![]() Palo Alto Users and APP-ID: host="192.168.1.11" app=dropbox-baseĪnyconnect Logged In with User: host="cisco-asa5555xa.e-ins. User requested disconnect: host="" Cisco_ASA_message_id=722012 I assume the Cisco ASA App will work the same way (did not use this myself, yet) hope this helps. ![]() WebVPN Session Terminated: host="" Cisco_ASA_message_id=716002 best thing to set/leave UDP syslog input as sourcetypesyslog because if you take a look at the Cisco iOS TA App, it will re-write the sourcetype for all Cisco iOS events that match. I am already getting syslog from the firewall (debugging level) and can search on syslog id 722055 to see the individual logins. sourcetypeopsec OR sourcetypecisco:asa) earliest-1h. I am new to splunk and I am trying to collect An圜onnect VPN login history for my Cisco ASA 5515x. Same as above but added Anyconnect to be more specific: host="" Cisco_ASA_message_id=113019 type="An圜onnect-Parent" Splunk has thousands of applications available on Splunkbase, where you can find. Invalid Password: host="" Cisco_ASA_message_id=113005Īuthenticated successfully: host="" Cisco_ASA_message_id=113004ĭefault Group Policy: host="" Cisco_ASA_message_id=113009ĪAA ACCEPT or DENY: host="" Cisco_ASA_message_id=113008ĭisconnect with DURATION and REASON: host="" Cisco_ASA_message_id=113019 I am new to splunk and I am trying to collect An圜onnect VPN login history for my Cisco ASA 5515x. (index="wineventlog" OR source=*WinEventLog*) eventtype=windows_account_created * IISService1įind who was added to the Local Administrator Group: (index="wineventlog" OR source=*WinEventLog*) name="A member was added to a security-enabled local group" AND user_group="Administrators" * | rename dest_nt_domain as domain, EventCode as "event id", Display_Name as "user name",host as server | eval added_by=mvindex(Security_ID,0) | eval user=mvindex(Security_ID,1) Here’s a short list but I plan on added more in the near future.įind when an account was created and by who: (index="wineventlog" OR source=*WinEventLog*) eventtype=windows_account_created *
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |