encrypted packet with no matching SA, dropping","ciscotag":"ASA-5-713904","syslog_facility":"local4","syslog_severity":"notice","timestamp":1470609521000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<165>Aug 16 2016 08:20:21: %ASA-5-713050: Group = 192.168.136.20, IP = 192.168.136.20, Connection terminated for peer 192.168.136.20. Reason: IPSec SA Idle Timeout Remote Proxy 192.168.136.22, Local Proxy 172.18.106.36","ciscotag":"ASA-5-713050","syslog_facility":"local4","syslog_severity":"notice","timestamp":1471335621000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<164>Aug 16 2016 13:01:43: %ASA-4-313004: Denied ICMP type=0, from laddr 172.20.30.1 on interface Outside to 10.25.24.122: no matching session","ciscotag":"ASA-4-313004","syslog_facility":"local4","syslog_severity":"warn","timestamp":1471352503000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<166>Aug 16 2016 08:54:22: %ASA-6-113009: AAA retrieved default group policy (DefaultPolicyCA) for user = 192.168.136.20","ciscotag":"ASA-6-113009","syslog_facility":"local4","syslog_severity":"info","timestamp":1471337662000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<163>Aug 05 2016 20:21:04: %ASA-3-106010: Deny inbound protocol 47 src Outside:14.169.120.66 dst Outside:172.18.105.105","ciscotag":"ASA-3-106010","syslog_facility":"local4","syslog_severity":"err","timestamp":1470428464000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<164>Aug 06 2016 17:43:49: %ASA-4-113019: Group = 192.168.140.20, Username = 192.168.140.20, IP = 192.168.140.20, Session disconnected. Session Type: LAN-to-LAN, Duration: 12d 9h:11m:22s, Bytes xmt: 523781833, Bytes rcv: 16336203, Reason: Lost Service","ciscotag":"ASA-4-113019","syslog_facility":"local4","syslog_severity":"warn","timestamp":1470505429000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<165>Aug 05 2016 22:13:07: %ASA-5-500003: Bad TCP hdr length (hdrlen=4, pktlen=74) from 159.203.208.134\/0 to 172.18.105.12\/0, flags: INVALID, on interface Outside","ciscotag":"ASA-5-500003","syslog_facility":"local4","syslog_severity":"notice","timestamp":1470435187000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<165>Aug 06 2016 17:43:49: %ASA-5-713259: Group = 192.168.140.20, IP = 192.168.140.20, Session is being torn down. Reason: Lost Service","ciscotag":"ASA-5-713259","syslog_facility":"local4","syslog_severity":"notice","timestamp":1470505429000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"icmp","original_string":"<163>Aug 05 2016 19:13:26: %ASA-3-313001: Denied ICMP type=3, code=3 from 198.27.69.147 on interface Outside","ciscotag":"ASA-3-313001","syslog_facility":"local4","action":"denied","ip_src_addr":"198.27.69.147","syslog_severity":"err","timestamp":1470424406000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"icmp","original_string":"<164>Aug 05 2016 19:13:26: %ASA-4-313005: No matching connection for ICMP error message: icmp src Outside:198.27.69.147 dst identity:172.18.106.2 (type 3, code 3) on Outside interface. Original IP payload: udp src 172.18.106.2\/9993 dst 198.27.69.147\/26410.","ciscotag":"ASA-4-313005","syslog_facility":"local4","syslog_severity":"warn","timestamp":1470424406000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<163>Aug 11 2016 11:43:25: %ASA-3-713902: Group = 10.12.208.226, IP = 10.12.208.226, Removing peer from correlator table failed, no match!","ciscotag":"ASA-3-713902","syslog_facility":"local4","syslog_severity":"err","timestamp":1470915805000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<164>Aug 11 2016 11:43:02: %ASA-4-752010: IKEv2 Doesn't have a proposal specified","ciscotag":"ASA-4-752010","syslog_facility":"local4","syslog_severity":"warn","timestamp":1470915782000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<165>Aug 11 2016 11:43:02: %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = demap. Map Sequence Number = 1.","ciscotag":"ASA-5-752004","syslog_facility":"local4","syslog_severity":"notice","timestamp":1470915782000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<163>Aug 11 2016 12:15:25: %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= demap. Map Sequence Number = 1.","ciscotag":"ASA-3-752015","syslog_facility":"local4","syslog_severity":"err","timestamp":1470917725000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<164>Aug 11 2016 12:11:16: %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = demap. Map Sequence Number = 1.","ciscotag":"ASA-4-752012","syslog_facility":"local4","syslog_severity":"warn","timestamp":1470917476000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<164>Aug 06 2016 00:02:25: %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 500 from 172.30.106.180:57380","ciscotag":"ASA-4-713903","syslog_facility":"local4","syslog_severity":"warn","timestamp":1470441745000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<163>Aug 11 2016 11:43:25: %ASA-3-713227: IP = 10.12.208.226, Rejecting new IPSec SA negotiation for peer 10.12.208.226. A negotiation was already in progress for local Proxy 10.25.0.0\/255.255.0.0, remote Proxy 172.20.30.0\/255.255.255.0","ciscotag":"ASA-3-713227","syslog_facility":"local4","syslog_severity":"err","timestamp":1470915805000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<166>Aug 20 2016 23:06:27: %ASA-6-713905: INFO: IKE Transform #8 next payload is 3 (should be 0).","ciscotag":"ASA-6-713905","syslog_facility":"local4","syslog_severity":"info","timestamp":1471734387000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<166>Aug 11 2016 11:43:02: %ASA-6-713219: IP = 10.12.208.226, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.","ciscotag":"ASA-6-713219","syslog_facility":"local4","syslog_severity":"info","timestamp":1470915782000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"original_string":"<166>Aug 11 2016 11:43:19: %ASA-6-713220: Group = 10.12.208.226, IP = 10.12.208.226, De-queuing KEY-ACQUIRE messages that were left pending.","ciscotag":"ASA-6-713220","syslog_facility":"local4","syslog_severity":"info","timestamp":1470915799000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"tcp","original_string":"<162>Aug 05 2016 01:02:25: %ASA-2-106001: Inbound TCP connection denied from 10.47.32.45\/60641 to 10.254.8.193\/5060 flags SYN on interface Inside","ip_dst_addr":"10.254.8.193","ip_src_port":60641,"ip_dst_port":5060,"ciscotag":"ASA-2-106001","syslog_facility":"local4","action":"denied","ip_src_addr":"10.47.32.45","syslog_severity":"crit","timestamp":1470358945000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"icmp","original_string":"<163>Aug 05 2016 01:02:25: %ASA-3-106014: Deny inbound icmp src Inside:10.230.4.87 dst Inside:10.22.75.251 (type 8, code 0)","ip_dst_addr":"10.22.75.251","ciscotag":"ASA-3-106014","syslog_facility":"local4","action":"deny","ip_src_addr":"10.230.4.87","syslog_severity":"err","timestamp":1470358945000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"udp","original_string":"<164>Aug 05 2016 01:02:25: %ASA-4-106023: Deny udp src Inside:10.230.4.88\/42350 dst Outside:192.168.2.53\/53 by access-group \"Inside_access_in\" [0x962df600, 0x0]","ip_dst_addr":"192.168.2.53","ip_src_port":42350,"ip_dst_port":53,"ciscotag":"ASA-4-106023","syslog_facility":"local4","action":"deny","ip_src_addr":"10.230.4.88","syslog_severity":"warn","timestamp":1470358945000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"tcp","original_string":"<164>Aug 05 2016 01:02:25: %ASA-4-106023: Deny tcp src Inside:10.30.6.47\/4562 dst Outside:192.168.133.204\/443 by access-group \"Inside_access_in\" [0x962df600, 0x0]","ip_dst_addr":"192.168.133.204","ip_src_port":4562,"ip_dst_port":443,"ciscotag":"ASA-4-106023","syslog_facility":"local4","action":"deny","ip_src_addr":"10.30.6.47","syslog_severity":"warn","timestamp":1470358945000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} +{"protocol":"tcp","original_string":"<164>Aug 05 2016 01:02:25: %ASA-4-106023: Deny tcp src Inside:10.30.6.47\/4563 dst Outside:192.168.133.204\/443 by access-group \"Inside_access_in\" [0x962df600, 0x0]","ip_dst_addr":"192.168.133.204","ip_src_port":4563,"ip_dst_port":443,"ciscotag":"ASA-4-106023","syslog_facility":"local4","action":"deny","ip_src_addr":"10.30.6.47","syslog_severity":"warn","timestamp":1470358945000,"source.type":"asa","guid":"this-is-random-uuid-will-be-36-chars"} \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/ffcb91ed/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/raw/test.raw ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/raw/test.raw b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/raw/test.raw new file mode 100755 index 0000000..be5be5a --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/data/raw/test.raw @@ -0,0 +1,128 @@ +<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-609001: Built local-host inside:10.22.8.205 +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74/0(LOCAL\user.name) gaddr 10.22.8.205/0 laddr 10.22.8.205/0 +<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00 +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167725 for Outside_VPN:147.111.72.16/26436 to DMZ-Inside:10.22.8.53/443 duration 0:00:00 bytes 9687 TCP FINs +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805593 for outside:10.22.8.223/59614(LOCAL\user.name) to inside:10.22.8.78/8102 duration 0:00:07 bytes 3433 TCP FINs (user.name) +<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245503 for outside:10.22.8.233/54209 (10.22.8.233/54209) to inside:198.111.72.238/443 (198.111.72.238/443) (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806031 for outside:10.22.8.17/58633 (10.22.8.17/58633)(LOCAL\user.name) to inside:10.22.8.12/389 (10.22.8.12/389) (user.name) +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168292 for DMZ-Inside:10.22.8.51/51231 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 2103 TCP FINs +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11/80 to 204.111.72.226/45019 flags SYN ACK on interface Outside_VPN +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604987 for outside:209.111.72.151/443 to inside:10.22.8.188/64306 duration 0:00:31 bytes 10128 TCP FINs +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604999 for outside:209.111.72.151/443 to inside:10.22.8.188/64307 duration 0:00:30 bytes 6370 TCP FINs +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167347 for Outside_VPN:198.111.72.24/2134 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 9785 TCP FINs +<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245506 for outside:10.22.8.110/49886 (10.22.8.110/49886) to inside:192.111.72.8/8612 (192.111.72.8/8612) (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805993 for outside:10.22.8.89/56917(LOCAL\user.name) to inside:216.111.72.126/443 duration 0:00:00 bytes 0 TCP FINs (user.name) +<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223/49192 to outside:224.111.72.252/5355 +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488166143 for Outside_VPN:198.111.72.64/80 to Inside-Trunk:10.22.8.39/54883 duration 0:00:04 bytes 1148 TCP FINs +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.84/445 to 10.22.8.219/60726 flags ACK on interface inside +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168344 for DMZ-Inside:10.22.8.53/61682 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 5648 TCP FINs +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168345 for DMZ-Inside:10.22.8.16/31454 to Inside-Trunk:10.22.8.21/443 duration 0:00:00 bytes 756 TCP FINs +<182>Jan 5 20:22:35 10.22.8.4 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.12/0 gaddr 10.22.8.45/1 laddr 10.22.8.45/1 +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 50.111.72.230/80 to 204.111.72.254/53077 flags RST on interface Outside_VPN +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603649 for outside:206.111.72.2/161 to inside:10.22.8.48/63297 duration 0:02:01 bytes 209 +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603650 for outside:207.111.72.122/161 to inside:10.22.8.48/63298 duration 0:02:01 bytes 209 +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603652 for outside:206.111.72.2/161 to inside:10.22.8.48/63300 duration 0:02:01 bytes 115 +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603657 for outside:206.111.72.2/161 to inside:10.22.8.48/63306 duration 0:02:01 bytes 115 +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168436 for DMZ-Inside:10.22.8.51/51235 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 2497 TCP FINs +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167656 for Outside_VPN:69.111.72.70/21560 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 11410 TCP FINs +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806050 for outside:10.22.8.62/53965 (10.22.8.62/53965)(LOCAL\user.name) to inside:10.22.8.85/53 (10.22.8.85/53) (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806052 for outside:10.22.8.62/56500 (10.22.8.62/56500)(LOCAL\user.name) to inside:198.111.72.83/443 (198.111.72.83/443) (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806054 for outside:10.22.8.62/56502 (10.22.8.62/56502)(LOCAL\user.name) to inside:50.111.72.252/443 (50.111.72.252/443) (user.name) +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.188/64340 to outside:206.111.72.41/2013 +<166>Jan 5 15:52:35 10.22.8.33 %ASA-6-305012: Teardown dynamic UDP translation from inside:192.111.72.2/62251 to outside:79.111.72.174/21311 duration 0:02:30 +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806058 for outside:10.22.8.221/56631 (10.22.8.221/56631)(LOCAL\user.name) to inside:10.22.8.26/389 (10.22.8.26/389) (user.name) +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168189 for Outside_VPN:209.111.72.10/56619 to DMZ-Inside:10.22.8.53/443 duration 0:00:00 bytes 2477 TCP FINs +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.112/52235 to 198.111.72.227/80 flags ACK on interface Inside-Trunk +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167192 for Outside_VPN:115.111.72.7/49196 to DMZ-Inside:10.22.8.57/443 duration 0:00:02 bytes 20588 TCP Reset-O +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212806055 for outside:10.22.8.62/55383(LOCAL\user.name) to inside:10.22.8.85/53 duration 0:00:00 bytes 349 (user.name) +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168380 for Outside_VPN:74.111.72.12/443 to Inside-Trunk:10.22.8.39/54894 duration 0:00:00 bytes 5701 TCP FINs +<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245522 for outside:10.22.8.147/56343 (10.22.8.147/56343) to inside:209.111.72.151/443 (209.111.72.151/443) (user.name) +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168443 for Outside_VPN:23.111.72.27/80 to Inside-Trunk:10.22.8.81/64713 duration 0:00:00 bytes 2426 TCP FINs +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488111566 for Outside_VPN:131.111.72.49/443 to Inside-Trunk:10.22.8.127/56558 duration 0:01:57 bytes 3614 TCP Reset-O +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806061 for outside:10.22.8.17/58635 (10.22.8.17/58635)(LOCAL\user.name) to inside:10.22.8.12/389 (10.22.8.12/389) (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806010 for outside:10.22.8.33/60223(LOCAL\user.name) to inside:10.22.8.86/389 duration 0:00:00 bytes 416 TCP Reset-I (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806062 for outside:10.22.8.221/56632 (10.22.8.221/56632)(LOCAL\user.name) to inside:10.22.8.73/389 (10.22.8.73/389) (user.name) +<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00 +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168231 for Outside_VPN:204.111.72.243/3011 to Inside-Trunk:10.22.8.208/60037 duration 0:00:00 bytes 19415 TCP FINs +<166>Jan 5 16:52:35 10.22.8.41 %ASA-6-302013: Built inbound TCP connection 45476108 for Outside:10.22.8.97/53484 (10.22.8.97/53484)(LOCAL\user.name) to Inside:141.111.72.70/7576 (141.111.72.70/7576) (user.name) +<174>Jan 5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245527 for outside:10.22.8.97/65195 (10.22.8.97/65195) to inside:17.111.72.212/5223 (17.111.72.212/5223) (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806018 for outside:10.22.8.17/58632(LOCAL\user.name) to inside:10.22.8.12/389 duration 0:00:00 bytes 0 TCP FINs (user.name) +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168562 for DMZ-Inside:10.22.8.51/51236 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 2273 TCP FINs +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806065 for outside:10.22.8.62/59829 (10.22.8.62/59829)(LOCAL\user.name) to inside:10.22.8.85/53 (10.22.8.85/53) (user.name) +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806067 for outside:10.22.8.143/62675 (10.22.8.143/62675)(LOCAL\user.name) to inside:141.111.72.12/389 (141.111.72.12/389) (user.name) +<167>Jan 5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223/61122 to outside:224.111.72.252/5355 +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.143/0(LOCAL\user.name) gaddr 141.111.72.12/0 laddr 141.111.72.12/0 (user.name) +<142>Jan 5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168547 for Outside_VPN:107.111.72.102/80 to Inside-Trunk:10.22.8.54/61676 duration 0:00:00 bytes 1030 TCP FINs +<166>Jan 5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806078 for outside:10.22.8.221/56633 (10.22.8.221/56633)(LOCAL\user.name) to inside:10.22.8.20/389 (10.22.8.20/389) (user.name) +<166>Jan 5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.83/59915 to outside:206.111.72.41/22776 +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168044 for Outside_VPN:50.111.72.39/80 to Inside-Trunk:10.22.8.75/60877 duration 0:00:01 bytes 13304 TCP FINs +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488118326 for Outside_VPN:23.111.72.27/80 to Inside-Trunk:10.22.8.229/57901 duration 0:01:45 bytes 1942 TCP FINs +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488160565 for Outside_VPN:72.111.72.29/80 to Inside-Trunk:10.22.8.42/57520 duration 0:00:15 bytes 1025 TCP FINs +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096423 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59096 duration 0:02:27 bytes 99347 TCP Reset-O +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488095522 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59087 duration 0:02:29 bytes 154785 TCP Reset-O +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488106557 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59134 duration 0:02:09 bytes 25319 TCP Reset-O +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096426 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59099 duration 0:02:27 bytes 26171 TCP Reset-O +<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806005 for outside:10.22.8.17/58630(LOCAL\user.name) to inside:10.22.8.12/389 duration 0:00:00 bytes 3942 TCP FINs (user.name) +<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806085 for outside:10.22.8.143/54018 (10.22.8.143/54018)(LOCAL\user.name) to inside:10.22.8.85/53 (10.22.8.85/53) (user.name) +<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.96/2708 gaddr 10.22.8.30/0 laddr 10.22.8.30/0 (user.name) +<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245537 for outside:10.22.8.110/49886 (10.22.8.110/49886) to inside:192.111.72.11/8612 (192.111.72.11/8612) (user.name) +<166>Jan 5 16:52:36 10.22.8.41 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.85/58359 to 10.22.8.11/88 flags RST ACK on interface Outside +<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.82/0(LOCAL\user.name) gaddr 10.22.8.205/0 laddr 10.22.8.205/0 +<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799832 for outside:10.22.8.230/55549(LOCAL\user.name) to inside:10.22.8.11/389 duration 0:02:01 bytes 354 (user.name) +<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799867 for outside:10.22.8.240/138(LOCAL\user.name) to inside:10.22.8.255/138 duration 0:02:01 bytes 214 (user.name) +<167>Jan 5 08:52:36 10.22.8.216 %ASA-7-609001: Built local-host inside:67.111.72.204 +<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245544 for outside:10.22.8.227/54540 (10.22.8.227/54540) to inside:63.111.72.124/80 (63.111.72.124/80) (user.name) +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168135 for Outside_VPN:198.111.72.66/36797 to DMZ-Inside:10.22.8.53/80 duration 0:00:01 bytes 89039 TCP FINs +<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805836 for outside:10.22.8.62/56471(LOCAL\user.name) to inside:208.111.72.1/443 duration 0:00:04 bytes 1700 TCP FINs (user.name) +<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245546 for outside:10.22.8.227/54542 (10.22.8.227/54542) to inside:63.111.72.124/80 (63.111.72.124/80) (user.name) +<166>Jan 5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74/0(LOCAL\user.name) gaddr 10.22.8.205/0 laddr 10.22.8.205/0 +<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302020: Built outbound ICMP connection for faddr 10.22.8.96/2708 gaddr 10.22.8.30/0 laddr 10.22.8.30/0 +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168388 for DMZ-Inside:10.22.8.10/49771 to Inside-Trunk:10.22.8.128/443 duration 0:00:00 bytes 19132 TCP Reset-O +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168692 for DMZ-Inside:10.22.8.53/61694 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 5660 TCP FINs +<174>Jan 5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245552 for outside:10.22.8.92/51042 (10.22.8.92/51042) to inside:10.22.8.193/9100 (10.22.8.193/9100) (user.name) +<166>Jan 5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474680 for Outside:10.22.8.49/137(LOCAL\user.name) to Inside:10.22.8.12/137 duration 0:02:03 bytes 486 (user.name) +<166>Jan 5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474694 for Outside:10.22.8.49/138(LOCAL\user.name) to Inside:10.22.8.12/138 duration 0:02:01 bytes 184 (user.name) +<142>Jan 5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167720 for Outside_VPN:198.111.72.75/1033 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 9634 TCP FINs +<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488165627 for Outside_VPN:170.111.72.22/27463 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 9756 TCP FINs +<166>Jan 5 08:52:32 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212805854 for outside:10.22.8.62/54704(LOCAL\user.name) to inside:10.22.8.85/53 duration 0:00:00 bytes 114 (user.name) +<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-302020: Built inbound ICMP connection for faddr 207.111.72.122/0 gaddr 206.111.72.24/512 laddr 10.22.8.57/512 +<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-302013: Built outbound TCP connection 17605397 for outside:69.111.72.0/80 (69.111.72.0/80) to inside:10.22.8.102/55659 (206.111.72.41/40627) +<174>Jan 5 14:52:32 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245230 for outside:10.22.8.96/123 (10.22.8.96/123) to inside:10.22.8.12/123 (10.22.8.12/123) (user.name) +<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031413 for Outside_VPN:184.111.72.216/50341 to DMZ-Inside:10.22.8.57/443 duration 0:05:01 bytes 13543 TCP Reset-O +<166>Jan 5 16:52:32 10.22.8.41 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.95/1(LOCAL\user.name) gaddr 10.22.8.12/0 laddr 10.22.8.12/0 (user.name) +<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030393 for DMZ-Inside:[10.22.8.10/57109 to Inside-Trunk:10.22.8.128/443 duration 0:05:04 bytes 13541 TCP Reset-O +<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149/62156 to outside:206.111.72.41/19576 duration 0:00:44 +<166>Jan 5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149/62159 to outside:206.111.72.41/39634 duration 0:00:44 +<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031793 for Outside_VPN:198.111.72.146/28026 to DMZ-Inside:10.22.8.53/443 duration 0:05:00 bytes 119 TCP FINs +<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030810 for DMZ-Inside:10.22.8.10/56930 to Inside-Trunk:10.22.8.128/443 duration 0:05:03 bytes 13543 TCP Reset-O +<142>Jan 5 08:52:32 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11/80 to 204.111.72.199/61438 flags SYN ACK on interface Outside_VPN +<166>Jan 5 08:52:32 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212805863 for outside:10.22.8.144/61999 (10.22.8.144/61999)(LOCAL\user.name) to inside:10.22.8.163/80 (10.22.8.163/80) (user.name) +<167>Jan 5 08:52:32 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00 +<166>Aug 06 2016 20:39:42: %ASA-6-110002: Failed to locate egress interface for UDP from Inside:10.25.14.52/56544 to 172.18.106.2/161 +<165>Aug 11 2016 15:42:07: %ASA-5-111010: User 'admin', running 'N/A' from IP 10.25.112.191, executed 'service-object object TCP44720-44722' +<165>Aug 06 2016 18:05:27: %ASA-5-713202: IP = 192.168.140.20, Duplicate first packet detected. Ignoring packet. +<165>Aug 07 2016 22:38:41: %ASA-5-713904: IP = 206.16.173.28, Received encrypted packet with no matching SA, dropping +<165>Aug 16 2016 08:20:21: %ASA-5-713050: Group = 192.168.136.20, IP = 192.168.136.20, Connection terminated for peer 192.168.136.20. Reason: IPSec SA Idle Timeout Remote Proxy 192.168.136.22, Local Proxy 172.18.106.36 +<164>Aug 16 2016 13:01:43: %ASA-4-313004: Denied ICMP type=0, from laddr 172.20.30.1 on interface Outside to 10.25.24.122: no matching session +<166>Aug 16 2016 08:54:22: %ASA-6-113009: AAA retrieved default group policy (DefaultPolicyCA) for user = 192.168.136.20 +<163>Aug 05 2016 20:21:04: %ASA-3-106010: Deny inbound protocol 47 src Outside:14.169.120.66 dst Outside:172.18.105.105 +<164>Aug 06 2016 17:43:49: %ASA-4-113019: Group = 192.168.140.20, Username = 192.168.140.20, IP = 192.168.140.20, Session disconnected. Session Type: LAN-to-LAN, Duration: 12d 9h:11m:22s, Bytes xmt: 523781833, Bytes rcv: 16336203, Reason: Lost Service +<165>Aug 05 2016 22:13:07: %ASA-5-500003: Bad TCP hdr length (hdrlen=4, pktlen=74) from 159.203.208.134/0 to 172.18.105.12/0, flags: INVALID, on interface Outside +<165>Aug 06 2016 17:43:49: %ASA-5-713259: Group = 192.168.140.20, IP = 192.168.140.20, Session is being torn down. Reason: Lost Service +<163>Aug 05 2016 19:13:26: %ASA-3-313001: Denied ICMP type=3, code=3 from 198.27.69.147 on interface Outside +<164>Aug 05 2016 19:13:26: %ASA-4-313005: No matching connection for ICMP error message: icmp src Outside:198.27.69.147 dst identity:172.18.106.2 (type 3, code 3) on Outside interface. Original IP payload: udp src 172.18.106.2/9993 dst 198.27.69.147/26410. +<163>Aug 11 2016 11:43:25: %ASA-3-713902: Group = 10.12.208.226, IP = 10.12.208.226, Removing peer from correlator table failed, no match! +<164>Aug 11 2016 11:43:02: %ASA-4-752010: IKEv2 Doesn't have a proposal specified +<165>Aug 11 2016 11:43:02: %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = demap. Map Sequence Number = 1. +<163>Aug 11 2016 12:15:25: %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= demap. Map Sequence Number = 1. +<164>Aug 11 2016 12:11:16: %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = demap. Map Sequence Number = 1. +<164>Aug 06 2016 00:02:25: %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 500 from 172.30.106.180:57380 +<163>Aug 11 2016 11:43:25: %ASA-3-713227: IP = 10.12.208.226, Rejecting new IPSec SA negotiation for peer 10.12.208.226. A negotiation was already in progress for local Proxy 10.25.0.0/255.255.0.0, remote Proxy 172.20.30.0/255.255.255.0 +<166>Aug 20 2016 23:06:27: %ASA-6-713905: INFO: IKE Transform #8 next payload is 3 (should be 0). +<166>Aug 11 2016 11:43:02: %ASA-6-713219: IP = 10.12.208.226, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete. +<166>Aug 11 2016 11:43:19: %ASA-6-713220: Group = 10.12.208.226, IP = 10.12.208.226, De-queuing KEY-ACQUIRE messages that were left pending. +<162>Aug 05 2016 01:02:25: %ASA-2-106001: Inbound TCP connection denied from 10.47.32.45/60641 to 10.254.8.193/5060 flags SYN on interface Inside +<163>Aug 05 2016 01:02:25: %ASA-3-106014: Deny inbound icmp src Inside:10.230.4.87 dst Inside:10.22.75.251 (type 8, code 0) +<164>Aug 05 2016 01:02:25: %ASA-4-106023: Deny udp src Inside:10.230.4.88/42350 dst Outside:192.168.2.53/53 by access-group "Inside_access_in" [0x962df600, 0x0] +<164>Aug 05 2016 01:02:25: %ASA-4-106023: Deny tcp src Inside:10.30.6.47/4562 dst Outside:192.168.133.204/443 by access-group "Inside_access_in" [0x962df600, 0x0] +<164>Aug 05 2016 01:02:25: %ASA-4-106023: Deny tcp src Inside:10.30.6.47/4563 dst Outside:192.168.133.204/443 by access-group "Inside_access_in" [0x962df600, 0x0] http://git-wip-us.apache.org/repos/asf/metron/blob/ffcb91ed/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/log4j.properties b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/log4j.properties new file mode 100644 index 0000000..27263f7 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa/src/test/resources/log4j.properties @@ -0,0 +1,34 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Root logger option +log4j.rootLogger=ERROR, stdout +log4j.logger.org.apache.storm.daemon=FATAL, stdout + +# Direct log messages to stdout +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.Target=System.out +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n +log4j.appender.stdout.filter.1=org.apache.log4j.varia.StringMatchFilter +log4j.appender.stdout.filter.1.StringToMatch=Connection timed out +log4j.appender.stdout.filter.1.AcceptOnMatch=false +log4j.appender.stdout.filter.2=org.apache.log4j.varia.StringMatchFilter +log4j.appender.stdout.filter.2.StringToMatch=Background +log4j.appender.stdout.filter.2.AcceptOnMatch=false +log4j.appender.stdout.filter.3=org.apache.log4j.varia.StringMatchFilter +log4j.appender.stdout.filter.3.StringToMatch=Error when handling request +log4j.appender.stdout.filter.3.AcceptOnMatch=false
