metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kylerichard...@apache.org
Subject [2/3] incubator-metron git commit: METRON-769 Cisco ASA parser doesn't include syslog wrapper fields (simonellistonball via kylerichardson) closes apache/incubator-metron#479
Date Mon, 20 Mar 2017 15:33:53 GMT
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/4fba50a8/metron-platform/metron-integration-test/src/main/sample/data/asa/parsed/asa_parsed
----------------------------------------------------------------------
diff --git a/metron-platform/metron-integration-test/src/main/sample/data/asa/parsed/asa_parsed b/metron-platform/metron-integration-test/src/main/sample/data/asa/parsed/asa_parsed
index 0d02f2b..5c097ec 100755
--- a/metron-platform/metron-integration-test/src/main/sample/data/asa/parsed/asa_parsed
+++ b/metron-platform/metron-integration-test/src/main/sample/data/asa/parsed/asa_parsed
@@ -1,103 +1,103 @@
-{"original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609001: Built local-host inside:10.22.8.205","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.74","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167725 for Outside_VPN:147.111.72.16\/26436 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 9687 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":26436,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"147.111.72.16","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805593 for outside:10.22.8.223\/59614(LOCAL\\user.name) to inside:10.22.8.78\/8102 duration 0:00:07 bytes 3433 TCP FINs (user.name)","ip_dst_addr":"10.22.8.78","ip_src_port":59614,"ip_dst_port":8102,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.223","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245503 for outside:10.22.8.233\/54209 (10.22.8.233\/54209) to inside:198.111.72.238\/443 (198.111.72.238\/443) (user.name)","ip_dst_addr":"198.111.72.238","ip_src_port":54209,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.233","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806031 for outside:10.22.8.17\/58633 (10.22.8.17\/58633)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58633,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168292 for DMZ-Inside:10.22.8.51\/51231 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2103 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51231,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.226\/45019 flags SYN ACK  on interface Outside_VPN","ip_dst_addr":"204.111.72.226","ip_src_port":80,"ip_dst_port":45019,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"186.111.72.11","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604987 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64306 duration 0:00:31 bytes 10128 TCP FINs","ip_dst_addr":"10.22.8.188","ip_src_port":443,"ip_dst_port":64306,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"209.111.72.151","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604999 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64307 duration 0:00:30 bytes 6370 TCP FINs","ip_dst_addr":"10.22.8.188","ip_src_port":443,"ip_dst_port":64307,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"209.111.72.151","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167347 for Outside_VPN:198.111.72.24\/2134 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9785 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":2134,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.24","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245506 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.8\/8612 (192.111.72.8\/8612) (user.name)","ip_dst_addr":"192.111.72.8","ip_src_port":49886,"ip_dst_port":8612,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.110","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805993 for outside:10.22.8.89\/56917(LOCAL\\user.name) to inside:216.111.72.126\/443 duration 0:00:00 bytes 0 TCP FINs (user.name)","ip_dst_addr":"216.111.72.126","ip_src_port":56917,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.89","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/49192 to outside:224.111.72.252\/5355","ip_dst_addr":"224.111.72.252","ip_src_port":49192,"ip_dst_port":5355,"ciscotag":"ASA-7-710005","syslog_facility":"local4","action":"discarded","ip_src_addr":"10.22.8.223","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488166143 for Outside_VPN:198.111.72.64\/80 to Inside-Trunk:10.22.8.39\/54883 duration 0:00:04 bytes 1148 TCP FINs","ip_dst_addr":"10.22.8.39","ip_src_port":80,"ip_dst_port":54883,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.64","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.84\/445 to 10.22.8.219\/60726 flags ACK  on interface inside","ip_dst_addr":"10.22.8.219","ip_src_port":445,"ip_dst_port":60726,"ciscotag":"ASA-6-106015","syslog_facility":"local4","action":"deny","ip_src_addr":"10.22.8.84","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168344 for DMZ-Inside:10.22.8.53\/61682 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5648 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":61682,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.53","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168345 for DMZ-Inside:10.22.8.16\/31454 to Inside-Trunk:10.22.8.21\/443 duration 0:00:00 bytes 756 TCP FINs","ip_dst_addr":"10.22.8.21","ip_src_port":31454,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.16","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<182>Jan  5 20:22:35 10.22.8.4 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.12\/0 gaddr 10.22.8.45\/1 laddr 10.22.8.45\/1","ip_dst_addr":"10.22.8.12","ciscotag":"ASA-6-302020","syslog_facility":"local6","action":"built","ip_src_addr":"10.22.8.45","syslog_severity":"info","timestamp":1452025355000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 50.111.72.230\/80 to 204.111.72.254\/53077 flags RST  on interface Outside_VPN","ip_dst_addr":"204.111.72.254","ip_src_port":80,"ip_dst_port":53077,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"50.111.72.230","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603649 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63297 duration 0:02:01 bytes 209","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63297,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603650 for outside:207.111.72.122\/161 to inside:10.22.8.48\/63298 duration 0:02:01 bytes 209","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63298,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"207.111.72.122","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603652 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63300 duration 0:02:01 bytes 115","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63300,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603657 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63306 duration 0:02:01 bytes 115","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63306,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168436 for DMZ-Inside:10.22.8.51\/51235 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2497 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51235,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167656 for Outside_VPN:69.111.72.70\/21560 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 11410 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":21560,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"69.111.72.70","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806050 for outside:10.22.8.62\/53965 (10.22.8.62\/53965)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":53965,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806052 for outside:10.22.8.62\/56500 (10.22.8.62\/56500)(LOCAL\\user.name) to inside:198.111.72.83\/443 (198.111.72.83\/443) (user.name)","ip_dst_addr":"198.111.72.83","ip_src_port":56500,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806054 for outside:10.22.8.62\/56502 (10.22.8.62\/56502)(LOCAL\\user.name) to inside:50.111.72.252\/443 (50.111.72.252\/443) (user.name)","ip_dst_addr":"50.111.72.252","ip_src_port":56502,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.188\/64340 to outside:206.111.72.41\/2013","ip_src_port":64340,"ciscotag":"ASA-6-305011","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.188","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 15:52:35 10.22.8.33 %ASA-6-305012: Teardown dynamic UDP translation from inside:192.111.72.2\/62251 to outside:79.111.72.174\/21311 duration 0:02:30","ip_src_port":62251,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"192.111.72.2","syslog_severity":"info","timestamp":1452009155000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806058 for outside:10.22.8.221\/56631 (10.22.8.221\/56631)(LOCAL\\user.name) to inside:10.22.8.26\/389 (10.22.8.26\/389) (user.name)","ip_dst_addr":"10.22.8.26","ip_src_port":56631,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168189 for Outside_VPN:209.111.72.10\/56619 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 2477 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":56619,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"209.111.72.10","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.112\/52235 to 198.111.72.227\/80 flags ACK  on interface Inside-Trunk","ip_dst_addr":"198.111.72.227","ip_src_port":52235,"ip_dst_port":80,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"10.22.8.112","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167192 for Outside_VPN:115.111.72.7\/49196 to DMZ-Inside:10.22.8.57\/443 duration 0:00:02 bytes 20588 TCP Reset-O","ip_dst_addr":"10.22.8.57","ip_src_port":49196,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"115.111.72.7","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212806055 for outside:10.22.8.62\/55383(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 349 (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":55383,"ip_dst_port":53,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168380 for Outside_VPN:74.111.72.12\/443 to Inside-Trunk:10.22.8.39\/54894 duration 0:00:00 bytes 5701 TCP FINs","ip_dst_addr":"10.22.8.39","ip_src_port":443,"ip_dst_port":54894,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"74.111.72.12","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245522 for outside:10.22.8.147\/56343 (10.22.8.147\/56343) to inside:209.111.72.151\/443 (209.111.72.151\/443) (user.name)","ip_dst_addr":"209.111.72.151","ip_src_port":56343,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.147","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168443 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.81\/64713 duration 0:00:00 bytes 2426 TCP FINs","ip_dst_addr":"10.22.8.81","ip_src_port":80,"ip_dst_port":64713,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"23.111.72.27","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488111566 for Outside_VPN:131.111.72.49\/443 to Inside-Trunk:10.22.8.127\/56558 duration 0:01:57 bytes 3614 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":443,"ip_dst_port":56558,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"131.111.72.49","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806061 for outside:10.22.8.17\/58635 (10.22.8.17\/58635)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58635,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806010 for outside:10.22.8.33\/60223(LOCAL\\user.name) to inside:10.22.8.86\/389 duration 0:00:00 bytes 416 TCP Reset-I (user.name)","ip_dst_addr":"10.22.8.86","ip_src_port":60223,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.33","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806062 for outside:10.22.8.221\/56632 (10.22.8.221\/56632)(LOCAL\\user.name) to inside:10.22.8.73\/389 (10.22.8.73\/389) (user.name)","ip_dst_addr":"10.22.8.73","ip_src_port":56632,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168231 for Outside_VPN:204.111.72.243\/3011 to Inside-Trunk:10.22.8.208\/60037 duration 0:00:00 bytes 19415 TCP FINs","ip_dst_addr":"10.22.8.208","ip_src_port":3011,"ip_dst_port":60037,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"204.111.72.243","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 16:52:35 10.22.8.41 %ASA-6-302013: Built inbound TCP connection 45476108 for Outside:10.22.8.97\/53484 (10.22.8.97\/53484)(LOCAL\\user.name) to Inside:141.111.72.70\/7576 (141.111.72.70\/7576) (user.name)","ip_dst_addr":"141.111.72.70","ip_src_port":53484,"ip_dst_port":7576,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.97","syslog_severity":"info","timestamp":1452012755000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245527 for outside:10.22.8.97\/65195 (10.22.8.97\/65195) to inside:17.111.72.212\/5223 (17.111.72.212\/5223) (user.name)","ip_dst_addr":"17.111.72.212","ip_src_port":65195,"ip_dst_port":5223,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.97","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806018 for outside:10.22.8.17\/58632(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 0 TCP FINs (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58632,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168562 for DMZ-Inside:10.22.8.51\/51236 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2273 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51236,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806065 for outside:10.22.8.62\/59829 (10.22.8.62\/59829)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":59829,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806067 for outside:10.22.8.143\/62675 (10.22.8.143\/62675)(LOCAL\\user.name) to inside:141.111.72.12\/389 (141.111.72.12\/389) (user.name)","ip_dst_addr":"141.111.72.12","ip_src_port":62675,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.143","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/61122 to outside:224.111.72.252\/5355","ip_dst_addr":"224.111.72.252","ip_src_port":61122,"ip_dst_port":5355,"ciscotag":"ASA-7-710005","syslog_facility":"local4","action":"discarded","ip_src_addr":"10.22.8.223","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.143\/0(LOCAL\\user.name) gaddr 141.111.72.12\/0 laddr 141.111.72.12\/0 (user.name)","ip_dst_addr":"10.22.8.143","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"141.111.72.12","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168547 for Outside_VPN:107.111.72.102\/80 to Inside-Trunk:10.22.8.54\/61676 duration 0:00:00 bytes 1030 TCP FINs","ip_dst_addr":"10.22.8.54","ip_src_port":80,"ip_dst_port":61676,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"107.111.72.102","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806078 for outside:10.22.8.221\/56633 (10.22.8.221\/56633)(LOCAL\\user.name) to inside:10.22.8.20\/389 (10.22.8.20\/389) (user.name)","ip_dst_addr":"10.22.8.20","ip_src_port":56633,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.83\/59915 to outside:206.111.72.41\/22776","ip_src_port":59915,"ciscotag":"ASA-6-305011","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.83","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168044 for Outside_VPN:50.111.72.39\/80 to Inside-Trunk:10.22.8.75\/60877 duration 0:00:01 bytes 13304 TCP FINs","ip_dst_addr":"10.22.8.75","ip_src_port":80,"ip_dst_port":60877,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"50.111.72.39","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488118326 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.229\/57901 duration 0:01:45 bytes 1942 TCP FINs","ip_dst_addr":"10.22.8.229","ip_src_port":80,"ip_dst_port":57901,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"23.111.72.27","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488160565 for Outside_VPN:72.111.72.29\/80 to Inside-Trunk:10.22.8.42\/57520 duration 0:00:15 bytes 1025 TCP FINs","ip_dst_addr":"10.22.8.42","ip_src_port":80,"ip_dst_port":57520,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.29","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096423 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59096 duration 0:02:27 bytes 99347 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59096,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488095522 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59087 duration 0:02:29 bytes 154785 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59087,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488106557 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59134 duration 0:02:09 bytes 25319 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59134,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096426 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59099 duration 0:02:27 bytes 26171 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59099,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806005 for outside:10.22.8.17\/58630(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 3942 TCP FINs (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58630,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806085 for outside:10.22.8.143\/54018 (10.22.8.143\/54018)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":54018,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.143","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0 (user.name)","ip_dst_addr":"10.22.8.96","ciscotag":"ASA-6-302020","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.30","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245537 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.11\/8612 (192.111.72.11\/8612) (user.name)","ip_dst_addr":"192.111.72.11","ip_src_port":49886,"ip_dst_port":8612,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.110","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.85\/58359 to 10.22.8.11\/88 flags RST ACK  on interface Outside","ip_dst_addr":"10.22.8.11","ip_src_port":58359,"ip_dst_port":88,"ciscotag":"ASA-6-106015","syslog_facility":"local4","action":"deny","ip_src_addr":"10.22.8.85","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.82\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.82","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799832 for outside:10.22.8.230\/55549(LOCAL\\user.name) to inside:10.22.8.11\/389 duration 0:02:01 bytes 354 (user.name)","ip_dst_addr":"10.22.8.11","ip_src_port":55549,"ip_dst_port":389,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.230","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799867 for outside:10.22.8.240\/138(LOCAL\\user.name) to inside:10.22.8.255\/138 duration 0:02:01 bytes 214 (user.name)","ip_dst_addr":"10.22.8.255","ip_src_port":138,"ip_dst_port":138,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.240","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"original_string":"<167>Jan  5 08:52:36 10.22.8.216 %ASA-7-609001: Built local-host inside:67.111.72.204","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245544 for outside:10.22.8.227\/54540 (10.22.8.227\/54540) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","ip_dst_addr":"63.111.72.124","ip_src_port":54540,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.227","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168135 for Outside_VPN:198.111.72.66\/36797 to DMZ-Inside:10.22.8.53\/80 duration 0:00:01 bytes 89039 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":36797,"ip_dst_port":80,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.66","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805836 for outside:10.22.8.62\/56471(LOCAL\\user.name) to inside:208.111.72.1\/443 duration 0:00:04 bytes 1700 TCP FINs (user.name)","ip_dst_addr":"208.111.72.1","ip_src_port":56471,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245546 for outside:10.22.8.227\/54542 (10.22.8.227\/54542) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","ip_dst_addr":"63.111.72.124","ip_src_port":54542,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.227","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.74","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built outbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0","ip_dst_addr":"10.22.8.96","ciscotag":"ASA-6-302020","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.30","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168388 for DMZ-Inside:10.22.8.10\/49771 to Inside-Trunk:10.22.8.128\/443 duration 0:00:00 bytes 19132 TCP Reset-O","ip_dst_addr":"10.22.8.128","ip_src_port":49771,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.10","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168692 for DMZ-Inside:10.22.8.53\/61694 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5660 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":61694,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.53","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245552 for outside:10.22.8.92\/51042 (10.22.8.92\/51042) to inside:10.22.8.193\/9100 (10.22.8.193\/9100) (user.name)","ip_dst_addr":"10.22.8.193","ip_src_port":51042,"ip_dst_port":9100,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.92","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474680 for Outside:10.22.8.49\/137(LOCAL\\user.name) to Inside:10.22.8.12\/137 duration 0:02:03 bytes 486 (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":137,"ip_dst_port":137,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.49","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474694 for Outside:10.22.8.49\/138(LOCAL\\user.name) to Inside:10.22.8.12\/138 duration 0:02:01 bytes 184 (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":138,"ip_dst_port":138,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.49","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167720 for Outside_VPN:198.111.72.75\/1033 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9634 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":1033,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.75","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488165627 for Outside_VPN:170.111.72.22\/27463 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9756 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":27463,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"170.111.72.22","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<166>Jan  5 08:52:32 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212805854 for outside:10.22.8.62\/54704(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 114 (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":54704,"ip_dst_port":53,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302020: Built inbound ICMP connection for faddr 207.111.72.122\/0 gaddr 206.111.72.24\/512 laddr 10.22.8.57\/512","ip_dst_addr":"207.111.72.122","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.57","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302013: Built outbound TCP connection 17605397 for outside:69.111.72.0\/80 (69.111.72.0\/80) to inside:10.22.8.102\/55659 (206.111.72.41\/40627)","ip_dst_addr":"10.22.8.102","ip_src_port":80,"ip_dst_port":55659,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"69.111.72.0","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa"}
-{"protocol":"udp","original_string":"<174>Jan  5 14:52:32 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245230 for outside:10.22.8.96\/123 (10.22.8.96\/123) to inside:10.22.8.12\/123 (10.22.8.12\/123) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":123,"ip_dst_port":123,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.96","syslog_severity":"info","timestamp":1452005552000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031413 for Outside_VPN:184.111.72.216\/50341 to DMZ-Inside:10.22.8.57\/443 duration 0:05:01 bytes 13543 TCP Reset-O","ip_dst_addr":"10.22.8.57","ip_src_port":50341,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"184.111.72.216","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"protocol":"icmp","original_string":"<166>Jan  5 16:52:32 10.22.8.41 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.95\/1(LOCAL\\user.name) gaddr 10.22.8.12\/0 laddr 10.22.8.12\/0 (user.name)","ip_dst_addr":"10.22.8.95","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.12","syslog_severity":"info","timestamp":1452012752000,"source.type":"asa"}
-{"original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030393 for DMZ-Inside:[10.22.8.10\/57109 to Inside-Trunk:10.22.8.128\/443 duration 0:05:04 bytes 13541 TCP Reset-O","ciscotag":"ASA-6-302014","syslog_facility":"local1","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62156 to outside:206.111.72.41\/19576 duration 0:00:44","ip_src_port":62156,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.149","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62159 to outside:206.111.72.41\/39634 duration 0:00:44","ip_src_port":62159,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.149","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031793 for Outside_VPN:198.111.72.146\/28026 to DMZ-Inside:10.22.8.53\/443 duration 0:05:00 bytes 119 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":28026,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.146","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030810 for DMZ-Inside:10.22.8.10\/56930 to Inside-Trunk:10.22.8.128\/443 duration 0:05:03 bytes 13543 TCP Reset-O","ip_dst_addr":"10.22.8.128","ip_src_port":56930,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.10","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.199\/61438 flags SYN ACK  on interface Outside_VPN","ip_dst_addr":"204.111.72.199","ip_src_port":80,"ip_dst_port":61438,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"186.111.72.11","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"protocol":"tcp","original_string":"<166>Jan  5 08:52:32 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212805863 for outside:10.22.8.144\/61999 (10.22.8.144\/61999)(LOCAL\\user.name) to inside:10.22.8.163\/80 (10.22.8.163\/80) (user.name)","ip_dst_addr":"10.22.8.163","ip_src_port":61999,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.144","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
-{"original_string":"<167>Jan  5 08:52:32 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983952000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609001: Built local-host inside:10.22.8.205","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.74","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167725 for Outside_VPN:147.111.72.16\/26436 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 9687 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":26436,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"147.111.72.16","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805593 for outside:10.22.8.223\/59614(LOCAL\\user.name) to inside:10.22.8.78\/8102 duration 0:00:07 bytes 3433 TCP FINs (user.name)","ip_dst_addr":"10.22.8.78","ip_src_port":59614,"ip_dst_port":8102,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.223","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245503 for outside:10.22.8.233\/54209 (10.22.8.233\/54209) to inside:198.111.72.238\/443 (198.111.72.238\/443) (user.name)","ip_dst_addr":"198.111.72.238","ip_src_port":54209,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.233","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806031 for outside:10.22.8.17\/58633 (10.22.8.17\/58633)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58633,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168292 for DMZ-Inside:10.22.8.51\/51231 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2103 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51231,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.226\/45019 flags SYN ACK  on interface Outside_VPN","ip_dst_addr":"204.111.72.226","ip_src_port":80,"ip_dst_port":45019,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"186.111.72.11","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604987 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64306 duration 0:00:31 bytes 10128 TCP FINs","ip_dst_addr":"10.22.8.188","ip_src_port":443,"ip_dst_port":64306,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"209.111.72.151","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604999 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64307 duration 0:00:30 bytes 6370 TCP FINs","ip_dst_addr":"10.22.8.188","ip_src_port":443,"ip_dst_port":64307,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"209.111.72.151","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167347 for Outside_VPN:198.111.72.24\/2134 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9785 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":2134,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.24","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"udp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245506 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.8\/8612 (192.111.72.8\/8612) (user.name)","ip_dst_addr":"192.111.72.8","ip_src_port":49886,"ip_dst_port":8612,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.110","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805993 for outside:10.22.8.89\/56917(LOCAL\\user.name) to inside:216.111.72.126\/443 duration 0:00:00 bytes 0 TCP FINs (user.name)","ip_dst_addr":"216.111.72.126","ip_src_port":56917,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.89","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/49192 to outside:224.111.72.252\/5355","ip_dst_addr":"224.111.72.252","ip_src_port":49192,"ip_dst_port":5355,"ciscotag":"ASA-7-710005","syslog_facility":"local4","action":"discarded","ip_src_addr":"10.22.8.223","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488166143 for Outside_VPN:198.111.72.64\/80 to Inside-Trunk:10.22.8.39\/54883 duration 0:00:04 bytes 1148 TCP FINs","ip_dst_addr":"10.22.8.39","ip_src_port":80,"ip_dst_port":54883,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.64","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.84\/445 to 10.22.8.219\/60726 flags ACK  on interface inside","ip_dst_addr":"10.22.8.219","ip_src_port":445,"ip_dst_port":60726,"ciscotag":"ASA-6-106015","syslog_facility":"local4","action":"deny","ip_src_addr":"10.22.8.84","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168344 for DMZ-Inside:10.22.8.53\/61682 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5648 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":61682,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.53","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168345 for DMZ-Inside:10.22.8.16\/31454 to Inside-Trunk:10.22.8.21\/443 duration 0:00:00 bytes 756 TCP FINs","ip_dst_addr":"10.22.8.21","ip_src_port":31454,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.16","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.4","protocol":"icmp","original_string":"<182>Jan  5 20:22:35 10.22.8.4 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.12\/0 gaddr 10.22.8.45\/1 laddr 10.22.8.45\/1","ip_dst_addr":"10.22.8.12","ciscotag":"ASA-6-302020","syslog_facility":"local6","action":"built","ip_src_addr":"10.22.8.45","syslog_severity":"info","timestamp":1452025355000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 50.111.72.230\/80 to 204.111.72.254\/53077 flags RST  on interface Outside_VPN","ip_dst_addr":"204.111.72.254","ip_src_port":80,"ip_dst_port":53077,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"50.111.72.230","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603649 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63297 duration 0:02:01 bytes 209","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63297,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603650 for outside:207.111.72.122\/161 to inside:10.22.8.48\/63298 duration 0:02:01 bytes 209","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63298,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"207.111.72.122","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603652 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63300 duration 0:02:01 bytes 115","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63300,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"udp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603657 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63306 duration 0:02:01 bytes 115","ip_dst_addr":"10.22.8.48","ip_src_port":161,"ip_dst_port":63306,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"206.111.72.2","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168436 for DMZ-Inside:10.22.8.51\/51235 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2497 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51235,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167656 for Outside_VPN:69.111.72.70\/21560 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 11410 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":21560,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"69.111.72.70","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806050 for outside:10.22.8.62\/53965 (10.22.8.62\/53965)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":53965,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806052 for outside:10.22.8.62\/56500 (10.22.8.62\/56500)(LOCAL\\user.name) to inside:198.111.72.83\/443 (198.111.72.83\/443) (user.name)","ip_dst_addr":"198.111.72.83","ip_src_port":56500,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806054 for outside:10.22.8.62\/56502 (10.22.8.62\/56502)(LOCAL\\user.name) to inside:50.111.72.252\/443 (50.111.72.252\/443) (user.name)","ip_dst_addr":"50.111.72.252","ip_src_port":56502,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.188\/64340 to outside:206.111.72.41\/2013","ip_src_port":64340,"ciscotag":"ASA-6-305011","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.188","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.33","protocol":"udp","original_string":"<166>Jan  5 15:52:35 10.22.8.33 %ASA-6-305012: Teardown dynamic UDP translation from inside:192.111.72.2\/62251 to outside:79.111.72.174\/21311 duration 0:02:30","ip_src_port":62251,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"192.111.72.2","syslog_severity":"info","timestamp":1452009155000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806058 for outside:10.22.8.221\/56631 (10.22.8.221\/56631)(LOCAL\\user.name) to inside:10.22.8.26\/389 (10.22.8.26\/389) (user.name)","ip_dst_addr":"10.22.8.26","ip_src_port":56631,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168189 for Outside_VPN:209.111.72.10\/56619 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 2477 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":56619,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"209.111.72.10","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.112\/52235 to 198.111.72.227\/80 flags ACK  on interface Inside-Trunk","ip_dst_addr":"198.111.72.227","ip_src_port":52235,"ip_dst_port":80,"ciscotag":"ASA-6-106015","syslog_facility":"local1","action":"deny","ip_src_addr":"10.22.8.112","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167192 for Outside_VPN:115.111.72.7\/49196 to DMZ-Inside:10.22.8.57\/443 duration 0:00:02 bytes 20588 TCP Reset-O","ip_dst_addr":"10.22.8.57","ip_src_port":49196,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"115.111.72.7","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212806055 for outside:10.22.8.62\/55383(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 349 (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":55383,"ip_dst_port":53,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168380 for Outside_VPN:74.111.72.12\/443 to Inside-Trunk:10.22.8.39\/54894 duration 0:00:00 bytes 5701 TCP FINs","ip_dst_addr":"10.22.8.39","ip_src_port":443,"ip_dst_port":54894,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"74.111.72.12","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245522 for outside:10.22.8.147\/56343 (10.22.8.147\/56343) to inside:209.111.72.151\/443 (209.111.72.151\/443) (user.name)","ip_dst_addr":"209.111.72.151","ip_src_port":56343,"ip_dst_port":443,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.147","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168443 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.81\/64713 duration 0:00:00 bytes 2426 TCP FINs","ip_dst_addr":"10.22.8.81","ip_src_port":80,"ip_dst_port":64713,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"23.111.72.27","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488111566 for Outside_VPN:131.111.72.49\/443 to Inside-Trunk:10.22.8.127\/56558 duration 0:01:57 bytes 3614 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":443,"ip_dst_port":56558,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"131.111.72.49","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806061 for outside:10.22.8.17\/58635 (10.22.8.17\/58635)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58635,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806010 for outside:10.22.8.33\/60223(LOCAL\\user.name) to inside:10.22.8.86\/389 duration 0:00:00 bytes 416 TCP Reset-I (user.name)","ip_dst_addr":"10.22.8.86","ip_src_port":60223,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.33","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806062 for outside:10.22.8.221\/56632 (10.22.8.221\/56632)(LOCAL\\user.name) to inside:10.22.8.73\/389 (10.22.8.73\/389) (user.name)","ip_dst_addr":"10.22.8.73","ip_src_port":56632,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","ciscotag":"ASA-7-609002","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168231 for Outside_VPN:204.111.72.243\/3011 to Inside-Trunk:10.22.8.208\/60037 duration 0:00:00 bytes 19415 TCP FINs","ip_dst_addr":"10.22.8.208","ip_src_port":3011,"ip_dst_port":60037,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"204.111.72.243","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.41","protocol":"tcp","original_string":"<166>Jan  5 16:52:35 10.22.8.41 %ASA-6-302013: Built inbound TCP connection 45476108 for Outside:10.22.8.97\/53484 (10.22.8.97\/53484)(LOCAL\\user.name) to Inside:141.111.72.70\/7576 (141.111.72.70\/7576) (user.name)","ip_dst_addr":"141.111.72.70","ip_src_port":53484,"ip_dst_port":7576,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.97","syslog_severity":"info","timestamp":1452012755000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245527 for outside:10.22.8.97\/65195 (10.22.8.97\/65195) to inside:17.111.72.212\/5223 (17.111.72.212\/5223) (user.name)","ip_dst_addr":"17.111.72.212","ip_src_port":65195,"ip_dst_port":5223,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.97","syslog_severity":"info","timestamp":1452005555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806018 for outside:10.22.8.17\/58632(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 0 TCP FINs (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58632,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168562 for DMZ-Inside:10.22.8.51\/51236 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2273 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":51236,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.51","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806065 for outside:10.22.8.62\/59829 (10.22.8.62\/59829)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":59829,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806067 for outside:10.22.8.143\/62675 (10.22.8.143\/62675)(LOCAL\\user.name) to inside:141.111.72.12\/389 (141.111.72.12\/389) (user.name)","ip_dst_addr":"141.111.72.12","ip_src_port":62675,"ip_dst_port":389,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.143","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/61122 to outside:224.111.72.252\/5355","ip_dst_addr":"224.111.72.252","ip_src_port":61122,"ip_dst_port":5355,"ciscotag":"ASA-7-710005","syslog_facility":"local4","action":"discarded","ip_src_addr":"10.22.8.223","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.143\/0(LOCAL\\user.name) gaddr 141.111.72.12\/0 laddr 141.111.72.12\/0 (user.name)","ip_dst_addr":"10.22.8.143","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"141.111.72.12","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168547 for Outside_VPN:107.111.72.102\/80 to Inside-Trunk:10.22.8.54\/61676 duration 0:00:00 bytes 1030 TCP FINs","ip_dst_addr":"10.22.8.54","ip_src_port":80,"ip_dst_port":61676,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"107.111.72.102","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806078 for outside:10.22.8.221\/56633 (10.22.8.221\/56633)(LOCAL\\user.name) to inside:10.22.8.20\/389 (10.22.8.20\/389) (user.name)","ip_dst_addr":"10.22.8.20","ip_src_port":56633,"ip_dst_port":389,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.221","syslog_severity":"info","timestamp":1451983955000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.83\/59915 to outside:206.111.72.41\/22776","ip_src_port":59915,"ciscotag":"ASA-6-305011","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.83","syslog_severity":"info","timestamp":1451987555000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168044 for Outside_VPN:50.111.72.39\/80 to Inside-Trunk:10.22.8.75\/60877 duration 0:00:01 bytes 13304 TCP FINs","ip_dst_addr":"10.22.8.75","ip_src_port":80,"ip_dst_port":60877,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"50.111.72.39","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488118326 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.229\/57901 duration 0:01:45 bytes 1942 TCP FINs","ip_dst_addr":"10.22.8.229","ip_src_port":80,"ip_dst_port":57901,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"23.111.72.27","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488160565 for Outside_VPN:72.111.72.29\/80 to Inside-Trunk:10.22.8.42\/57520 duration 0:00:15 bytes 1025 TCP FINs","ip_dst_addr":"10.22.8.42","ip_src_port":80,"ip_dst_port":57520,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.29","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096423 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59096 duration 0:02:27 bytes 99347 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59096,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488095522 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59087 duration 0:02:29 bytes 154785 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59087,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488106557 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59134 duration 0:02:09 bytes 25319 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59134,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096426 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59099 duration 0:02:27 bytes 26171 TCP Reset-O","ip_dst_addr":"10.22.8.127","ip_src_port":80,"ip_dst_port":59099,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"72.111.72.43","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806005 for outside:10.22.8.17\/58630(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 3942 TCP FINs (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":58630,"ip_dst_port":389,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.17","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806085 for outside:10.22.8.143\/54018 (10.22.8.143\/54018)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":54018,"ip_dst_port":53,"ciscotag":"ASA-6-302015","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.143","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"icmp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0 (user.name)","ip_dst_addr":"10.22.8.96","ciscotag":"ASA-6-302020","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.30","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"udp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245537 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.11\/8612 (192.111.72.11\/8612) (user.name)","ip_dst_addr":"192.111.72.11","ip_src_port":49886,"ip_dst_port":8612,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.110","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
+{"syslog_host":"10.22.8.41","protocol":"tcp","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.85\/58359 to 10.22.8.11\/88 flags RST ACK  on interface Outside","ip_dst_addr":"10.22.8.11","ip_src_port":58359,"ip_dst_port":88,"ciscotag":"ASA-6-106015","syslog_facility":"local4","action":"deny","ip_src_addr":"10.22.8.85","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.82\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.82","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799832 for outside:10.22.8.230\/55549(LOCAL\\user.name) to inside:10.22.8.11\/389 duration 0:02:01 bytes 354 (user.name)","ip_dst_addr":"10.22.8.11","ip_src_port":55549,"ip_dst_port":389,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.230","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799867 for outside:10.22.8.240\/138(LOCAL\\user.name) to inside:10.22.8.255\/138 duration 0:02:01 bytes 214 (user.name)","ip_dst_addr":"10.22.8.255","ip_src_port":138,"ip_dst_port":138,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.240","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","original_string":"<167>Jan  5 08:52:36 10.22.8.216 %ASA-7-609001: Built local-host inside:67.111.72.204","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245544 for outside:10.22.8.227\/54540 (10.22.8.227\/54540) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","ip_dst_addr":"63.111.72.124","ip_src_port":54540,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.227","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168135 for Outside_VPN:198.111.72.66\/36797 to DMZ-Inside:10.22.8.53\/80 duration 0:00:01 bytes 89039 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":36797,"ip_dst_port":80,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.66","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"tcp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805836 for outside:10.22.8.62\/56471(LOCAL\\user.name) to inside:208.111.72.1\/443 duration 0:00:04 bytes 1700 TCP FINs (user.name)","ip_dst_addr":"208.111.72.1","ip_src_port":56471,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245546 for outside:10.22.8.227\/54542 (10.22.8.227\/54542) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","ip_dst_addr":"63.111.72.124","ip_src_port":54542,"ip_dst_port":80,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.227","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"icmp","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","ip_dst_addr":"10.22.8.74","ciscotag":"ASA-6-302021","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.205","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"icmp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built outbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0","ip_dst_addr":"10.22.8.96","ciscotag":"ASA-6-302020","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.30","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168388 for DMZ-Inside:10.22.8.10\/49771 to Inside-Trunk:10.22.8.128\/443 duration 0:00:00 bytes 19132 TCP Reset-O","ip_dst_addr":"10.22.8.128","ip_src_port":49771,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.10","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168692 for DMZ-Inside:10.22.8.53\/61694 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5660 TCP FINs","ip_dst_addr":"10.22.8.174","ip_src_port":61694,"ip_dst_port":40004,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"10.22.8.53","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"tcp","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245552 for outside:10.22.8.92\/51042 (10.22.8.92\/51042) to inside:10.22.8.193\/9100 (10.22.8.193\/9100) (user.name)","ip_dst_addr":"10.22.8.193","ip_src_port":51042,"ip_dst_port":9100,"ciscotag":"ASA-6-302013","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.92","syslog_severity":"info","timestamp":1452005556000,"source.type":"asa"}
+{"syslog_host":"10.22.8.41","protocol":"udp","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474680 for Outside:10.22.8.49\/137(LOCAL\\user.name) to Inside:10.22.8.12\/137 duration 0:02:03 bytes 486 (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":137,"ip_dst_port":137,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.49","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa"}
+{"syslog_host":"10.22.8.41","protocol":"udp","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474694 for Outside:10.22.8.49\/138(LOCAL\\user.name) to Inside:10.22.8.12\/138 duration 0:02:01 bytes 184 (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":138,"ip_dst_port":138,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.49","syslog_severity":"info","timestamp":1452012756000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167720 for Outside_VPN:198.111.72.75\/1033 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9634 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":1033,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"198.111.72.75","syslog_severity":"info","timestamp":1451983956000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488165627 for Outside_VPN:170.111.72.22\/27463 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9756 TCP FINs","ip_dst_addr":"10.22.8.53","ip_src_port":27463,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"170.111.72.22","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
+{"syslog_host":"10.22.8.216","protocol":"udp","original_string":"<166>Jan  5 08:52:32 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212805854 for outside:10.22.8.62\/54704(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 114 (user.name)","ip_dst_addr":"10.22.8.85","ip_src_port":54704,"ip_dst_port":53,"ciscotag":"ASA-6-302016","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.62","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"icmp","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302020: Built inbound ICMP connection for faddr 207.111.72.122\/0 gaddr 206.111.72.24\/512 laddr 10.22.8.57\/512","ip_dst_addr":"207.111.72.122","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.57","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302013: Built outbound TCP connection 17605397 for outside:69.111.72.0\/80 (69.111.72.0\/80) to inside:10.22.8.102\/55659 (206.111.72.41\/40627)","ip_dst_addr":"10.22.8.102","ip_src_port":80,"ip_dst_port":55659,"ciscotag":"ASA-6-302013","syslog_facility":"local4","action":"built","ip_src_addr":"69.111.72.0","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa"}
+{"syslog_host":"10.22.8.212","protocol":"udp","original_string":"<174>Jan  5 14:52:32 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245230 for outside:10.22.8.96\/123 (10.22.8.96\/123) to inside:10.22.8.12\/123 (10.22.8.12\/123) (user.name)","ip_dst_addr":"10.22.8.12","ip_src_port":123,"ip_dst_port":123,"ciscotag":"ASA-6-302015","syslog_facility":"local5","action":"built","ip_src_addr":"10.22.8.96","syslog_severity":"info","timestamp":1452005552000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","protocol":"tcp","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031413 for Outside_VPN:184.111.72.216\/50341 to DMZ-Inside:10.22.8.57\/443 duration 0:05:01 bytes 13543 TCP Reset-O","ip_dst_addr":"10.22.8.57","ip_src_port":50341,"ip_dst_port":443,"ciscotag":"ASA-6-302014","syslog_facility":"local1","action":"teardown","ip_src_addr":"184.111.72.216","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
+{"syslog_host":"10.22.8.41","protocol":"icmp","original_string":"<166>Jan  5 16:52:32 10.22.8.41 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.95\/1(LOCAL\\user.name) gaddr 10.22.8.12\/0 laddr 10.22.8.12\/0 (user.name)","ip_dst_addr":"10.22.8.95","ciscotag":"ASA-6-302020","syslog_facility":"local4","action":"built","ip_src_addr":"10.22.8.12","syslog_severity":"info","timestamp":1452012752000,"source.type":"asa"}
+{"syslog_host":"10.22.8.201","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030393 for DMZ-Inside:[10.22.8.10\/57109 to Inside-Trunk:10.22.8.128\/443 duration 0:05:04 bytes 13541 TCP Reset-O","ciscotag":"ASA-6-302014","syslog_facility":"local1","syslog_severity":"info","timestamp":1451983952000,"source.type":"asa"}
+{"syslog_host":"10.22.8.12","protocol":"tcp","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62156 to outside:206.111.72.41\/19576 duration 0:00:44","ip_src_port":62156,"ciscotag":"ASA-6-305012","syslog_facility":"local4","action":"teardown","ip_src_addr":"10.22.8.149","syslog_severity":"info","timestamp":1451987552000,"source.type":"asa"}
+{"syslog_host":"10.22.8.1

<TRUNCATED>


Mime
View raw message