From 915bb97bade332261b48e47ddccf69aefcb9c1f1 Mon Sep 17 00:00:00 2001
From: kyle-mallett-gravwell <kyle.mallett@gravwell.io>
Date: Wed, 18 Mar 2026 13:56:19 -0500
Subject: [PATCH] feat(#268): New Kit: Cisco ASA & Cisco FTD - Initial Release

# Cisco ASA & Cisco FTD Kit(s)

## What is the feature to be added?
- Make a kit for Cisco ASA
- Make a kit for Cisco FTD

## Why should we add this feature? (Business justification? What problem is the feature trying to solve?)

Useful for customers utilizing that product.

## How does this feature address the above problem?

Makes getting up and running faster for Cisco ASA/FTD logs

## Any other comments?

https://github.com/gravwell/kits/issues/268

<!--

The title of this PR should have the form:  [TYPE]([ISSUE_NUMBER]): [CHANGELOG_MESSAGE]

- If [TYPE] is fix or feat, the CHANGELOG_MESSAGE will be included in customer-facing, release change logs.
- Other [TYPE]s WILL NOT be included in release change logs.
- Check out https://github.com/angular/angular/blob/22b96b9/CONTRIBUTING.md#type for other type ideas, or invent your own.

-->

This PR addresses [[ISSUE_LINK](https://github.com/gravwell/kits/issues/268)]

## This PR proposes...

-

## PR Tasks

<!-- Add tasks to this list as needed -->

- [ ] e2e and/or unit tests included. If not, please provide an explanation.
- [ ] **Bug fixes only:** minimal repro steps included on the issue (for PR QA + Release QA).

## Reviewer Tasks

<!-- Add tasks to this list as needed -->

- [ ] e2e or unit tests are present to test the proposed changes.
- [ ] Code is sufficiently documented.
- [ ] Code meets quality and correctness expectations.

<!--

The title of this PR should have the form:  [TYPE]([ISSUE_NUMBER]): [CHANGELOG_MESSAGE]

- If [TYPE] is fix or feat, the CHANGELOG_MESSAGE will be included in customer-facing, release change logs.
- Other [TYPE]s WILL NOT be included in release change logs.
- Check out https://github.com/angular/angular/blob/22b96b9/CONTRIBUTING.md#type for other type ideas, or invent your own.

-->

This PR addresses [ISSUE_LINK]

## This PR proposes...

-

## PR Tasks

<!-- Add tasks to this list as needed -->

- [ ] e2e and/or unit tests included. If not, please provide an explanation.
- [ ] **Bug fixes only:** minimal repro steps included on the issue (for PR QA + Release QA).

## Reviewer Tasks

<!-- Add tasks to this list as needed -->

- [ ] e2e or unit tests are present to test the proposed changes.
- [ ] Code is sufficiently documented.
- [ ] Code meets quality and correctness expectations.
---
 cisco_asa/BUILD                               |   26 +
 cisco_asa/MANIFEST                            |  399 +++
 cisco_asa/README.md                           |   27 +
 cisco_asa/autoextractor/cisco-asa-auth.args   |    1 +
 cisco_asa/autoextractor/cisco-asa-auth.meta   |   18 +
 cisco_asa/autoextractor/cisco-asa-auth.params |    1 +
 cisco_asa/autoextractor/cisco-asa-config.args |    1 +
 cisco_asa/autoextractor/cisco-asa-config.meta |   18 +
 .../autoextractor/cisco-asa-config.params     |    1 +
 cisco_asa/autoextractor/cisco-asa-events.args |    1 +
 cisco_asa/autoextractor/cisco-asa-events.meta |   18 +
 .../autoextractor/cisco-asa-events.params     |    1 +
 cisco_asa/autoextractor/cisco-asa-system.args |    1 +
 cisco_asa/autoextractor/cisco-asa-system.meta |   18 +
 .../autoextractor/cisco-asa-system.params     |    1 +
 cisco_asa/autoextractor/cisco-asa-threat.args |    1 +
 cisco_asa/autoextractor/cisco-asa-threat.meta |   18 +
 .../autoextractor/cisco-asa-threat.params     |    1 +
 .../autoextractor/cisco-asa-traffic.args      |    1 +
 .../autoextractor/cisco-asa-traffic.meta      |   18 +
 .../autoextractor/cisco-asa-traffic.params    |    1 +
 cisco_asa/autoextractor/cisco-asa-vpn.args    |    1 +
 cisco_asa/autoextractor/cisco-asa-vpn.meta    |   18 +
 cisco_asa/autoextractor/cisco-asa-vpn.params  |    1 +
 cisco_asa/cisco-banner.png                    |  Bin 0 -> 13297 bytes
 cisco_asa/cisco-cover.png                     |  Bin 0 -> 13297 bytes
 cisco_asa/cisco-icon.png                      |  Bin 0 -> 13297 bytes
 cisco_asa/cisco_asa.metadata                  |   44 +
 .../0c340e6a-7268-46a7-8f36-f59405ff64fe.meta |  649 +++++
 .../ecba95f1-ffc0-4771-a709-8a8cd4034d54.meta |  499 ++++
 ...fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents |  Bin 0 -> 13297 bytes
 .../151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta |    9 +
 ...13d4b-635b-4a4d-8eba-85ca1a3adb6d.contents |  Bin 0 -> 13297 bytes
 .../8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta |    9 +
 ...98ad2-b2a7-4b24-8374-72f247a18822.contents |  Bin 0 -> 13297 bytes
 .../e0b98ad2-b2a7-4b24-8374-72f247a18822.meta |    9 +
 cisco_asa/license/Apache 2.0 License.meta     |  176 ++
 cisco_asa/macro/CISCO_ASA.expansion           |    1 +
 cisco_asa/macro/CISCO_ASA.meta                |    8 +
 cisco_asa/macro/CISCO_ASA_AUTH.expansion      |    1 +
 cisco_asa/macro/CISCO_ASA_AUTH.meta           |    8 +
 cisco_asa/macro/CISCO_ASA_CONFIG.expansion    |    1 +
 cisco_asa/macro/CISCO_ASA_CONFIG.meta         |    8 +
 cisco_asa/macro/CISCO_ASA_EVENTS.expansion    |    1 +
 cisco_asa/macro/CISCO_ASA_EVENTS.meta         |    8 +
 cisco_asa/macro/CISCO_ASA_SEVERITY.expansion  |   10 +
 cisco_asa/macro/CISCO_ASA_SEVERITY.meta       |    8 +
 .../macro/CISCO_ASA_SEVERITY_ORDER.expansion  |   10 +
 cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.meta |    8 +
 cisco_asa/macro/CISCO_ASA_SYSTEM.expansion    |    1 +
 cisco_asa/macro/CISCO_ASA_SYSTEM.meta         |    8 +
 cisco_asa/macro/CISCO_ASA_THREAT.expansion    |    1 +
 cisco_asa/macro/CISCO_ASA_THREAT.meta         |    8 +
 cisco_asa/macro/CISCO_ASA_TRAFFIC.expansion   |    1 +
 cisco_asa/macro/CISCO_ASA_TRAFFIC.meta        |    8 +
 cisco_asa/macro/CISCO_ASA_VPN.expansion       |    1 +
 cisco_asa/macro/CISCO_ASA_VPN.meta            |    8 +
 .../bf135c0c-9050-4847-909a-d38e0a4fa653.meta |   44 +
 .../df9a72aa-2c82-4454-a0f0-55b4a538b270.body |  434 +++
 .../df9a72aa-2c82-4454-a0f0-55b4a538b270.meta |   25 +
 ...2-4454-a0f0-55b4a538b270.playbook_metadata |    1 +
 .../cisco_asa_syslog_messages.contents        | 2338 +++++++++++++++++
 .../resource/cisco_asa_syslog_messages.meta   |   12 +
 .../04605cfd-f1e7-427f-a41e-f1d38f889720.meta |   12 +
 ...04605cfd-f1e7-427f-a41e-f1d38f889720.query |    5 +
 .../094bf60b-7382-4e43-9867-8de7ac4c3444.meta |   12 +
 ...094bf60b-7382-4e43-9867-8de7ac4c3444.query |    5 +
 .../0d1d3288-09a7-47a0-adde-f01f4dc0134f.meta |   12 +
 ...0d1d3288-09a7-47a0-adde-f01f4dc0134f.query |    5 +
 .../2671528e-99d4-4d09-b497-cb75926c5d0b.meta |   12 +
 ...2671528e-99d4-4d09-b497-cb75926c5d0b.query |    4 +
 .../5dbb1e3b-6a8e-44a6-9be3-134b4704f094.meta |   12 +
 ...5dbb1e3b-6a8e-44a6-9be3-134b4704f094.query |    5 +
 .../6d3deabc-1f6b-4478-affe-274a6e5783ad.meta |   12 +
 ...6d3deabc-1f6b-4478-affe-274a6e5783ad.query |    5 +
 .../6d7375c4-15e1-4578-bde8-fec4912fae1d.meta |   12 +
 ...6d7375c4-15e1-4578-bde8-fec4912fae1d.query |    4 +
 .../835fbc22-f2db-4b63-9acf-9d9013b59f3e.meta |   12 +
 ...835fbc22-f2db-4b63-9acf-9d9013b59f3e.query |    6 +
 .../abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.meta |   12 +
 ...abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.query |    5 +
 .../ac7861cf-7a72-4efd-ac26-2e08a833ebf5.meta |   12 +
 ...ac7861cf-7a72-4efd-ac26-2e08a833ebf5.query |    5 +
 .../bd053ad9-2882-465a-a265-cbe41a1c55d6.meta |   12 +
 ...bd053ad9-2882-465a-a265-cbe41a1c55d6.query |    5 +
 .../bdcc39a0-ec42-4086-af44-072fd2de8a5c.meta |   12 +
 ...bdcc39a0-ec42-4086-af44-072fd2de8a5c.query |    5 +
 .../07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.meta |   37 +
 ...07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.query |    9 +
 .../10ba1a95-b8b0-48b5-b6da-0c4d239b6723.meta |   37 +
 ...10ba1a95-b8b0-48b5-b6da-0c4d239b6723.query |    6 +
 .../1ed766ff-be55-4260-a78d-455a153dd2c2.meta |   37 +
 ...1ed766ff-be55-4260-a78d-455a153dd2c2.query |    6 +
 .../25d1c7eb-1374-489c-8921-aaae39080640.meta |   37 +
 ...25d1c7eb-1374-489c-8921-aaae39080640.query |    6 +
 .../27eaeef9-b4e5-447d-9507-ef4c956e8628.meta |   37 +
 ...27eaeef9-b4e5-447d-9507-ef4c956e8628.query |    6 +
 .../3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.meta |   37 +
 ...3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.query |    6 +
 .../40c8245f-831a-4b79-89bf-8bde22cc6a14.meta |   37 +
 ...40c8245f-831a-4b79-89bf-8bde22cc6a14.query |    6 +
 .../47d8c36b-fbfe-42d7-869d-29899bb65dca.meta |   37 +
 ...47d8c36b-fbfe-42d7-869d-29899bb65dca.query |    6 +
 .../581bde9b-2fed-4c15-9399-b88e5e9d9906.meta |   37 +
 ...581bde9b-2fed-4c15-9399-b88e5e9d9906.query |    9 +
 .../611dffdb-4690-44e2-b879-02c10a7f0491.meta |   37 +
 ...611dffdb-4690-44e2-b879-02c10a7f0491.query |    9 +
 .../6355fe94-d78b-4907-953f-90f326bf2068.meta |   37 +
 ...6355fe94-d78b-4907-953f-90f326bf2068.query |    9 +
 .../6b59baee-fe04-485b-ac08-409e3019676f.meta |   37 +
 ...6b59baee-fe04-485b-ac08-409e3019676f.query |    9 +
 .../6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.meta |   37 +
 ...6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.query |    6 +
 .../7036eb99-c22a-47c4-80a7-98305bf2a2bc.meta |   37 +
 ...7036eb99-c22a-47c4-80a7-98305bf2a2bc.query |    6 +
 .../9661c35b-5fcd-4680-a978-3ef27a4773ba.meta |   37 +
 ...9661c35b-5fcd-4680-a978-3ef27a4773ba.query |    9 +
 .../9dfd4836-c89d-4a07-87fc-252c4de215b9.meta |   37 +
 ...9dfd4836-c89d-4a07-87fc-252c4de215b9.query |    6 +
 .../a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.meta |   37 +
 ...a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.query |    9 +
 .../afee5a3c-b9a1-4401-91d1-6606578ac7eb.meta |   37 +
 ...afee5a3c-b9a1-4401-91d1-6606578ac7eb.query |    9 +
 .../bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.meta |   37 +
 ...bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.query |    6 +
 .../c4f13f36-82d9-4979-9674-62c47c4afcbf.meta |   37 +
 ...c4f13f36-82d9-4979-9674-62c47c4afcbf.query |    6 +
 .../d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.meta |   37 +
 ...d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.query |    7 +
 .../d9ca6be9-e6b2-47bd-b848-5e7688279504.meta |   37 +
 ...d9ca6be9-e6b2-47bd-b848-5e7688279504.query |    6 +
 .../f430c1df-81bc-445c-b61a-1ef49fb083ec.meta |   37 +
 ...f430c1df-81bc-445c-b61a-1ef49fb083ec.query |    6 +
 .../fd7b6b7a-299d-453a-8920-07a1eea1b263.meta |   37 +
 ...fd7b6b7a-299d-453a-8920-07a1eea1b263.query |    6 +
 cisco_ftd/BUILD                               |   26 +
 cisco_ftd/MANIFEST                            |  588 +++++
 cisco_ftd/README.md                           |   27 +
 cisco_ftd/autoextractor/cisco-ftd-auth.args   |    1 +
 cisco_ftd/autoextractor/cisco-ftd-auth.meta   |   18 +
 cisco_ftd/autoextractor/cisco-ftd-auth.params |    1 +
 cisco_ftd/autoextractor/cisco-ftd-config.args |    1 +
 cisco_ftd/autoextractor/cisco-ftd-config.meta |   18 +
 .../autoextractor/cisco-ftd-config.params     |    1 +
 .../autoextractor/cisco-ftd-connection.args   |    1 +
 .../autoextractor/cisco-ftd-connection.meta   |   18 +
 .../autoextractor/cisco-ftd-connection.params |    1 +
 cisco_ftd/autoextractor/cisco-ftd-events.args |    1 +
 cisco_ftd/autoextractor/cisco-ftd-events.meta |   18 +
 .../autoextractor/cisco-ftd-events.params     |    1 +
 cisco_ftd/autoextractor/cisco-ftd-file.args   |    1 +
 cisco_ftd/autoextractor/cisco-ftd-file.meta   |   18 +
 cisco_ftd/autoextractor/cisco-ftd-file.params |    1 +
 .../autoextractor/cisco-ftd-intrusion.args    |    1 +
 .../autoextractor/cisco-ftd-intrusion.meta    |   18 +
 .../autoextractor/cisco-ftd-intrusion.params  |    1 +
 .../autoextractor/cisco-ftd-malware.args      |    1 +
 .../autoextractor/cisco-ftd-malware.meta      |   18 +
 .../autoextractor/cisco-ftd-malware.params    |    1 +
 cisco_ftd/autoextractor/cisco-ftd-system.args |    1 +
 cisco_ftd/autoextractor/cisco-ftd-system.meta |   18 +
 .../autoextractor/cisco-ftd-system.params     |    1 +
 cisco_ftd/autoextractor/cisco-ftd-threat.args |    1 +
 cisco_ftd/autoextractor/cisco-ftd-threat.meta |   18 +
 .../autoextractor/cisco-ftd-threat.params     |    1 +
 .../autoextractor/cisco-ftd-traffic.args      |    1 +
 .../autoextractor/cisco-ftd-traffic.meta      |   18 +
 .../autoextractor/cisco-ftd-traffic.params    |    1 +
 cisco_ftd/autoextractor/cisco-ftd-vpn.args    |    1 +
 cisco_ftd/autoextractor/cisco-ftd-vpn.meta    |   18 +
 cisco_ftd/autoextractor/cisco-ftd-vpn.params  |    1 +
 cisco_ftd/cisco-banner.png                    |  Bin 0 -> 13297 bytes
 cisco_ftd/cisco-cover.png                     |  Bin 0 -> 13297 bytes
 cisco_ftd/cisco-icon.png                      |  Bin 0 -> 13297 bytes
 cisco_ftd/cisco_ftd.metadata                  |   48 +
 .../1c340e6a-7268-46a7-8f36-f59405ff64fe.meta |  649 +++++
 .../656036bf-a5f7-4092-9606-d3d97d15c758.meta |  343 +++
 .../79f2b584-46cf-4043-b205-29e3c32e881d.meta |  487 ++++
 ...fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents |  Bin 0 -> 13297 bytes
 .../151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta |    9 +
 ...13d4b-635b-4a4d-8eba-85ca1a3adb6d.contents |  Bin 0 -> 13297 bytes
 .../8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta |    9 +
 ...98ad2-b2a7-4b24-8374-72f247a18822.contents |  Bin 0 -> 13297 bytes
 .../e0b98ad2-b2a7-4b24-8374-72f247a18822.meta |    9 +
 cisco_ftd/license/Apache 2.0 License.meta     |  176 ++
 cisco_ftd/macro/CISCO_FTD.expansion           |    1 +
 cisco_ftd/macro/CISCO_FTD.meta                |    8 +
 cisco_ftd/macro/CISCO_FTD_AUTH.expansion      |    1 +
 cisco_ftd/macro/CISCO_FTD_AUTH.meta           |    8 +
 cisco_ftd/macro/CISCO_FTD_CONFIG.expansion    |    1 +
 cisco_ftd/macro/CISCO_FTD_CONFIG.meta         |    8 +
 cisco_ftd/macro/CISCO_FTD_CONN.expansion      |    1 +
 cisco_ftd/macro/CISCO_FTD_CONN.meta           |    8 +
 cisco_ftd/macro/CISCO_FTD_CONN_EVX.expansion  |    7 +
 cisco_ftd/macro/CISCO_FTD_CONN_EVX.meta       |    8 +
 cisco_ftd/macro/CISCO_FTD_EVENTS.expansion    |    1 +
 cisco_ftd/macro/CISCO_FTD_EVENTS.meta         |    8 +
 cisco_ftd/macro/CISCO_FTD_FILE.expansion      |    1 +
 cisco_ftd/macro/CISCO_FTD_FILE.meta           |    8 +
 cisco_ftd/macro/CISCO_FTD_FILE_EVX.expansion  |    7 +
 cisco_ftd/macro/CISCO_FTD_FILE_EVX.meta       |    8 +
 cisco_ftd/macro/CISCO_FTD_INTRUSION.expansion |    1 +
 cisco_ftd/macro/CISCO_FTD_INTRUSION.meta      |    8 +
 .../macro/CISCO_FTD_INTRUSION_EVX.expansion   |    7 +
 cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.meta  |    8 +
 cisco_ftd/macro/CISCO_FTD_MALWARE.expansion   |    1 +
 cisco_ftd/macro/CISCO_FTD_MALWARE.meta        |    8 +
 .../macro/CISCO_FTD_MALWARE_EVX.expansion     |    7 +
 cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.meta    |    8 +
 cisco_ftd/macro/CISCO_FTD_SEVERITY.expansion  |   10 +
 cisco_ftd/macro/CISCO_FTD_SEVERITY.meta       |    8 +
 .../macro/CISCO_FTD_SEVERITY_ORDER.expansion  |   10 +
 cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.meta |    8 +
 cisco_ftd/macro/CISCO_FTD_SYSTEM.expansion    |    1 +
 cisco_ftd/macro/CISCO_FTD_SYSTEM.meta         |    8 +
 cisco_ftd/macro/CISCO_FTD_THREAT.expansion    |    1 +
 cisco_ftd/macro/CISCO_FTD_THREAT.meta         |    8 +
 cisco_ftd/macro/CISCO_FTD_TRAFFIC.expansion   |    1 +
 cisco_ftd/macro/CISCO_FTD_TRAFFIC.meta        |    8 +
 cisco_ftd/macro/CISCO_FTD_VPN.expansion       |    1 +
 cisco_ftd/macro/CISCO_FTD_VPN.meta            |    8 +
 .../macro/CISCO_NORMALIZE_DIRECTION.expansion |    4 +
 .../macro/CISCO_NORMALIZE_DIRECTION.meta      |    8 +
 cisco_ftd/macro/CISCO_SECURITY.expansion      |    1 +
 cisco_ftd/macro/CISCO_SECURITY.meta           |    8 +
 cisco_ftd/macro/CISCO_SECURITY_EVX.expansion  |   19 +
 cisco_ftd/macro/CISCO_SECURITY_EVX.meta       |    8 +
 .../9f94162b-c38a-41fe-b594-1739af6ee761.meta |   67 +
 .../8da73867-990a-4185-8c2b-5a1c60e39786.body |  484 ++++
 .../8da73867-990a-4185-8c2b-5a1c60e39786.meta |   25 +
 ...a-4185-8c2b-5a1c60e39786.playbook_metadata |    1 +
 .../cisco_ftd_syslog_messages.contents        | 1823 +++++++++++++
 .../resource/cisco_ftd_syslog_messages.meta   |   12 +
 .../11d63825-1e4f-40ab-ac01-8d53adfdcda7.meta |   12 +
 ...11d63825-1e4f-40ab-ac01-8d53adfdcda7.query |    5 +
 .../44b010d7-c224-4194-9644-8cdcde33c1b5.meta |   12 +
 ...44b010d7-c224-4194-9644-8cdcde33c1b5.query |    5 +
 .../49a2863c-e896-4c69-9f15-32bb57664809.meta |   12 +
 ...49a2863c-e896-4c69-9f15-32bb57664809.query |    4 +
 .../75bbe0bc-a839-40b0-95df-f1955d0453d9.meta |   12 +
 ...75bbe0bc-a839-40b0-95df-f1955d0453d9.query |    4 +
 .../90d24c27-9b9c-4f94-9066-968088a981c7.meta |   12 +
 ...90d24c27-9b9c-4f94-9066-968088a981c7.query |    5 +
 .../96e4c994-6e65-4a9b-99bf-5032380926a8.meta |   12 +
 ...96e4c994-6e65-4a9b-99bf-5032380926a8.query |    5 +
 .../a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.meta |   12 +
 ...a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.query |    5 +
 .../aa7015e6-e70f-43d2-960c-dc86cd8735d5.meta |   12 +
 ...aa7015e6-e70f-43d2-960c-dc86cd8735d5.query |    5 +
 .../adb28bc0-6bd7-4564-b4d9-3cac9118c39d.meta |   12 +
 ...adb28bc0-6bd7-4564-b4d9-3cac9118c39d.query |    5 +
 .../b223686f-337b-4708-a6d3-6e639cbaa21a.meta |   12 +
 ...b223686f-337b-4708-a6d3-6e639cbaa21a.query |    5 +
 .../c21e1a11-72e8-4661-8409-fea6b856fad5.meta |   12 +
 ...c21e1a11-72e8-4661-8409-fea6b856fad5.query |    6 +
 .../d8399ba2-280c-4a51-bc46-14e4995f320d.meta |   12 +
 ...d8399ba2-280c-4a51-bc46-14e4995f320d.query |    5 +
 .../d87b5ce9-3c9b-4e77-a569-057872a8a500.meta |   12 +
 ...d87b5ce9-3c9b-4e77-a569-057872a8a500.query |    5 +
 .../da83d755-35ff-455b-8e27-fa2fa36af4fe.meta |   12 +
 ...da83d755-35ff-455b-8e27-fa2fa36af4fe.query |    5 +
 .../e79f7735-b1c3-4bb0-94d5-4a66feeae168.meta |   12 +
 ...e79f7735-b1c3-4bb0-94d5-4a66feeae168.query |    5 +
 .../f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.meta |   12 +
 ...f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.query |    4 +
 .../fe8d2808-b1f6-40cc-b388-d2f08806a5a1.meta |   12 +
 ...fe8d2808-b1f6-40cc-b388-d2f08806a5a1.query |    5 +
 .../02453c60-0220-4ec1-a26c-fb26c72c508c.meta |   37 +
 ...02453c60-0220-4ec1-a26c-fb26c72c508c.query |    6 +
 .../039e3c93-204a-4f68-9e02-443cc39169e4.meta |   37 +
 ...039e3c93-204a-4f68-9e02-443cc39169e4.query |    6 +
 .../075e2192-37ae-41ce-9190-a13e2bcf3d1f.meta |   37 +
 ...075e2192-37ae-41ce-9190-a13e2bcf3d1f.query |    6 +
 .../085b0270-ed97-4948-b8b7-1362a29721b5.meta |   37 +
 ...085b0270-ed97-4948-b8b7-1362a29721b5.query |    6 +
 .../0fdb9df1-441a-461e-bbf5-5d434dbdae70.meta |   37 +
 ...0fdb9df1-441a-461e-bbf5-5d434dbdae70.query |   10 +
 .../1f24de97-1e5c-43f4-8cd7-177524dcd8e8.meta |   37 +
 ...1f24de97-1e5c-43f4-8cd7-177524dcd8e8.query |    9 +
 .../29d2f863-d259-486d-90cc-e2fb1e79aa13.meta |   37 +
 ...29d2f863-d259-486d-90cc-e2fb1e79aa13.query |    5 +
 .../34b167be-27dd-4cf5-9e08-0eb320b3d446.meta |   37 +
 ...34b167be-27dd-4cf5-9e08-0eb320b3d446.query |    9 +
 .../55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.meta |   37 +
 ...55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.query |    9 +
 .../55d3b87e-37cf-4afb-86a2-d3e74694ef22.meta |   37 +
 ...55d3b87e-37cf-4afb-86a2-d3e74694ef22.query |   14 +
 .../573dc727-4a09-4614-bf5a-4da54d7bf33a.meta |   37 +
 ...573dc727-4a09-4614-bf5a-4da54d7bf33a.query |    7 +
 .../73333f31-0a91-48ac-8d74-4c042a47d7bf.meta |   37 +
 ...73333f31-0a91-48ac-8d74-4c042a47d7bf.query |    6 +
 .../7ce003ec-c88f-48e7-b252-35fbf7d39997.meta |   37 +
 ...7ce003ec-c88f-48e7-b252-35fbf7d39997.query |    7 +
 .../8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.meta |   37 +
 ...8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.query |   19 +
 .../8f985b19-f67e-48e8-af69-e8a33756c988.meta |   37 +
 ...8f985b19-f67e-48e8-af69-e8a33756c988.query |    9 +
 .../95219292-01db-4917-be7b-aedac9e180dc.meta |   37 +
 ...95219292-01db-4917-be7b-aedac9e180dc.query |   17 +
 .../9a11072f-cbe0-4365-b228-def2e0847c01.meta |   37 +
 ...9a11072f-cbe0-4365-b228-def2e0847c01.query |   16 +
 .../a228d48f-333f-4a2f-bd5a-e8e27a569d61.meta |   37 +
 ...a228d48f-333f-4a2f-bd5a-e8e27a569d61.query |    6 +
 .../a420dbb4-8bd3-4681-9fca-e9a30dbde982.meta |   37 +
 ...a420dbb4-8bd3-4681-9fca-e9a30dbde982.query |    9 +
 .../a6c91109-88b9-4a56-bdb2-563fdbdf3f06.meta |   37 +
 ...a6c91109-88b9-4a56-bdb2-563fdbdf3f06.query |    6 +
 .../ad54a83b-4452-49bb-b7b4-60b3e278ab48.meta |   37 +
 ...ad54a83b-4452-49bb-b7b4-60b3e278ab48.query |    9 +
 .../b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.meta |   37 +
 ...b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.query |    9 +
 .../b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.meta |   37 +
 ...b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.query |    6 +
 .../b7960811-47a5-4fba-b0d9-639052e426e0.meta |   37 +
 ...b7960811-47a5-4fba-b0d9-639052e426e0.query |    6 +
 .../c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.meta |   37 +
 ...c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.query |    6 +
 .../c74ca09a-4833-4255-868f-79c41fa1db66.meta |   37 +
 ...c74ca09a-4833-4255-868f-79c41fa1db66.query |    7 +
 .../d0712c55-49b5-4aa4-8392-a23eef6f92a8.meta |   37 +
 ...d0712c55-49b5-4aa4-8392-a23eef6f92a8.query |    9 +
 .../d61a67de-3562-460e-9c3e-95b69b27c9b3.meta |   37 +
 ...d61a67de-3562-460e-9c3e-95b69b27c9b3.query |    6 +
 .../d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.meta |   37 +
 ...d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.query |   14 +
 .../da038943-250c-4907-a73b-ce6cf00246af.meta |   37 +
 ...da038943-250c-4907-a73b-ce6cf00246af.query |    9 +
 .../dda4d8e9-e845-410e-b105-fe0928573033.meta |   37 +
 ...dda4d8e9-e845-410e-b105-fe0928573033.query |    6 +
 .../e32ea44e-483b-48bb-a58e-5cc68eb3487c.meta |   37 +
 ...e32ea44e-483b-48bb-a58e-5cc68eb3487c.query |    6 +
 .../eeacd085-5bd8-4784-8f0c-0f63f74b5377.meta |   37 +
 ...eeacd085-5bd8-4784-8f0c-0f63f74b5377.query |    9 +
 .../f540cb33-74bc-4f30-ad22-4e430728ab67.meta |   37 +
 ...f540cb33-74bc-4f30-ad22-4e430728ab67.query |    6 +
 .../f5864c31-63a7-4c44-8fdd-56fccb53a40a.meta |   37 +
 ...f5864c31-63a7-4c44-8fdd-56fccb53a40a.query |    9 +
 .../fc47d511-2fb8-4822-8a4b-85b84e6ca581.meta |   37 +
 ...fc47d511-2fb8-4822-8a4b-85b84e6ca581.query |    6 +
 339 files changed, 13388 insertions(+)
 create mode 100644 cisco_asa/BUILD
 create mode 100644 cisco_asa/MANIFEST
 create mode 100644 cisco_asa/README.md
 create mode 100644 cisco_asa/autoextractor/cisco-asa-auth.args
 create mode 100644 cisco_asa/autoextractor/cisco-asa-auth.meta
 create mode 100644 cisco_asa/autoextractor/cisco-asa-auth.params
 create mode 100644 cisco_asa/autoextractor/cisco-asa-config.args
 create mode 100644 cisco_asa/autoextractor/cisco-asa-config.meta
 create mode 100644 cisco_asa/autoextractor/cisco-asa-config.params
 create mode 100644 cisco_asa/autoextractor/cisco-asa-events.args
 create mode 100644 cisco_asa/autoextractor/cisco-asa-events.meta
 create mode 100644 cisco_asa/autoextractor/cisco-asa-events.params
 create mode 100644 cisco_asa/autoextractor/cisco-asa-system.args
 create mode 100644 cisco_asa/autoextractor/cisco-asa-system.meta
 create mode 100644 cisco_asa/autoextractor/cisco-asa-system.params
 create mode 100644 cisco_asa/autoextractor/cisco-asa-threat.args
 create mode 100644 cisco_asa/autoextractor/cisco-asa-threat.meta
 create mode 100644 cisco_asa/autoextractor/cisco-asa-threat.params
 create mode 100644 cisco_asa/autoextractor/cisco-asa-traffic.args
 create mode 100644 cisco_asa/autoextractor/cisco-asa-traffic.meta
 create mode 100644 cisco_asa/autoextractor/cisco-asa-traffic.params
 create mode 100644 cisco_asa/autoextractor/cisco-asa-vpn.args
 create mode 100644 cisco_asa/autoextractor/cisco-asa-vpn.meta
 create mode 100644 cisco_asa/autoextractor/cisco-asa-vpn.params
 create mode 100644 cisco_asa/cisco-banner.png
 create mode 100644 cisco_asa/cisco-cover.png
 create mode 100644 cisco_asa/cisco-icon.png
 create mode 100644 cisco_asa/cisco_asa.metadata
 create mode 100644 cisco_asa/dashboard/0c340e6a-7268-46a7-8f36-f59405ff64fe.meta
 create mode 100644 cisco_asa/dashboard/ecba95f1-ffc0-4771-a709-8a8cd4034d54.meta
 create mode 100644 cisco_asa/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents
 create mode 100644 cisco_asa/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta
 create mode 100644 cisco_asa/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.contents
 create mode 100644 cisco_asa/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta
 create mode 100644 cisco_asa/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.contents
 create mode 100644 cisco_asa/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta
 create mode 100644 cisco_asa/license/Apache 2.0 License.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_AUTH.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_AUTH.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_CONFIG.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_CONFIG.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_EVENTS.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_EVENTS.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_SEVERITY.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_SEVERITY.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_SYSTEM.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_SYSTEM.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_THREAT.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_THREAT.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_TRAFFIC.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_TRAFFIC.meta
 create mode 100644 cisco_asa/macro/CISCO_ASA_VPN.expansion
 create mode 100644 cisco_asa/macro/CISCO_ASA_VPN.meta
 create mode 100644 cisco_asa/pivot/bf135c0c-9050-4847-909a-d38e0a4fa653.meta
 create mode 100644 cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.body
 create mode 100644 cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.meta
 create mode 100644 cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.playbook_metadata
 create mode 100644 cisco_asa/resource/cisco_asa_syslog_messages.contents
 create mode 100644 cisco_asa/resource/cisco_asa_syslog_messages.meta
 create mode 100644 cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.meta
 create mode 100644 cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.query
 create mode 100644 cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.meta
 create mode 100644 cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.query
 create mode 100644 cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.meta
 create mode 100644 cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.query
 create mode 100644 cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.meta
 create mode 100644 cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.query
 create mode 100644 cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.meta
 create mode 100644 cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.query
 create mode 100644 cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.meta
 create mode 100644 cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.query
 create mode 100644 cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.meta
 create mode 100644 cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.query
 create mode 100644 cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.meta
 create mode 100644 cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.query
 create mode 100644 cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.meta
 create mode 100644 cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.query
 create mode 100644 cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.meta
 create mode 100644 cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.query
 create mode 100644 cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.meta
 create mode 100644 cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.query
 create mode 100644 cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.meta
 create mode 100644 cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.query
 create mode 100644 cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.meta
 create mode 100644 cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.query
 create mode 100644 cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.meta
 create mode 100644 cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.query
 create mode 100644 cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.meta
 create mode 100644 cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.query
 create mode 100644 cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.meta
 create mode 100644 cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.query
 create mode 100644 cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.meta
 create mode 100644 cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.query
 create mode 100644 cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.meta
 create mode 100644 cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.query
 create mode 100644 cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.meta
 create mode 100644 cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.query
 create mode 100644 cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.meta
 create mode 100644 cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.query
 create mode 100644 cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.meta
 create mode 100644 cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.query
 create mode 100644 cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.meta
 create mode 100644 cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.query
 create mode 100644 cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.meta
 create mode 100644 cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.query
 create mode 100644 cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.meta
 create mode 100644 cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.query
 create mode 100644 cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.meta
 create mode 100644 cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.query
 create mode 100644 cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.meta
 create mode 100644 cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.query
 create mode 100644 cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.meta
 create mode 100644 cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.query
 create mode 100644 cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.meta
 create mode 100644 cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.query
 create mode 100644 cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.meta
 create mode 100644 cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.query
 create mode 100644 cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.meta
 create mode 100644 cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.query
 create mode 100644 cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.meta
 create mode 100644 cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.query
 create mode 100644 cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.meta
 create mode 100644 cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.query
 create mode 100644 cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.meta
 create mode 100644 cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.query
 create mode 100644 cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.meta
 create mode 100644 cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.query
 create mode 100644 cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.meta
 create mode 100644 cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.query
 create mode 100644 cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.meta
 create mode 100644 cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.query
 create mode 100644 cisco_ftd/BUILD
 create mode 100644 cisco_ftd/MANIFEST
 create mode 100644 cisco_ftd/README.md
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-auth.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-auth.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-auth.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-config.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-config.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-config.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-connection.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-connection.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-connection.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-events.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-events.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-events.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-file.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-file.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-file.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-intrusion.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-intrusion.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-intrusion.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-malware.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-malware.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-malware.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-system.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-system.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-system.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-threat.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-threat.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-threat.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-traffic.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-traffic.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-traffic.params
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-vpn.args
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-vpn.meta
 create mode 100644 cisco_ftd/autoextractor/cisco-ftd-vpn.params
 create mode 100644 cisco_ftd/cisco-banner.png
 create mode 100644 cisco_ftd/cisco-cover.png
 create mode 100644 cisco_ftd/cisco-icon.png
 create mode 100644 cisco_ftd/cisco_ftd.metadata
 create mode 100644 cisco_ftd/dashboard/1c340e6a-7268-46a7-8f36-f59405ff64fe.meta
 create mode 100644 cisco_ftd/dashboard/656036bf-a5f7-4092-9606-d3d97d15c758.meta
 create mode 100644 cisco_ftd/dashboard/79f2b584-46cf-4043-b205-29e3c32e881d.meta
 create mode 100644 cisco_ftd/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents
 create mode 100644 cisco_ftd/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta
 create mode 100644 cisco_ftd/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.contents
 create mode 100644 cisco_ftd/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta
 create mode 100644 cisco_ftd/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.contents
 create mode 100644 cisco_ftd/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta
 create mode 100644 cisco_ftd/license/Apache 2.0 License.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_AUTH.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_AUTH.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_CONFIG.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_CONFIG.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_CONN.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_CONN.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_CONN_EVX.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_CONN_EVX.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_EVENTS.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_EVENTS.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_FILE.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_FILE.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_FILE_EVX.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_FILE_EVX.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_INTRUSION.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_INTRUSION.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_MALWARE.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_MALWARE.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_SEVERITY.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_SEVERITY.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_SYSTEM.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_SYSTEM.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_THREAT.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_THREAT.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_TRAFFIC.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_TRAFFIC.meta
 create mode 100644 cisco_ftd/macro/CISCO_FTD_VPN.expansion
 create mode 100644 cisco_ftd/macro/CISCO_FTD_VPN.meta
 create mode 100644 cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.expansion
 create mode 100644 cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.meta
 create mode 100644 cisco_ftd/macro/CISCO_SECURITY.expansion
 create mode 100644 cisco_ftd/macro/CISCO_SECURITY.meta
 create mode 100644 cisco_ftd/macro/CISCO_SECURITY_EVX.expansion
 create mode 100644 cisco_ftd/macro/CISCO_SECURITY_EVX.meta
 create mode 100644 cisco_ftd/pivot/9f94162b-c38a-41fe-b594-1739af6ee761.meta
 create mode 100644 cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.body
 create mode 100644 cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.meta
 create mode 100644 cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.playbook_metadata
 create mode 100644 cisco_ftd/resource/cisco_ftd_syslog_messages.contents
 create mode 100644 cisco_ftd/resource/cisco_ftd_syslog_messages.meta
 create mode 100644 cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.meta
 create mode 100644 cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.query
 create mode 100644 cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.meta
 create mode 100644 cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.query
 create mode 100644 cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.meta
 create mode 100644 cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.query
 create mode 100644 cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.meta
 create mode 100644 cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.query
 create mode 100644 cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.meta
 create mode 100644 cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.query
 create mode 100644 cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.meta
 create mode 100644 cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.query
 create mode 100644 cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.meta
 create mode 100644 cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.query
 create mode 100644 cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.meta
 create mode 100644 cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.query
 create mode 100644 cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.meta
 create mode 100644 cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.query
 create mode 100644 cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.meta
 create mode 100644 cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.query
 create mode 100644 cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.meta
 create mode 100644 cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.query
 create mode 100644 cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.meta
 create mode 100644 cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.query
 create mode 100644 cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.meta
 create mode 100644 cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.query
 create mode 100644 cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.meta
 create mode 100644 cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.query
 create mode 100644 cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.meta
 create mode 100644 cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.query
 create mode 100644 cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.meta
 create mode 100644 cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.query
 create mode 100644 cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.meta
 create mode 100644 cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.query
 create mode 100644 cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.meta
 create mode 100644 cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.query
 create mode 100644 cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.meta
 create mode 100644 cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.query
 create mode 100644 cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.meta
 create mode 100644 cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.query
 create mode 100644 cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.meta
 create mode 100644 cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.query
 create mode 100644 cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.meta
 create mode 100644 cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.query
 create mode 100644 cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.meta
 create mode 100644 cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.query
 create mode 100644 cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.meta
 create mode 100644 cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.query
 create mode 100644 cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.meta
 create mode 100644 cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.query
 create mode 100644 cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.meta
 create mode 100644 cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.query
 create mode 100644 cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.meta
 create mode 100644 cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.query
 create mode 100644 cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.meta
 create mode 100644 cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.query
 create mode 100644 cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.meta
 create mode 100644 cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.query
 create mode 100644 cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.meta
 create mode 100644 cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.query
 create mode 100644 cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.meta
 create mode 100644 cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.query
 create mode 100644 cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.meta
 create mode 100644 cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.query
 create mode 100644 cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.meta
 create mode 100644 cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.query
 create mode 100644 cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.meta
 create mode 100644 cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.query
 create mode 100644 cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.meta
 create mode 100644 cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.query
 create mode 100644 cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.meta
 create mode 100644 cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.query
 create mode 100644 cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.meta
 create mode 100644 cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.query
 create mode 100644 cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.meta
 create mode 100644 cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.query
 create mode 100644 cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.meta
 create mode 100644 cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.query
 create mode 100644 cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.meta
 create mode 100644 cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.query
 create mode 100644 cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.meta
 create mode 100644 cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.query
 create mode 100644 cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.meta
 create mode 100644 cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.query
 create mode 100644 cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.meta
 create mode 100644 cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.query
 create mode 100644 cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.meta
 create mode 100644 cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.query
 create mode 100644 cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.meta
 create mode 100644 cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.query
 create mode 100644 cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.meta
 create mode 100644 cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.query
 create mode 100644 cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.meta
 create mode 100644 cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.query
 create mode 100644 cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.meta
 create mode 100644 cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.query
 create mode 100644 cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.meta
 create mode 100644 cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.query
 create mode 100644 cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.meta
 create mode 100644 cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.query
 create mode 100644 cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.meta
 create mode 100644 cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.query
 create mode 100644 cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.meta
 create mode 100644 cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.query
 create mode 100644 cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.meta
 create mode 100644 cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.query

diff --git a/cisco_asa/BUILD b/cisco_asa/BUILD
new file mode 100644
index 00000000..b39db933
--- /dev/null
+++ b/cisco_asa/BUILD
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+#
+#
+# To build the kit you will need the Gravwell kitctl command
+# If you have a functioning Go build environment execute the following command:
+#	go install github.com/gravwell/gravwell/v3/kitctl
+#
+#
+# Then "pack" the kit into a kit file by executing the "pack" kitctl command
+#
+#
+# You can also just execute this file using bash
+#
+#
+OUT = "cisco_asa.kit"
+
+cmd=$(which kitctl)
+if [ "$?" != "0" ]; then
+	echo "Missing the kitctl command"
+	exit -1
+fi
+
+
+set -e
+$cmd pack $OUT
\ No newline at end of file
diff --git a/cisco_asa/MANIFEST b/cisco_asa/MANIFEST
new file mode 100644
index 00000000..cda62bd3
--- /dev/null
+++ b/cisco_asa/MANIFEST
@@ -0,0 +1,399 @@
+{
+	"ID": "io.gravwell.cisco_asa",
+	"Name": "Cisco ASA",
+	"Desc": "A toolkit for interacting with Cisco ASA data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, dashboards, alerts, scheduled searches, and flows to help streamline Cisco ASA analysis across Authentication, Config, Events (catch-all), System, Threat, Traffic, and VPN log sources.",
+	"Readme": "***\n\nA toolkit for interacting with Cisco ASA data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, dashboards, alerts, scheduled searches, and flows to help streamline Cisco ASA analysis across Authentication, Config, Events (catch-all), System, Threat, Traffic, and VPN log sources.\n\n***\n\n## Table of Contents  \n0. [Data Ingestion](#0-data-ingestion)  \n    0.1. [Simple Relay Ingester](#0-1-simple-relay-ingester)  \n    0.2. [Install \u0026 Configure Simple Relay](#0-2-install--configure)  \n1. [Tags \u0026 Macros](#1-tags--macros)  \n    1.1. [Tags](#1-1-tags)  \n    1.2. [Autoextractors](#1-2-autoextractors)  \n    1.3. [Macros](#1-3-macros)  \n2. [Query Library](#2-query-library)  \n3. [Naming Schema](#3-naming-schema)  \n4. [Resources](#4-resources)  \n    4.1. [Lookups](#4-1-lookups)  \n5. [Alerts](#5-alerts)  \n    5.1 [Dispatchers](#5-1-dispatchers)  \n    5.2 [Consumers](#5-2-consumers)\n6. [Scheduled Searches](#6-scheduled-searches)  \n    6.1. [Flows](#6-1-flows)\n7. [Playbooks](#7-playbooks)  \n8. [Searches](#8-searches)  \n    8.1. [Dashboard Searches](#8-2-dashboard-searches)  \n    8.2. [Alert Queries](#8-1-alert-queries)  \n9. [Templates](#9-templates)  \n10. [Dashboards](#10-dashboards)  \n    10.1 [Actionables](#10-1-actionables)\n11. [Useful Resources \u0026 References](#11-useful-resources--references)  \n12. [Notes](#12-notes)  \n13. [Image credits](#13-image-credits)  \n\n***\n\n## 0. [Data Ingestion](#0-data-ingestion)\n\nBefore you can use the kit, you'll need to get logs flowing from your Cisco ASA Firewall(s) into Gravwell. The recommended method is via syslog forwarding. Gravwell can receive syslog using the [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html) ingester.\n\n#### 0.1 [Simple Relay Ingester](#0-1-simple-relay-ingester)\n\n- Simple Relay is the go-to ingester for text based data sources that can be delivered over plaintext TCP, encrypted TCP, or plaintext UDP network connections via either IPv4 or IPv6.\n    - [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html)\n\n#### 0.2 [Install \u0026 Configure Simple Relay](#0-2-install--configure)\n\n- Deploy Simple Relay on a server which is accessible from the ASA device(s) and can route to the Gravwell indexer(s). Configure it with the correct _Ingest-Secret_ and point either _Cleartext-Backend-Target_ or _Encrypted-Backend-Target_ at the indexer address(es). See [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html).\n- Drop the following config snippet into a new file named \u003ckbd\u003e/opt/gravwell/etc/simple\\_relay.conf.d/cisco\\_firewall.conf\u003c/kbd\u003e then restart the ingester with \u003ckbd\u003esudo systemctl restart gravwell\\_simple\\_relay.service\u003c/kbd\u003e. This will make it start listening for incoming syslog on TCP the configured port, with special rules to route Cisco ASA events into different Gravwell tags.\n```ini\n[Listener \"syslogtcp_cisco_asa\"]\n    Bind-String=\"tcp://0.0.0.0:6801\"\n    Reader-Type=rfc5424\n    Keep-Priority=true\n    Tag-Name=cisco-asa-events\n    Assume-Local-Timezone=true\n    Preprocessor=\"Cisco ASA Class Router\"\n\n# ASA: Route by 3-digit class prefix from the 6-digit message number\n# Example: %ASA-6-302013: ...  -\u003e class=302\n[preprocessor \"Cisco ASA Class Router\"]\n    Type=regexrouter\n    Drop-Misses=false\n    Regex=`%ASA-[0-7]-(?P\u003cclass\u003e\\d{3})\\d{3}:`\n    Route-Extraction=class\n\n    # auth\n    Route=109:cisco-asa-auth\n    Route=113:cisco-asa-auth\n\n    # config\n    Route=111:cisco-asa-config\n    Route=112:cisco-asa-config\n    Route=208:cisco-asa-config\n    Route=308:cisco-asa-config\n\n    # vpn\n    Route=213:cisco-asa-vpn\n    Route=316:cisco-asa-vpn\n    Route=320:cisco-asa-vpn\n    Route=402:cisco-asa-vpn\n    Route=403:cisco-asa-vpn\n    Route=404:cisco-asa-vpn\n    Route=501:cisco-asa-vpn\n    Route=602:cisco-asa-vpn\n    Route=603:cisco-asa-vpn\n    Route=611:cisco-asa-vpn\n    Route=702:cisco-asa-vpn\n    Route=713:cisco-asa-vpn\n    Route=714:cisco-asa-vpn\n    Route=715:cisco-asa-vpn\n    Route=716:cisco-asa-vpn\n    Route=718:cisco-asa-vpn\n    Route=720:cisco-asa-vpn\n    Route=722:cisco-asa-vpn\n\n    # traffic\n    Route=106:cisco-asa-traffic\n    Route=108:cisco-asa-traffic\n    Route=201:cisco-asa-traffic\n    Route=202:cisco-asa-traffic\n    Route=204:cisco-asa-traffic\n    Route=302:cisco-asa-traffic\n    Route=303:cisco-asa-traffic\n    Route=304:cisco-asa-traffic\n    Route=305:cisco-asa-traffic\n    Route=314:cisco-asa-traffic\n    Route=405:cisco-asa-traffic\n    Route=406:cisco-asa-traffic\n    Route=407:cisco-asa-traffic\n    Route=500:cisco-asa-traffic\n    Route=502:cisco-asa-traffic\n    Route=607:cisco-asa-traffic\n    Route=608:cisco-asa-traffic\n    Route=609:cisco-asa-traffic\n    Route=616:cisco-asa-traffic\n    Route=620:cisco-asa-traffic\n    Route=703:cisco-asa-traffic\n    Route=710:cisco-asa-traffic\n\n    # threat\n    Route=400:cisco-asa-threat\n    Route=401:cisco-asa-threat\n    Route=420:cisco-asa-threat\n    Route=733:cisco-asa-threat\n\n    # system\n    Route=101:cisco-asa-system\n    Route=102:cisco-asa-system\n    Route=103:cisco-asa-system\n    Route=104:cisco-asa-system\n    Route=105:cisco-asa-system\n    Route=199:cisco-asa-system\n    Route=210:cisco-asa-system\n    Route=211:cisco-asa-system\n    Route=214:cisco-asa-system\n    Route=216:cisco-asa-system\n    Route=306:cisco-asa-system\n    Route=307:cisco-asa-system\n    Route=311:cisco-asa-system\n    Route=315:cisco-asa-system\n    Route=414:cisco-asa-system\n    Route=604:cisco-asa-system\n    Route=605:cisco-asa-system\n    Route=606:cisco-asa-system\n    Route=610:cisco-asa-system\n    Route=612:cisco-asa-system\n    Route=614:cisco-asa-system\n    Route=615:cisco-asa-system\n    Route=701:cisco-asa-system\n    Route=709:cisco-asa-system\n    Route=711:cisco-asa-system\n    Route=741:cisco-asa-system\n```\n- Ensure that the server running Simple Relay allows incoming connections on the configured port, and that any firewalls between the Cisco Firewall device and the Simple Relay system allow the configured port traffic.  \n- Configure log forwarding as described in the Cisco Firewall documentation, defining the syslog server profile to point at the Simple Relay server on the configured port.  \n- Once the changes have been committed, logs should begin flowing into Gravwell. You can check by running the folowing query:  \n```\ntag=$CISCO_ASA limit 10\n```\n- If any results appear, logs are coming in properly.  \n\n***\n\n## 1. [Tags \u0026 Macros](#1-tags--macros)\n\n#### 1.1. [Tags](#1-1-tags)\n\n- Purpose: Tags are an essential Gravwell concept. Every entry has a single tag associated with it; these tags allow us to separate and categorize data at a basic level.\n- [Documentation](https://docs.gravwell.io/ingesters/ingesters.html#tags)\n- The Cisco ASA Kit for Gravwell makes use of the following tags:  \n    - cisco-asa-auth: Configuration Macro; Tag used for all Cisco ASA Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage:  \n        `tag=cisco-asa-auth`\n    - cisco-asa-config: Configuration Macro; Tag used for all Cisco ASA Config data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage:  \n        `tag=cisco-asa-config`\n    - cisco-asa-events: Configuration Macro; Tag used for all Cisco ASA Events data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage:  \n        `tag=cisco-asa-events`\n    - cisco-asa-system: Configuration Macro; Tag used for all Cisco ASA System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage:  \n        `tag=cisco-asa-system`\n    - cisco-asa-threat: Configuration Macro; Tag used for all Cisco ASA Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage:  \n        `tag=cisco-asa-threat` \n    - cisco-asa-traffic: Configuration Macro; Tag used for all Cisco ASA Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage:  \n        `tag=cisco-asa-traffic` \n    - cisco-asa-vpn: Configuration Macro; Tag used for all Cisco ASA VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage:  \n        `tag=cisco-asa-vpn` \n\n#### 1.2. [Autoextractors](#1-2-autoextractors)\n\n- Purpose: Auto-extractors are simply definitions that can be applied to tags and describe how to correctly extract fields from the data in a given tag. The “ax” module then automatically invokes the appropriate functionality of other modules.\n- [Documentation](https://docs.gravwell.io/configuration/autoextractors.html)\n- The Cisco ASA Kit for Gravwell makes use of the following autoextractors:  \n- Total: ***7***\n    - cisco-asa-traffic: Gravwell generated fields extraction for tag cisco-asa-traffic, args '-p -e DATA'  \n    - cisco-asa-threat: Gravwell generated fields extraction for tag cisco-asa-threat, args '-p -e DATA'  \n    - cisco-asa-config: Gravwell generated fields extraction for tag cisco-asa-config, args '-p -e DATA'  \n    - cisco-asa-vpn: Gravwell generated fields extraction for tag cisco-asa-vpn, args '-p -e DATA'  \n    - cisco-asa-events: Gravwell generated fields extraction for tag cisco-asa-events, args '-p -e DATA'  \n    - cisco-asa-system: Gravwell generated fields extraction for tag cisco-asa-system, args '-p -e DATA'  \n    - cisco-asa-auth: Gravwell generated fields extraction for tag cisco-asa-auth, args '-p -e DATA'  \n\n#### 1.3. [Macros](#1-3-macros)\n\n- Purpose: Search macros are a powerful feature that can help you use Gravwell more effectively. Macros can turn long, repetitive search queries into easily-remembered shortcuts.\n- [Documentation](https://docs.gravwell.io/search/macros.html)\n- The Cisco ASA Kit for Gravwell makes use of the following macros:\n- Total: ***10***\n    - Tags\n        - $CISCO\\_ASA: Configuration Macro; Tag used for all Cisco ASA data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_ASA\\_AUTH: Configuration Macro; Tag used for all Cisco ASA Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_ASA\\_CONFIG: Configuration Macro; Tag used for all Cisco ASA Configuration data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_ASA\\_EVENTS: Configuration Macro; Tag used for all Cisco ASA Events data that don't fall into the other tags; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_ASA\\_SYSTEM: Configuration Macro; Tag used for all Cisco ASA System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_ASA\\_THREAT: Configuration Macro; Tag used for all Cisco ASA Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_ASA\\_TRAFFIC: Configuration Macro; Tag used for all Cisco ASA Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_ASA\\_VPN: Configuration Macro; Tag used for all Cisco ASA VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n    - Normalization\n        - $CISCO\\_ASA\\_SEVERITY: This macro creates an Enumerated Value (EV) named \\_severity\\_order and then orders events by severity. \n        - $CISCO\\_ASA\\_SEVERITY\\_ORDER: This macro creates an Enumerated Value (EV) named \\_severity\\_order and then orders events by severity.\n        \n***\n\n## 2. [Query Library](#2-query-library)\n- Purpose: Queries within the Query Library drive [dashboards](#10-dashboards) via [searches](#8-searches), [scheduled searches](#6-scheduled-searches) via [alert queries](#8-1-alert-queries), and [playbooks](#7-playbooks).\n- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n    - Updating a query in the library updates dependent dashboards and scheduled searches automatically.\n    - Total queries: ***12***\n        - [8.1 Dashboard Searches](#8-2-dashboard-searches): ***12***  \n        - [8.2 Alert Queries](#8-1-alert-queries): ***0***  \n\n***\n\n## 3. [Naming Schema](#3-naming-schema)\n- Purpose: The use of a standard naming convention enables users to quickly understand the function, severity, and context of a query or component. This approach facilitates efficient identification, reuse, and troubleshooting without ambiguity.\n- _QueryType - Company - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - Name [Visualization - **if any**]_\n- Examples:\n    - Templates: _Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [numbercard]_\n    - Searches: _Search - Cisco - ASA - Firewall - Event Types - Count by Category [chart]_\n\n***\n\n## 4. [Resources](#4-resources)\n- Purpose: Resources allow users to store persistent data for use in searches.\n- [Documentation](https://docs.gravwell.io/resources/resources.html)\n- Total: ***1***\n\n#### 4.1 [Lookups](#4-1-lookups)\n- Purpose: Lookup Resources are used by the lookup module to perform data enrichment and translation off of a static lookup table stored in a resource.\n- [Documentation](https://docs.gravwell.io/search/lookup/lookup.html)\n- Total: ***1***\n    - cisco\\_asa\\_syslog\\_messages\n        - This is intended to be used as a lookup file providing additional information regarding all Cisco Adaptive Security Appliance (ASA) SysLog Messages. It is used within the Cisco ASA Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.\n        - fields: cisco\\_id,msg\\_id,description,error\\_msg,explanation,recommended\\_action,sev\\_id,severity,risk\\_score\n            - cisco\\_id: this is the full Cisco Syslog Message ID (e.g. %ASA-1-101001) which breaks out into %{Cisco Firewall Appliance}-{Cisco Assigned Severity}-{Cisco Message ID}\n            - msg\\_id: this is the Cisco Syslog Message ID which is part of the full Cisco Syslog Message ID\n            - description: this is the short description of the Cisco Syslog message often seen on the Cisco firewall appliance itself\n            - error\\_msg: this is the full Cisco Message compromised of {cisco\\_id}: {description}\n            - explanation: this is a more detailed explanation of the Cisco Syslog Message\n            - recommended\\_action: this is the Cisco Recommended Action provided within their documentation\n            - sev\\_id: this the Cisco assigned severity (id) provided within their documentation\n            - severity: this the Cisco assigned severity (name) provided within their documentation \n            - risk\\_score: this is a Gravwell assigned value for dashboards, queries, and alerting purposes\n            - category: this is a broad functional grouping assigned to the Cisco ASA error messages that is used within the Cisco ASA General Overview Dashboard to group data together  \n            - subcategory: this is a more specific grouping assigned to the Cisco ASA error messages that is used within the Cisco ASA General Overview Dashboard to group data together  \n        - Usage: `dump -r cisco_asa_syslog_messages | table`\n\n***\n\n## 5. [Alerts](#5-alerts)\n- Purpose: Alerts notify you of potential nefarious actions that took place within and/or against your environment by tying dispatchers and consumers together.\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#alerts)\n- Total: ***0***\n\n#### 5.1 [Dispatchers](#5-1-dispatchers)\n- Purpose: Dispatchers generate events. A typical dispatcher would be a scheduled search that runs on an interval; every result returned by a scheduled search is considered an event.\n    - Dispatchers = [Scheduled Searches](#6-scheduled-searches)\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)\n\n#### 5.2 [Consumers](#5-2-consumers)\n- Purpose: Consumers process and respond to events. A typical consumer would be a flow that sends an email to an administrator, or opens a ticket in the ticketing system. Each consumer runs once per event.\n    - Consumers = [Flows](#6-1-flows)\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)\n\n***\n\n## 6. [Scheduled Searches](#6-scheduled-searches)\n- Purpose: Scheduled Searches are typically dependent on “AlertQuery - Cisco ASA - …” queries within the [Query Library](#2-query-library).\n- [Documentation](https://docs.gravwell.io/scripting/scheduledsearch.html)\n- Total: ***0***\n\n#### 6.1. [Flows](#6-1-flows)\n- Purpose: Flows provide a no-code method for developing advanced automations in Gravwell.\n- [Documentation](https://docs.gravwell.io/flows/flows.html)\n- Total: ***0***\n\n***\n\n## 7. [Playbooks](#7-playbooks)\n\n- Purpose: Playbooks are hypertext documents within Gravwell which help guide users through common tasks, describe functionality, and record information about data in the system.\n- [Documentation](https://docs.gravwell.io/gui/playbooks/playbooks.html)\n- Total: ***1***\n    - Cisco ASA Kit for Gravwell - README\n\n***\n\n## 8. [Searches](#8-searches)\n\n- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco ASA data in an easily digestible format or [scheduled searches](#6-scheduled-searches) to ultimately feed [alerts](#5-alerts).  \n- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n- Total: ***12***\n\n#### 8.1 [Dashboard Searches](#8-1-dashboard-searches)\n- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco ASA data in an easily digestible format.\n- Total: ***12***  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category [chart]_: Displays a chart of event types (error message) by Category.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category [numbercard]_: Displays a numbercard of event types (error message) by Category.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category \u0026 Subcategory [chart]_: Displays a chart of event types (error message) by Category \u0026 Subcategory.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category \u0026 Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Category \u0026 Subcategory.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [chart]_: Displays a chart of event types (error message) by Category, Subcategory \u0026 Severity.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [numbercard]_: Displays a numbercard of event types (error message) by Category, Subcategory \u0026 Severity.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Severity [chart]_: Displays a chart of event types (error message) by Severity.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Severity [numbercard]_: Displays a numbercard of event types (error message) by Severity.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [chart]_: Displays a chart of event types (error message) by Subcategory.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Subcategory.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Tag [chart]_: Displays a chart of event types (error message) by Tag.  \n    - _Search - Cisco - ASA - Firewall - Event Types - Count by Tag [numbercard]_: Displays a numbercard of event types (error message) by Tag.  \n- Naming Schema: _Search - Cisco ASA - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - SearchName [Visualization - **if any**]_\n\n#### 8.2. [Alert Queries](#8-2-alert-queries)\n- Purpose: These queries within the Query Library drive [scheduled searches](#6-scheduled-searches) which ultimately feed [alerts](#5-alerts).  \n- IMPORTANT: If you need to update or tune, this is where you perform that action.\n- Total: ***0***\n\n***\n\n## 9. [Templates](#9-templates)\n- Purpose: Templates are special objects which define a Gravwell query containing variables.\n- [Documentation](https://docs.gravwell.io/gui/templates/templates.html)\n- Total: ***24***\n    - _Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [chart]_: Displays a chart of Authentication events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [numbercard]_: Displays a numbercard of Authentication events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Authentication - Events by User and/or IP [table]_: Displays a table of Authentication events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Combined - Event Count by Severity [chart]_: Displays a chart of all events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Combined - Event Count by Severity [numbercard]_: Displays a numbercard of all events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Combined - Events by User and/or IP [table]_: Displays a table of all events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Config - Event Count by Severity [chart]_: Displays a chart of Config events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Config - Event Count by Severity [numbercard]_: Displays a numbercard of Config events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Config - Events by User and/or IP [table]_: Displays a table of Config events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Events - Event Count by Severity [chart]_: Displays a chart of events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Events - Event Count by Severity [numbercard]_: Displays a numbercard of events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Events - Events by User and/or IP [table]_: Displays a table of events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - System - Event Count by Severity [chart]_: Displays a chart of System events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - System - Event Count by Severity [numbercard]_: Displays a numbercard of System events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - System - Events by User and/or IP [table]_: Displays a table of System events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [chart]_: Displays a chart of Threat events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [numbercard]_: Displays a numbercard of Threat events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Threat - Events by User and/or IP [table]_: Displays a table of Threat events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [chart]_: Displays a chart of Traffic events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [numbercard]_: Displays a numbercard of Traffic events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - Traffic - Events by User and/or IP [table]_: Displays a table of Traffic events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - VPN - Events by User and/or IP [table]_: Displays a table of VPN events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [chart]_: Displays a chart of VPN events performed by the user and/or ip.  \n    - _Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [numbercard]_: Displays a numbercard of VPN events performed by the user and/or ip.  \n\n***\n\n## 10. [Dashboards](#10-dashboards)\n- Purpose: Dashboards are Gravwell’s way of showing the results from multiple searches at the same time.\n- [Documentation](https://docs.gravwell.io/gui/dashboards/dashboards.html)\n- Total: ***2***\n    - Cisco ASA General Overview: This Dashboard is a general overview of your Cisco ASA data.\n    - Cisco ASA Investigation: This Dashboard is intended to be used for Cisco ASA investigations.\n\n#### 10.1 [Actionables](#10-1-actionables)\n- Purpose: Actionables provide a way to create custom menus that key on any text rendered in a query; users can take different actions on that text by selecting options in the menus.\n- [Documentation](https://docs.gravwell.io/gui/actionables/actionables.html)\n- Total: ***1***\n    - Cisco ASA IP: Cisco ASA Actions on IP to Launch Cisco ASA Investigation Dashboard.\n\n***\n\n## 11. [Useful Resources \u0026 References](#11-useful-resources--references)\n- Gravwell\n    - [Actionables](https://docs.gravwell.io/gui/actionables/actionables.html)  \n    - [Alerts](https://docs.gravwell.io/alerts/alerts.html#alerts)  \n    - [Autoextractors](https://docs.gravwell.io/configuration/autoextractors.html)  \n    - [Consumers](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)  \n    - [Dashboards](https://docs.gravwell.io/gui/dashboards/dashboards.html)  \n    - [Dispatchers](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)  \n    - [Flows](https://docs.gravwell.io/flows/flows.html)  \n    - [Lookup Module](https://docs.gravwell.io/search/lookup/lookup.html)  \n    - [Macros](https://docs.gravwell.io/search/macros.html)  \n    - [Playbooks](https://docs.gravwell.io/gui/playbooks/playbooks.html)  \n    - [Query Library](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)  \n    - [regexrouter Preprocessor](https://docs.gravwell.io/ingesters/preprocessors/regexrouter.html)  \n    - [Resources](https://docs.gravwell.io/resources/resources.html)  \n    - [Scheduled Searches](https://docs.gravwell.io/scripting/scheduledsearch.html)  \n    - [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html)  \n    - [Tags](https://docs.gravwell.io/ingesters/ingesters.html#tags)  \n    - [Templates](https://docs.gravwell.io/gui/templates/templates.html)  \n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)\n    - [Cisco ASA Messages Listed by Severity Level](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/messages-listed-by-severity-level.html)\n    - [Cisco ASA Index](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/asa-syslog_index.html)\n\n***\n\n## 12. [Notes](#12-notes)\n\n***\n\n## 13. [Image credits](#13-image-credits)\n- [Banner](https://uxwing.com/cisco-icon/)\n- [Cover](https://uxwing.com/cisco-icon/)\n- [Icon](https://uxwing.com/cisco-icon/)\n\n***",
+	"Version": 1,
+	"MinVersion": {
+		"Major": 0,
+		"Minor": 0,
+		"Point": 0
+	},
+	"MaxVersion": {
+		"Major": 5,
+		"Minor": 99,
+		"Point": 0
+	},
+	"Icon": "e0b98ad2-b2a7-4b24-8374-72f247a18822",
+	"Banner": "8b713d4b-635b-4a4d-8eba-85ca1a3adb6d",
+	"Cover": "151fc05a-6912-4b5d-a31a-10ef6b0bc68a",
+	"Items": [
+		{
+			"Name": "Apache 2.0 License",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco_asa_syslog_messages",
+			"Type": 1,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_AUTH",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_EVENTS",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_SEVERITY_ORDER",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_VPN",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_SEVERITY",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_TRAFFIC",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_THREAT",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_CONFIG",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_ASA_SYSTEM",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "0c340e6a-7268-46a7-8f36-f59405ff64fe",
+			"Type": 3,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "ecba95f1-ffc0-4771-a709-8a8cd4034d54",
+			"Type": 3,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "581bde9b-2fed-4c15-9399-b88e5e9d9906",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "9dfd4836-c89d-4a07-87fc-252c4de215b9",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "40c8245f-831a-4b79-89bf-8bde22cc6a14",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "6b59baee-fe04-485b-ac08-409e3019676f",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "fd7b6b7a-299d-453a-8920-07a1eea1b263",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "f430c1df-81bc-445c-b61a-1ef49fb083ec",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "27eaeef9-b4e5-447d-9507-ef4c956e8628",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "10ba1a95-b8b0-48b5-b6da-0c4d239b6723",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "c4f13f36-82d9-4979-9674-62c47c4afcbf",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "d9ca6be9-e6b2-47bd-b848-5e7688279504",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "6cb9a8c5-1105-4ffd-86ce-a187a5e627e0",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "6355fe94-d78b-4907-953f-90f326bf2068",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "611dffdb-4690-44e2-b879-02c10a7f0491",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "7036eb99-c22a-47c4-80a7-98305bf2a2bc",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "3b5ef009-c2dc-4e3f-997f-4926ec43d5bb",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "47d8c36b-fbfe-42d7-869d-29899bb65dca",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "afee5a3c-b9a1-4401-91d1-6606578ac7eb",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "25d1c7eb-1374-489c-8921-aaae39080640",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "1ed766ff-be55-4260-a78d-455a153dd2c2",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "d5b4a66b-24da-4db0-bc86-bdf5813e6a7f",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "9661c35b-5fcd-4680-a978-3ef27a4773ba",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "bf135c0c-9050-4847-909a-d38e0a4fa653",
+			"Type": 5,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "6d3deabc-1f6b-4478-affe-274a6e5783ad",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "0d1d3288-09a7-47a0-adde-f01f4dc0134f",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "04605cfd-f1e7-427f-a41e-f1d38f889720",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "6d7375c4-15e1-4578-bde8-fec4912fae1d",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "bdcc39a0-ec42-4086-af44-072fd2de8a5c",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "bd053ad9-2882-465a-a265-cbe41a1c55d6",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "2671528e-99d4-4d09-b497-cb75926c5d0b",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "5dbb1e3b-6a8e-44a6-9be3-134b4704f094",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "ac7861cf-7a72-4efd-ac26-2e08a833ebf5",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "835fbc22-f2db-4b63-9acf-9d9013b59f3e",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "094bf60b-7382-4e43-9867-8de7ac4c3444",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "151fc05a-6912-4b5d-a31a-10ef6b0bc68a",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "8b713d4b-635b-4a4d-8eba-85ca1a3adb6d",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "e0b98ad2-b2a7-4b24-8374-72f247a18822",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "df9a72aa-2c82-4454-a0f0-55b4a538b270",
+			"Type": 11,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-asa-traffic",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-asa-threat",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-asa-config",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-asa-vpn",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-asa-events",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-asa-system",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-asa-auth",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		}
+	],
+	"Dependencies": null,
+	"ConfigMacros": [
+		{
+			"MacroName": "CISCO_ASA_AUTH",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-auth",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_ASA_EVENTS",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA Events data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-events",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_ASA_VPN",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-vpn",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_ASA_TRAFFIC",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-traffic",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_ASA_CONFIG",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA Config data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-config",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_ASA_SYSTEM",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-system",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_ASA",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-*",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_ASA_THREAT",
+			"Description": "Configuration Macro; Tag used for all Cisco ASA Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. ",
+			"DefaultValue": "cisco-asa-threat",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		}
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/README.md b/cisco_asa/README.md
new file mode 100644
index 00000000..f8e04e68
--- /dev/null
+++ b/cisco_asa/README.md
@@ -0,0 +1,27 @@
+# Cisco ASA Kit
+
+The Cisco ASA Kit provides a baseline set of tags, macros, saved queries, lookup resources, playbooks, actionables, dashboard searches, alert queries, and dashboards for your Cisco ASA data.
+
+The Cisco ASA Kit is licensed under the Apache 2.0 license and the contents are available on [Cisco ASA](https://github.com/gravwell/kits/tree/main/cisco_asa).
+
+## Dependencies
+- N/A
+
+## Changelog
+- 1.0: Initial Release
+	- actionables 				01
+	- alert 					00
+	- autoextractor 			07
+	- dashboard 				02
+	- file 						00
+	- license 					01
+	- macro 					10
+	- playbook 					01
+	- resource 					11
+	- scheduled 				00
+		- scheduled searches 	00
+		- flows 				00
+	- searchlibrary 			12
+		- alert queries 		00
+		- dashboard searches 	12
+	- template 					24 
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-auth.args b/cisco_asa/autoextractor/cisco-asa-auth.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-auth.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-auth.meta b/cisco_asa/autoextractor/cisco-asa-auth.meta
new file mode 100644
index 00000000..50cd2279
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-auth.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-asa-auth",
+	"Desc": "Gravwell generated fields extraction for tag cisco-asa-auth, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-asa-auth"
+	],
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "e1ba69ef-c08b-4591-b024-21e27bd2f8cc",
+	"LastUpdated": "2026-03-17T13:51:48.99666817Z"
+}
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-auth.params b/cisco_asa/autoextractor/cisco-asa-auth.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-auth.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-config.args b/cisco_asa/autoextractor/cisco-asa-config.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-config.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-config.meta b/cisco_asa/autoextractor/cisco-asa-config.meta
new file mode 100644
index 00000000..88aebddf
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-config.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-asa-config",
+	"Desc": "Gravwell generated fields extraction for tag cisco-asa-config, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-asa-config"
+	],
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "33654421-16bf-4fcf-92b8-d463f2d0c9a8",
+	"LastUpdated": "2026-03-17T13:51:48.988224336Z"
+}
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-config.params b/cisco_asa/autoextractor/cisco-asa-config.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-config.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-events.args b/cisco_asa/autoextractor/cisco-asa-events.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-events.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-events.meta b/cisco_asa/autoextractor/cisco-asa-events.meta
new file mode 100644
index 00000000..84527aac
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-events.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-asa-events",
+	"Desc": "Gravwell generated fields extraction for tag cisco-asa-events, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-asa-events"
+	],
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "4ed9ad96-c7b2-4858-b8cd-7073aeb8037a",
+	"LastUpdated": "2026-03-17T13:51:48.989149461Z"
+}
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-events.params b/cisco_asa/autoextractor/cisco-asa-events.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-events.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-system.args b/cisco_asa/autoextractor/cisco-asa-system.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-system.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-system.meta b/cisco_asa/autoextractor/cisco-asa-system.meta
new file mode 100644
index 00000000..450734c4
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-system.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-asa-system",
+	"Desc": "Gravwell generated fields extraction for tag cisco-asa-system, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-asa-system"
+	],
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "a54dd070-a8eb-4ca2-81bf-d015387cb415",
+	"LastUpdated": "2026-03-17T13:51:48.993286378Z"
+}
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-system.params b/cisco_asa/autoextractor/cisco-asa-system.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-system.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-threat.args b/cisco_asa/autoextractor/cisco-asa-threat.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-threat.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-threat.meta b/cisco_asa/autoextractor/cisco-asa-threat.meta
new file mode 100644
index 00000000..a5d77ff0
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-threat.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-asa-threat",
+	"Desc": "Gravwell generated fields extraction for tag cisco-asa-threat, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-asa-threat"
+	],
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "1403b87f-e4ef-43bf-a150-05cff69218ff",
+	"LastUpdated": "2026-03-17T13:51:48.986857753Z"
+}
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-threat.params b/cisco_asa/autoextractor/cisco-asa-threat.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-threat.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-traffic.args b/cisco_asa/autoextractor/cisco-asa-traffic.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-traffic.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-traffic.meta b/cisco_asa/autoextractor/cisco-asa-traffic.meta
new file mode 100644
index 00000000..77c55823
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-traffic.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-asa-traffic",
+	"Desc": "Gravwell generated fields extraction for tag cisco-asa-traffic, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-asa-traffic"
+	],
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "006017c9-8035-4e9d-8d0e-5b80625d5fe9",
+	"LastUpdated": "2026-03-17T13:51:48.984908295Z"
+}
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-traffic.params b/cisco_asa/autoextractor/cisco-asa-traffic.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-traffic.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-vpn.args b/cisco_asa/autoextractor/cisco-asa-vpn.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-vpn.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-vpn.meta b/cisco_asa/autoextractor/cisco-asa-vpn.meta
new file mode 100644
index 00000000..76e1bff3
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-vpn.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-asa-vpn",
+	"Desc": "Gravwell generated fields extraction for tag cisco-asa-vpn, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-asa-vpn"
+	],
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "37d12b56-12b9-4b9d-ad18-e8758709178c",
+	"LastUpdated": "2026-03-17T13:51:48.988705586Z"
+}
\ No newline at end of file
diff --git a/cisco_asa/autoextractor/cisco-asa-vpn.params b/cisco_asa/autoextractor/cisco-asa-vpn.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_asa/autoextractor/cisco-asa-vpn.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_asa/cisco-banner.png b/cisco_asa/cisco-banner.png
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_asa/cisco-cover.png b/cisco_asa/cisco-cover.png
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_asa/cisco-icon.png b/cisco_asa/cisco-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_asa/cisco_asa.metadata b/cisco_asa/cisco_asa.metadata
new file mode 100644
index 00000000..4df4faee
--- /dev/null
+++ b/cisco_asa/cisco_asa.metadata
@@ -0,0 +1,44 @@
+{
+  "Tags": [
+    "cisco-asa-auth",
+    "cisco-asa-config",
+    "cisco-asa-events",
+    "cisco-asa-system",
+    "cisco-asa-threat",
+    "cisco-asa-traffic",
+    "cisco-asa-vpn"
+  ],
+  "Assets": [
+    {
+      "Type": "image",
+      "Source": "cisco-cover.png",
+      "Legend": "Cisco ASA Cover",
+      "Featured": true
+    },
+    {
+      "Type": "image",
+      "Source": "cisco-banner.png",
+      "Legend": "Cisco ASA Banner",
+      "Featured": true,
+      "Banner": true
+    },
+    {
+      "Type": "readme",
+      "Source": "README.md"
+    }
+  ],
+  "dashboards": [],
+  "attachments": [
+    {
+      "context": "cover",
+      "type": "image",
+      "file": "cisco-cover.png"
+    },
+    {
+      "context": "banner",
+      "type": "image",
+      "file": "cisco-banner.png"
+    }
+  ],
+  "readme": "README.md"
+}
diff --git a/cisco_asa/dashboard/0c340e6a-7268-46a7-8f36-f59405ff64fe.meta b/cisco_asa/dashboard/0c340e6a-7268-46a7-8f36-f59405ff64fe.meta
new file mode 100644
index 00000000..f6130def
--- /dev/null
+++ b/cisco_asa/dashboard/0c340e6a-7268-46a7-8f36-f59405ff64fe.meta
@@ -0,0 +1,649 @@
+{
+	"UUID": "0c340e6a-7268-46a7-8f36-f59405ff64fe",
+	"Name": "Cisco ASA Investigation",
+	"Description": "This Dashboard is intended to be used for Cisco ASA investigations.",
+	"Data": {
+		"timeframe": {
+			"durationString": null,
+			"timeframe": "P7DT",
+			"timezone": null,
+			"start": null,
+			"end": null
+		},
+		"searches": [
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Combined - Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "1ed766ff-be55-4260-a78d-455a153dd2c2",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Combined - Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "3b5ef009-c2dc-4e3f-997f-4926ec43d5bb",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Combined - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "6355fe94-d78b-4907-953f-90f326bf2068",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "d5b4a66b-24da-4db0-bc86-bdf5813e6a7f",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "10ba1a95-b8b0-48b5-b6da-0c4d239b6723",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Threat - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "6cb9a8c5-1105-4ffd-86ce-a187a5e627e0",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Traffic - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "9661c35b-5fcd-4680-a978-3ef27a4773ba",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "25d1c7eb-1374-489c-8921-aaae39080640",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "27eaeef9-b4e5-447d-9507-ef4c956e8628",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Authentication - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "581bde9b-2fed-4c15-9399-b88e5e9d9906",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "9dfd4836-c89d-4a07-87fc-252c4de215b9",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "47d8c36b-fbfe-42d7-869d-29899bb65dca",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - VPN - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - System - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "f430c1df-81bc-445c-b61a-1ef49fb083ec",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - System - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "40c8245f-831a-4b79-89bf-8bde22cc6a14",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Events - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "611dffdb-4690-44e2-b879-02c10a7f0491",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Config - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "7036eb99-c22a-47c4-80a7-98305bf2a2bc",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Config - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "c4f13f36-82d9-4979-9674-62c47c4afcbf",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Events - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "fd7b6b7a-299d-453a-8920-07a1eea1b263",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Events - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "d9ca6be9-e6b2-47bd-b848-5e7688279504",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Config - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "afee5a3c-b9a1-4401-91d1-6606578ac7eb",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - ASA - Firewall - Events - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "6b59baee-fe04-485b-ac08-409e3019676f",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			}
+		],
+		"tiles": [
+			{
+				"id": 17737696404960,
+				"title": "Combined Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 5,
+					"x": 0,
+					"y": 0
+				},
+				"searchesIndex": 0,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737696926961,
+				"title": "Combined Event Count by Severity [chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 5
+				},
+				"searchesIndex": 1,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17737697351472,
+				"title": "Combined Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 5
+				},
+				"searchesIndex": 2,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737700257823,
+				"title": "Threat Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 13
+				},
+				"searchesIndex": 3,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737700771014,
+				"title": "Threat Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 17
+				},
+				"searchesIndex": 4,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17737701292395,
+				"title": "Threat Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 17
+				},
+				"searchesIndex": 5,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737706202016,
+				"title": "Traffic Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 25
+				},
+				"searchesIndex": 6,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737706528787,
+				"title": "Traffic Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 29
+				},
+				"searchesIndex": 7,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17737706955748,
+				"title": "Traffic Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 29
+				},
+				"searchesIndex": 8,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737707432399,
+				"title": "Authentication Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 38
+				},
+				"searchesIndex": 9,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377077764910,
+				"title": "Authentication Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 42
+				},
+				"searchesIndex": 10,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377082363611,
+				"title": "Authentication Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 42
+				},
+				"searchesIndex": 11,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377087013112,
+				"title": "VPN Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 51
+				},
+				"searchesIndex": 12,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377090205913,
+				"title": "VPN Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 55
+				},
+				"searchesIndex": 13,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377095450714,
+				"title": "VPN Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 55
+				},
+				"searchesIndex": 14,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377100134215,
+				"title": "System Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 63
+				},
+				"searchesIndex": 15,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377103541916,
+				"title": "System Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 67
+				},
+				"searchesIndex": 16,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377112307617,
+				"title": "System Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 67
+				},
+				"searchesIndex": 17,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377120898918,
+				"title": "Config Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 76
+				},
+				"searchesIndex": 18,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377124765919,
+				"title": "Config Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 80
+				},
+				"searchesIndex": 19,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377129162120,
+				"title": "Config Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 80
+				},
+				"searchesIndex": 22,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377133148121,
+				"title": "Events Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 89
+				},
+				"searchesIndex": 20,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377136802522,
+				"title": "Events Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 0,
+					"y": 93
+				},
+				"searchesIndex": 21,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377254205923,
+				"title": "Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 6,
+					"y": 93
+				},
+				"searchesIndex": 23,
+				"rendererOptions": {}
+			}
+		],
+		"linkZooming": false,
+		"grid": {},
+		"version": 2
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/dashboard/ecba95f1-ffc0-4771-a709-8a8cd4034d54.meta b/cisco_asa/dashboard/ecba95f1-ffc0-4771-a709-8a8cd4034d54.meta
new file mode 100644
index 00000000..6423b2ff
--- /dev/null
+++ b/cisco_asa/dashboard/ecba95f1-ffc0-4771-a709-8a8cd4034d54.meta
@@ -0,0 +1,499 @@
+{
+	"UUID": "ecba95f1-ffc0-4771-a709-8a8cd4034d54",
+	"Name": "Cisco ASA General Overview",
+	"Description": "This Dashboard is a general overview of your Cisco ASA data.",
+	"Data": {
+		"timeframe": {
+			"durationString": null,
+			"timeframe": "P1DT",
+			"timezone": null,
+			"start": null,
+			"end": null
+		},
+		"searches": [
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Tag [chart]",
+				"color": null,
+				"reference": {
+					"id": "6d7375c4-15e1-4578-bde8-fec4912fae1d",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Category [chart]",
+				"color": null,
+				"reference": {
+					"id": "abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [chart]",
+				"color": null,
+				"reference": {
+					"id": "094bf60b-7382-4e43-9867-8de7ac4c3444",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Tag [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "2671528e-99d4-4d09-b497-cb75926c5d0b",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Category [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "6d3deabc-1f6b-4478-affe-274a6e5783ad",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Category \u0026 Subcategory [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "5dbb1e3b-6a8e-44a6-9be3-134b4704f094",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "0d1d3288-09a7-47a0-adde-f01f4dc0134f",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "835fbc22-f2db-4b63-9acf-9d9013b59f3e",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "04605cfd-f1e7-427f-a41e-f1d38f889720",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "bd053ad9-2882-465a-a265-cbe41a1c55d6",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "bdcc39a0-ec42-4086-af44-072fd2de8a5c",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - ASA - Firewall - Event Types - Count by Category \u0026 Subcategory [chart]",
+				"color": null,
+				"reference": {
+					"id": "ac7861cf-7a72-4efd-ac26-2e08a833ebf5",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			}
+		],
+		"tiles": [
+			{
+				"id": 17736878920630,
+				"title": "Count by Tag [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 3
+				},
+				"searchesIndex": 0,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17736879508361,
+				"title": "Count by Category [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 0,
+					"y": 14
+				},
+				"searchesIndex": 1,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17736880103032,
+				"title": "Count by Subcategory [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 24
+				},
+				"searchesIndex": 2,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17736881292553,
+				"title": "Count by Tag [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 3,
+					"x": 0,
+					"y": 0
+				},
+				"searchesIndex": 3,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17736881802834,
+				"title": "Count by Tag [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 3
+				},
+				"searchesIndex": 0,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 17736883224475,
+				"title": "Count by Category [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 3,
+					"x": 0,
+					"y": 11
+				},
+				"searchesIndex": 4,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17736883607356,
+				"title": "Count by Category [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 6,
+					"y": 14
+				},
+				"searchesIndex": 1,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 17736884623507,
+				"title": "Count by Subcategory [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 3,
+					"x": 0,
+					"y": 21
+				},
+				"searchesIndex": 6,
+				"rendererOptions": {
+					"Range": "no",
+					"Precision": "no",
+					"NumberCardLabelFontSize": 24,
+					"NumberCardNumberFontSize": 48,
+					"NumberCardWidth": "20"
+				}
+			},
+			{
+				"id": 17736889522548,
+				"title": "Count by Subcategory [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 24
+				},
+				"searchesIndex": 2,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 17736890324079,
+				"title": "Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 6,
+					"x": 0,
+					"y": 32
+				},
+				"searchesIndex": 7,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177368952693610,
+				"title": "Count by Severity [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 0,
+					"y": 38
+				},
+				"searchesIndex": 8,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177368956031011,
+				"title": "Count by Severity [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 6,
+					"y": 38
+				},
+				"searchesIndex": 8,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 177368962014812,
+				"title": "Count by Category, Subcategory \u0026 Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 13,
+					"x": 0,
+					"y": 58
+				},
+				"searchesIndex": 9,
+				"rendererOptions": {
+					"Range": "no",
+					"Precision": "no",
+					"NumberCardLabelFontSize": 24,
+					"NumberCardNumberFontSize": 48,
+					"NumberCardWidth": "20"
+				}
+			},
+			{
+				"id": 177368967773513,
+				"title": "Count by Category, Subcategory \u0026 Severity [donut chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 10,
+					"x": 0,
+					"y": 71
+				},
+				"searchesIndex": 10,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177368973828214,
+				"title": "Count by Category, Subcategory \u0026 Severity [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 10,
+					"x": 6,
+					"y": 71
+				},
+				"searchesIndex": 10,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 177369427095015,
+				"title": "Count by Category \u0026 Subcategory [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 49
+				},
+				"searchesIndex": 11,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177369432120416,
+				"title": "Count by Category \u0026 Subcategory [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 45
+				},
+				"searchesIndex": 5,
+				"rendererOptions": {
+					"Range": "no",
+					"Precision": "no",
+					"NumberCardLabelFontSize": 24,
+					"NumberCardNumberFontSize": 48,
+					"NumberCardWidth": "20"
+				}
+			},
+			{
+				"id": 177369435894117,
+				"title": "Count by Category \u0026 Subcategory [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 49
+				},
+				"searchesIndex": 11,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			}
+		],
+		"linkZooming": false,
+		"grid": {},
+		"version": 2
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents b/cisco_asa/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_asa/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta b/cisco_asa/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta
new file mode 100644
index 00000000..981a7ec8
--- /dev/null
+++ b/cisco_asa/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta
@@ -0,0 +1,9 @@
+{
+	"GUID": "151fc05a-6912-4b5d-a31a-10ef6b0bc68a",
+	"Name": "Cisco Cover",
+	"Desc": "cover file for kit build \\\"Cisco ASA v1\\\"",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.contents b/cisco_asa/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.contents
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_asa/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta b/cisco_asa/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta
new file mode 100644
index 00000000..e0675972
--- /dev/null
+++ b/cisco_asa/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta
@@ -0,0 +1,9 @@
+{
+	"GUID": "8b713d4b-635b-4a4d-8eba-85ca1a3adb6d",
+	"Name": "Cisco Banner",
+	"Desc": "banner file for kit build \\\"Cisco ASA v1\\\"",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.contents b/cisco_asa/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.contents
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_asa/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta b/cisco_asa/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta
new file mode 100644
index 00000000..eb2e56c7
--- /dev/null
+++ b/cisco_asa/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta
@@ -0,0 +1,9 @@
+{
+	"GUID": "e0b98ad2-b2a7-4b24-8374-72f247a18822",
+	"Name": "Cisco Icon",
+	"Desc": "icon file for kit build \\\"Cisco ASA v1\\\"",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/license/Apache 2.0 License.meta b/cisco_asa/license/Apache 2.0 License.meta
new file mode 100644
index 00000000..2bb9ad24
--- /dev/null
+++ b/cisco_asa/license/Apache 2.0 License.meta	
@@ -0,0 +1,176 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA.expansion b/cisco_asa/macro/CISCO_ASA.expansion
new file mode 100644
index 00000000..c61d13af
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA.expansion
@@ -0,0 +1 @@
+cisco-asa-*
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA.meta b/cisco_asa/macro/CISCO_ASA.meta
new file mode 100644
index 00000000..e122c24d
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_AUTH.expansion b/cisco_asa/macro/CISCO_ASA_AUTH.expansion
new file mode 100644
index 00000000..e42c8d6e
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_AUTH.expansion
@@ -0,0 +1 @@
+cisco-asa-auth
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_AUTH.meta b/cisco_asa/macro/CISCO_ASA_AUTH.meta
new file mode 100644
index 00000000..439754eb
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_AUTH.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_AUTH",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA_AUTH",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_CONFIG.expansion b/cisco_asa/macro/CISCO_ASA_CONFIG.expansion
new file mode 100644
index 00000000..fbbfd6a6
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_CONFIG.expansion
@@ -0,0 +1 @@
+cisco-asa-config
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_CONFIG.meta b/cisco_asa/macro/CISCO_ASA_CONFIG.meta
new file mode 100644
index 00000000..2a89bdd3
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_CONFIG.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_CONFIG",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA Configuration data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA_CONFIG",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_EVENTS.expansion b/cisco_asa/macro/CISCO_ASA_EVENTS.expansion
new file mode 100644
index 00000000..36b7c0eb
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_EVENTS.expansion
@@ -0,0 +1 @@
+cisco-asa-events
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_EVENTS.meta b/cisco_asa/macro/CISCO_ASA_EVENTS.meta
new file mode 100644
index 00000000..e3d0985f
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_EVENTS.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_EVENTS",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA Events data that don't fall into the other tags; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA_EVENTS",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_SEVERITY.expansion b/cisco_asa/macro/CISCO_ASA_SEVERITY.expansion
new file mode 100644
index 00000000..7d79971c
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_SEVERITY.expansion
@@ -0,0 +1,10 @@
+// CISCO_ASA_SEVERITY
+| alias severity _severity_order
+| eval 
+    if (_severity_order == "1") { severity = "Alert" ;}
+    else if (_severity_order == "2") { severity = "Critical" ;}
+    else if (_severity_order == "3") { severity = "Error" ;}
+    else if (_severity_order == "4") { severity = "Warning" ;}
+    else if (_severity_order == "5") { severity = "Notification" ;}
+    else if (_severity_order == "6") { severity = "Informational" ;}
+    else if (_severity_order == "7") { severity = "Debugging" ;}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_SEVERITY.meta b/cisco_asa/macro/CISCO_ASA_SEVERITY.meta
new file mode 100644
index 00000000..8c9832ec
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_SEVERITY.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_SEVERITY",
+	"Description": "This macro creates an Enumerated Value (EV) named _severity_order and then orders events by severity. \n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/messages-listed-by-severity-level.html#:~:text=%25ASA%2D1%2D105007:,sequence=number%20on%20interface%20interface_name",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.expansion b/cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.expansion
new file mode 100644
index 00000000..d71c451b
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.expansion
@@ -0,0 +1,10 @@
+// CISCO_ASA_SEVERITY_ORDER
+| eval _severity_order = 7;
+    if (severity=="Alert") {_severity_order = 1;}
+    if (severity=="Critical") {_severity_order = 2;}
+    if (severity=="Error") {_severity_order = 3;}
+    if (severity=="Warning") {_severity_order = 4;}
+    if (severity=="Notification") {_severity_order = 5;}
+    if (severity=="Informational") {_severity_order = 6;}
+    if (severity=="Debugging") {_severity_order = 7;}
+| sort by _severity_order
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.meta b/cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.meta
new file mode 100644
index 00000000..72ae1907
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_SEVERITY_ORDER.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_SEVERITY_ORDER",
+	"Description": "This macro creates an Enumerated Value (EV) named _severity_order and then orders events by severity. \n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/messages-listed-by-severity-level.html#:~:text=%25ASA%2D1%2D105007:,sequence=number%20on%20interface%20interface_name",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_SYSTEM.expansion b/cisco_asa/macro/CISCO_ASA_SYSTEM.expansion
new file mode 100644
index 00000000..002f29c4
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_SYSTEM.expansion
@@ -0,0 +1 @@
+cisco-asa-system
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_SYSTEM.meta b/cisco_asa/macro/CISCO_ASA_SYSTEM.meta
new file mode 100644
index 00000000..430d8a18
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_SYSTEM.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_SYSTEM",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA_SYSTEM",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_THREAT.expansion b/cisco_asa/macro/CISCO_ASA_THREAT.expansion
new file mode 100644
index 00000000..7b28894a
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_THREAT.expansion
@@ -0,0 +1 @@
+cisco-asa-threat
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_THREAT.meta b/cisco_asa/macro/CISCO_ASA_THREAT.meta
new file mode 100644
index 00000000..76629fbc
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_THREAT.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_THREAT",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA_THREAT",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_TRAFFIC.expansion b/cisco_asa/macro/CISCO_ASA_TRAFFIC.expansion
new file mode 100644
index 00000000..bff6f649
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_TRAFFIC.expansion
@@ -0,0 +1 @@
+cisco-asa-traffic
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_TRAFFIC.meta b/cisco_asa/macro/CISCO_ASA_TRAFFIC.meta
new file mode 100644
index 00000000..d94df14d
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_TRAFFIC.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_TRAFFIC",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA_TRAFFIC",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_VPN.expansion b/cisco_asa/macro/CISCO_ASA_VPN.expansion
new file mode 100644
index 00000000..323356fa
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_VPN.expansion
@@ -0,0 +1 @@
+cisco-asa-vpn
\ No newline at end of file
diff --git a/cisco_asa/macro/CISCO_ASA_VPN.meta b/cisco_asa/macro/CISCO_ASA_VPN.meta
new file mode 100644
index 00000000..46983844
--- /dev/null
+++ b/cisco_asa/macro/CISCO_ASA_VPN.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_ASA_VPN",
+	"Description": "Configuration Macro; Tag used for all Cisco ASA VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_ASA_VPN",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/pivot/bf135c0c-9050-4847-909a-d38e0a4fa653.meta b/cisco_asa/pivot/bf135c0c-9050-4847-909a-d38e0a4fa653.meta
new file mode 100644
index 00000000..3a2eb1bd
--- /dev/null
+++ b/cisco_asa/pivot/bf135c0c-9050-4847-909a-d38e0a4fa653.meta
@@ -0,0 +1,44 @@
+{
+	"UUID": "bf135c0c-9050-4847-909a-d38e0a4fa653",
+	"Name": "Cisco ASA IP",
+	"Description": "Cisco ASA actions on IP Addresses to Launch Cisco ASA Investigation Dashboard.",
+	"Data": {
+		"menuLabel": "",
+		"actions": [
+			{
+				"name": "Investigate",
+				"description": "This actionable will launch the Cisco ASA Investigation Dashboard to see events performed involving this IP Address. ",
+				"placeholder": null,
+				"command": {
+					"type": "dashboard",
+					"reference": "0c340e6a-7268-46a7-8f36-f59405ff64fe",
+					"options": {
+						"variable": "%%ip%%"
+					}
+				},
+				"noValueUrlEncode": false,
+				"start": {
+					"type": "string",
+					"placeholder": null,
+					"format": null
+				},
+				"end": {
+					"type": "string",
+					"placeholder": null,
+					"format": null
+				}
+			}
+		],
+		"triggers": [
+			{
+				"pattern": "/\\b(\\d{1,3}\\.){3}\\d{1,3}/g",
+				"hyperlink": true,
+				"disabled": false
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.body b/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.body
new file mode 100644
index 00000000..8c042665
--- /dev/null
+++ b/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.body
@@ -0,0 +1,434 @@
+***
+
+A toolkit for interacting with Cisco ASA data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, dashboards, alerts, scheduled searches, and flows to help streamline Cisco ASA analysis across Authentication, Config, Events (catch-all), System, Threat, Traffic, and VPN log sources.
+
+***
+
+## Table of Contents  
+0. [Data Ingestion](#0-data-ingestion)  
+    0.1. [Simple Relay Ingester](#0-1-simple-relay-ingester)  
+    0.2. [Install & Configure Simple Relay](#0-2-install--configure)  
+1. [Tags & Macros](#1-tags--macros)  
+    1.1. [Tags](#1-1-tags)  
+    1.2. [Autoextractors](#1-2-autoextractors)  
+    1.3. [Macros](#1-3-macros)  
+2. [Query Library](#2-query-library)  
+3. [Naming Schema](#3-naming-schema)  
+4. [Resources](#4-resources)  
+    4.1. [Lookups](#4-1-lookups)  
+5. [Alerts](#5-alerts)  
+    5.1 [Dispatchers](#5-1-dispatchers)  
+    5.2 [Consumers](#5-2-consumers)
+6. [Scheduled Searches](#6-scheduled-searches)  
+    6.1. [Flows](#6-1-flows)
+7. [Playbooks](#7-playbooks)  
+8. [Searches](#8-searches)  
+    8.1. [Dashboard Searches](#8-2-dashboard-searches)  
+    8.2. [Alert Queries](#8-1-alert-queries)  
+9. [Templates](#9-templates)  
+10. [Dashboards](#10-dashboards)  
+    10.1 [Actionables](#10-1-actionables)
+11. [Useful Resources & References](#11-useful-resources--references)  
+12. [Notes](#12-notes)  
+13. [Image credits](#13-image-credits)  
+
+***
+
+## 0. [Data Ingestion](#0-data-ingestion)
+
+Before you can use the kit, you'll need to get logs flowing from your Cisco ASA Firewall(s) into Gravwell. The recommended method is via syslog forwarding. Gravwell can receive syslog using the [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html) ingester.
+
+#### 0.1 [Simple Relay Ingester](#0-1-simple-relay-ingester)
+
+- Simple Relay is the go-to ingester for text based data sources that can be delivered over plaintext TCP, encrypted TCP, or plaintext UDP network connections via either IPv4 or IPv6.
+    - [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html)
+
+#### 0.2 [Install & Configure Simple Relay](#0-2-install--configure)
+
+- Deploy Simple Relay on a server which is accessible from the ASA device(s) and can route to the Gravwell indexer(s). Configure it with the correct _Ingest-Secret_ and point either _Cleartext-Backend-Target_ or _Encrypted-Backend-Target_ at the indexer address(es). See [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html).
+- Drop the following config snippet into a new file named <kbd>/opt/gravwell/etc/simple\_relay.conf.d/cisco\_firewall.conf</kbd> then restart the ingester with <kbd>sudo systemctl restart gravwell\_simple\_relay.service</kbd>. This will make it start listening for incoming syslog on TCP the configured port, with special rules to route Cisco ASA events into different Gravwell tags.
+```ini
+[Listener "syslogtcp_cisco_asa"]
+    Bind-String="tcp://0.0.0.0:6801"
+    Reader-Type=rfc5424
+    Keep-Priority=true
+    Tag-Name=cisco-asa-events
+    Assume-Local-Timezone=true
+    Preprocessor="Cisco ASA Class Router"
+
+# ASA: Route by 3-digit class prefix from the 6-digit message number
+# Example: %ASA-6-302013: ...  -> class=302
+[preprocessor "Cisco ASA Class Router"]
+    Type=regexrouter
+    Drop-Misses=false
+    Regex=`%ASA-[0-7]-(?P<class>\d{3})\d{3}:`
+    Route-Extraction=class
+
+    # auth
+    Route=109:cisco-asa-auth
+    Route=113:cisco-asa-auth
+
+    # config
+    Route=111:cisco-asa-config
+    Route=112:cisco-asa-config
+    Route=208:cisco-asa-config
+    Route=308:cisco-asa-config
+
+    # vpn
+    Route=213:cisco-asa-vpn
+    Route=316:cisco-asa-vpn
+    Route=320:cisco-asa-vpn
+    Route=402:cisco-asa-vpn
+    Route=403:cisco-asa-vpn
+    Route=404:cisco-asa-vpn
+    Route=501:cisco-asa-vpn
+    Route=602:cisco-asa-vpn
+    Route=603:cisco-asa-vpn
+    Route=611:cisco-asa-vpn
+    Route=702:cisco-asa-vpn
+    Route=713:cisco-asa-vpn
+    Route=714:cisco-asa-vpn
+    Route=715:cisco-asa-vpn
+    Route=716:cisco-asa-vpn
+    Route=718:cisco-asa-vpn
+    Route=720:cisco-asa-vpn
+    Route=722:cisco-asa-vpn
+
+    # traffic
+    Route=106:cisco-asa-traffic
+    Route=108:cisco-asa-traffic
+    Route=201:cisco-asa-traffic
+    Route=202:cisco-asa-traffic
+    Route=204:cisco-asa-traffic
+    Route=302:cisco-asa-traffic
+    Route=303:cisco-asa-traffic
+    Route=304:cisco-asa-traffic
+    Route=305:cisco-asa-traffic
+    Route=314:cisco-asa-traffic
+    Route=405:cisco-asa-traffic
+    Route=406:cisco-asa-traffic
+    Route=407:cisco-asa-traffic
+    Route=500:cisco-asa-traffic
+    Route=502:cisco-asa-traffic
+    Route=607:cisco-asa-traffic
+    Route=608:cisco-asa-traffic
+    Route=609:cisco-asa-traffic
+    Route=616:cisco-asa-traffic
+    Route=620:cisco-asa-traffic
+    Route=703:cisco-asa-traffic
+    Route=710:cisco-asa-traffic
+
+    # threat
+    Route=400:cisco-asa-threat
+    Route=401:cisco-asa-threat
+    Route=420:cisco-asa-threat
+    Route=733:cisco-asa-threat
+
+    # system
+    Route=101:cisco-asa-system
+    Route=102:cisco-asa-system
+    Route=103:cisco-asa-system
+    Route=104:cisco-asa-system
+    Route=105:cisco-asa-system
+    Route=199:cisco-asa-system
+    Route=210:cisco-asa-system
+    Route=211:cisco-asa-system
+    Route=214:cisco-asa-system
+    Route=216:cisco-asa-system
+    Route=306:cisco-asa-system
+    Route=307:cisco-asa-system
+    Route=311:cisco-asa-system
+    Route=315:cisco-asa-system
+    Route=414:cisco-asa-system
+    Route=604:cisco-asa-system
+    Route=605:cisco-asa-system
+    Route=606:cisco-asa-system
+    Route=610:cisco-asa-system
+    Route=612:cisco-asa-system
+    Route=614:cisco-asa-system
+    Route=615:cisco-asa-system
+    Route=701:cisco-asa-system
+    Route=709:cisco-asa-system
+    Route=711:cisco-asa-system
+    Route=741:cisco-asa-system
+```
+- Ensure that the server running Simple Relay allows incoming connections on the configured port, and that any firewalls between the Cisco Firewall device and the Simple Relay system allow the configured port traffic.  
+- Configure log forwarding as described in the Cisco Firewall documentation, defining the syslog server profile to point at the Simple Relay server on the configured port.  
+- Once the changes have been committed, logs should begin flowing into Gravwell. You can check by running the folowing query:  
+```
+tag=$CISCO_ASA limit 10
+```
+- If any results appear, logs are coming in properly.  
+
+***
+
+## 1. [Tags & Macros](#1-tags--macros)
+
+#### 1.1. [Tags](#1-1-tags)
+
+- Purpose: Tags are an essential Gravwell concept. Every entry has a single tag associated with it; these tags allow us to separate and categorize data at a basic level.
+- [Documentation](https://docs.gravwell.io/ingesters/ingesters.html#tags)
+- The Cisco ASA Kit for Gravwell makes use of the following tags:  
+    - cisco-asa-auth: Configuration Macro; Tag used for all Cisco ASA Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage:  
+        `tag=cisco-asa-auth`
+    - cisco-asa-config: Configuration Macro; Tag used for all Cisco ASA Config data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage:  
+        `tag=cisco-asa-config`
+    - cisco-asa-events: Configuration Macro; Tag used for all Cisco ASA Events data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage:  
+        `tag=cisco-asa-events`
+    - cisco-asa-system: Configuration Macro; Tag used for all Cisco ASA System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage:  
+        `tag=cisco-asa-system`
+    - cisco-asa-threat: Configuration Macro; Tag used for all Cisco ASA Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage:  
+        `tag=cisco-asa-threat` 
+    - cisco-asa-traffic: Configuration Macro; Tag used for all Cisco ASA Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage:  
+        `tag=cisco-asa-traffic` 
+    - cisco-asa-vpn: Configuration Macro; Tag used for all Cisco ASA VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage:  
+        `tag=cisco-asa-vpn` 
+
+#### 1.2. [Autoextractors](#1-2-autoextractors)
+
+- Purpose: Auto-extractors are simply definitions that can be applied to tags and describe how to correctly extract fields from the data in a given tag. The “ax” module then automatically invokes the appropriate functionality of other modules.
+- [Documentation](https://docs.gravwell.io/configuration/autoextractors.html)
+- The Cisco ASA Kit for Gravwell makes use of the following autoextractors:  
+- Total: ***7***
+    - cisco-asa-traffic: Gravwell generated fields extraction for tag cisco-asa-traffic, args '-p -e DATA'  
+    - cisco-asa-threat: Gravwell generated fields extraction for tag cisco-asa-threat, args '-p -e DATA'  
+    - cisco-asa-config: Gravwell generated fields extraction for tag cisco-asa-config, args '-p -e DATA'  
+    - cisco-asa-vpn: Gravwell generated fields extraction for tag cisco-asa-vpn, args '-p -e DATA'  
+    - cisco-asa-events: Gravwell generated fields extraction for tag cisco-asa-events, args '-p -e DATA'  
+    - cisco-asa-system: Gravwell generated fields extraction for tag cisco-asa-system, args '-p -e DATA'  
+    - cisco-asa-auth: Gravwell generated fields extraction for tag cisco-asa-auth, args '-p -e DATA'  
+
+#### 1.3. [Macros](#1-3-macros)
+
+- Purpose: Search macros are a powerful feature that can help you use Gravwell more effectively. Macros can turn long, repetitive search queries into easily-remembered shortcuts.
+- [Documentation](https://docs.gravwell.io/search/macros.html)
+- The Cisco ASA Kit for Gravwell makes use of the following macros:
+- Total: ***10***
+    - Tags
+        - $CISCO\_ASA: Configuration Macro; Tag used for all Cisco ASA data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_ASA\_AUTH: Configuration Macro; Tag used for all Cisco ASA Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_ASA\_CONFIG: Configuration Macro; Tag used for all Cisco ASA Configuration data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_ASA\_EVENTS: Configuration Macro; Tag used for all Cisco ASA Events data that don't fall into the other tags; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_ASA\_SYSTEM: Configuration Macro; Tag used for all Cisco ASA System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_ASA\_THREAT: Configuration Macro; Tag used for all Cisco ASA Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_ASA\_TRAFFIC: Configuration Macro; Tag used for all Cisco ASA Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_ASA\_VPN: Configuration Macro; Tag used for all Cisco ASA VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.
+    - Normalization
+        - $CISCO\_ASA\_SEVERITY: This macro creates an Enumerated Value (EV) named \_severity\_order and then orders events by severity. 
+        - $CISCO\_ASA\_SEVERITY\_ORDER: This macro creates an Enumerated Value (EV) named \_severity\_order and then orders events by severity.
+        
+***
+
+## 2. [Query Library](#2-query-library)
+- Purpose: Queries within the Query Library drive [dashboards](#10-dashboards) via [searches](#8-searches), [scheduled searches](#6-scheduled-searches) via [alert queries](#8-1-alert-queries), and [playbooks](#7-playbooks).
+- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)
+    - Updating a query in the library updates dependent dashboards and scheduled searches automatically.
+    - Total queries: ***12***
+        - [8.1 Dashboard Searches](#8-2-dashboard-searches): ***12***  
+        - [8.2 Alert Queries](#8-1-alert-queries): ***0***  
+
+***
+
+## 3. [Naming Schema](#3-naming-schema)
+- Purpose: The use of a standard naming convention enables users to quickly understand the function, severity, and context of a query or component. This approach facilitates efficient identification, reuse, and troubleshooting without ambiguity.
+- _QueryType - Company - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - Name [Visualization - **if any**]_
+- Examples:
+    - Templates: _Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [numbercard]_
+    - Searches: _Search - Cisco - ASA - Firewall - Event Types - Count by Category [chart]_
+
+***
+
+## 4. [Resources](#4-resources)
+- Purpose: Resources allow users to store persistent data for use in searches.
+- [Documentation](https://docs.gravwell.io/resources/resources.html)
+- Total: ***1***
+
+#### 4.1 [Lookups](#4-1-lookups)
+- Purpose: Lookup Resources are used by the lookup module to perform data enrichment and translation off of a static lookup table stored in a resource.
+- [Documentation](https://docs.gravwell.io/search/lookup/lookup.html)
+- Total: ***1***
+    - cisco\_asa\_syslog\_messages
+        - This is intended to be used as a lookup file providing additional information regarding all Cisco Adaptive Security Appliance (ASA) SysLog Messages. It is used within the Cisco ASA Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.
+        - fields: cisco\_id,msg\_id,description,error\_msg,explanation,recommended\_action,sev\_id,severity,risk\_score
+            - cisco\_id: this is the full Cisco Syslog Message ID (e.g. %ASA-1-101001) which breaks out into %{Cisco Firewall Appliance}-{Cisco Assigned Severity}-{Cisco Message ID}
+            - msg\_id: this is the Cisco Syslog Message ID which is part of the full Cisco Syslog Message ID
+            - description: this is the short description of the Cisco Syslog message often seen on the Cisco firewall appliance itself
+            - error\_msg: this is the full Cisco Message compromised of {cisco\_id}: {description}
+            - explanation: this is a more detailed explanation of the Cisco Syslog Message
+            - recommended\_action: this is the Cisco Recommended Action provided within their documentation
+            - sev\_id: this the Cisco assigned severity (id) provided within their documentation
+            - severity: this the Cisco assigned severity (name) provided within their documentation 
+            - risk\_score: this is a Gravwell assigned value for dashboards, queries, and alerting purposes
+            - category: this is a broad functional grouping assigned to the Cisco ASA error messages that is used within the Cisco ASA General Overview Dashboard to group data together  
+            - subcategory: this is a more specific grouping assigned to the Cisco ASA error messages that is used within the Cisco ASA General Overview Dashboard to group data together  
+        - Usage: `dump -r cisco_asa_syslog_messages | table`
+
+***
+
+## 5. [Alerts](#5-alerts)
+- Purpose: Alerts notify you of potential nefarious actions that took place within and/or against your environment by tying dispatchers and consumers together.
+- [Documentation](https://docs.gravwell.io/alerts/alerts.html#alerts)
+- Total: ***0***
+
+#### 5.1 [Dispatchers](#5-1-dispatchers)
+- Purpose: Dispatchers generate events. A typical dispatcher would be a scheduled search that runs on an interval; every result returned by a scheduled search is considered an event.
+    - Dispatchers = [Scheduled Searches](#6-scheduled-searches)
+- [Documentation](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)
+
+#### 5.2 [Consumers](#5-2-consumers)
+- Purpose: Consumers process and respond to events. A typical consumer would be a flow that sends an email to an administrator, or opens a ticket in the ticketing system. Each consumer runs once per event.
+    - Consumers = [Flows](#6-1-flows)
+- [Documentation](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)
+
+***
+
+## 6. [Scheduled Searches](#6-scheduled-searches)
+- Purpose: Scheduled Searches are typically dependent on “AlertQuery - Cisco ASA - …” queries within the [Query Library](#2-query-library).
+- [Documentation](https://docs.gravwell.io/scripting/scheduledsearch.html)
+- Total: ***0***
+
+#### 6.1. [Flows](#6-1-flows)
+- Purpose: Flows provide a no-code method for developing advanced automations in Gravwell.
+- [Documentation](https://docs.gravwell.io/flows/flows.html)
+- Total: ***0***
+
+***
+
+## 7. [Playbooks](#7-playbooks)
+
+- Purpose: Playbooks are hypertext documents within Gravwell which help guide users through common tasks, describe functionality, and record information about data in the system.
+- [Documentation](https://docs.gravwell.io/gui/playbooks/playbooks.html)
+- Total: ***1***
+    - Cisco ASA Kit for Gravwell - README
+
+***
+
+## 8. [Searches](#8-searches)
+
+- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco ASA data in an easily digestible format or [scheduled searches](#6-scheduled-searches) to ultimately feed [alerts](#5-alerts).  
+- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)
+- Total: ***12***
+
+#### 8.1 [Dashboard Searches](#8-1-dashboard-searches)
+- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco ASA data in an easily digestible format.
+- Total: ***12***  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category [chart]_: Displays a chart of event types (error message) by Category.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category [numbercard]_: Displays a numbercard of event types (error message) by Category.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category & Subcategory [chart]_: Displays a chart of event types (error message) by Category & Subcategory.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category & Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Category & Subcategory.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory & Severity [chart]_: Displays a chart of event types (error message) by Category, Subcategory & Severity.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory & Severity [numbercard]_: Displays a numbercard of event types (error message) by Category, Subcategory & Severity.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Severity [chart]_: Displays a chart of event types (error message) by Severity.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Severity [numbercard]_: Displays a numbercard of event types (error message) by Severity.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [chart]_: Displays a chart of event types (error message) by Subcategory.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Subcategory.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Tag [chart]_: Displays a chart of event types (error message) by Tag.  
+    - _Search - Cisco - ASA - Firewall - Event Types - Count by Tag [numbercard]_: Displays a numbercard of event types (error message) by Tag.  
+- Naming Schema: _Search - Cisco ASA - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - SearchName [Visualization - **if any**]_
+
+#### 8.2. [Alert Queries](#8-2-alert-queries)
+- Purpose: These queries within the Query Library drive [scheduled searches](#6-scheduled-searches) which ultimately feed [alerts](#5-alerts).  
+- IMPORTANT: If you need to update or tune, this is where you perform that action.
+- Total: ***0***
+
+***
+
+## 9. [Templates](#9-templates)
+- Purpose: Templates are special objects which define a Gravwell query containing variables.
+- [Documentation](https://docs.gravwell.io/gui/templates/templates.html)
+- Total: ***24***
+    - _Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [chart]_: Displays a chart of Authentication events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [numbercard]_: Displays a numbercard of Authentication events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Authentication - Events by User and/or IP [table]_: Displays a table of Authentication events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Combined - Event Count by Severity [chart]_: Displays a chart of all events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Combined - Event Count by Severity [numbercard]_: Displays a numbercard of all events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Combined - Events by User and/or IP [table]_: Displays a table of all events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Config - Event Count by Severity [chart]_: Displays a chart of Config events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Config - Event Count by Severity [numbercard]_: Displays a numbercard of Config events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Config - Events by User and/or IP [table]_: Displays a table of Config events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Events - Event Count by Severity [chart]_: Displays a chart of events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Events - Event Count by Severity [numbercard]_: Displays a numbercard of events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Events - Events by User and/or IP [table]_: Displays a table of events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - System - Event Count by Severity [chart]_: Displays a chart of System events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - System - Event Count by Severity [numbercard]_: Displays a numbercard of System events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - System - Events by User and/or IP [table]_: Displays a table of System events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [chart]_: Displays a chart of Threat events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [numbercard]_: Displays a numbercard of Threat events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Threat - Events by User and/or IP [table]_: Displays a table of Threat events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [chart]_: Displays a chart of Traffic events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [numbercard]_: Displays a numbercard of Traffic events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - Traffic - Events by User and/or IP [table]_: Displays a table of Traffic events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - VPN - Events by User and/or IP [table]_: Displays a table of VPN events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [chart]_: Displays a chart of VPN events performed by the user and/or ip.  
+    - _Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [numbercard]_: Displays a numbercard of VPN events performed by the user and/or ip.  
+
+***
+
+## 10. [Dashboards](#10-dashboards)
+- Purpose: Dashboards are Gravwell’s way of showing the results from multiple searches at the same time.
+- [Documentation](https://docs.gravwell.io/gui/dashboards/dashboards.html)
+- Total: ***2***
+    - Cisco ASA General Overview: This Dashboard is a general overview of your Cisco ASA data.
+    - Cisco ASA Investigation: This Dashboard is intended to be used for Cisco ASA investigations.
+
+#### 10.1 [Actionables](#10-1-actionables)
+- Purpose: Actionables provide a way to create custom menus that key on any text rendered in a query; users can take different actions on that text by selecting options in the menus.
+- [Documentation](https://docs.gravwell.io/gui/actionables/actionables.html)
+- Total: ***1***
+    - Cisco ASA IP: Cisco ASA Actions on IP to Launch Cisco ASA Investigation Dashboard.
+
+***
+
+## 11. [Useful Resources & References](#11-useful-resources--references)
+- Gravwell
+    - [Actionables](https://docs.gravwell.io/gui/actionables/actionables.html)  
+    - [Alerts](https://docs.gravwell.io/alerts/alerts.html#alerts)  
+    - [Autoextractors](https://docs.gravwell.io/configuration/autoextractors.html)  
+    - [Consumers](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)  
+    - [Dashboards](https://docs.gravwell.io/gui/dashboards/dashboards.html)  
+    - [Dispatchers](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)  
+    - [Flows](https://docs.gravwell.io/flows/flows.html)  
+    - [Lookup Module](https://docs.gravwell.io/search/lookup/lookup.html)  
+    - [Macros](https://docs.gravwell.io/search/macros.html)  
+    - [Playbooks](https://docs.gravwell.io/gui/playbooks/playbooks.html)  
+    - [Query Library](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)  
+    - [regexrouter Preprocessor](https://docs.gravwell.io/ingesters/preprocessors/regexrouter.html)  
+    - [Resources](https://docs.gravwell.io/resources/resources.html)  
+    - [Scheduled Searches](https://docs.gravwell.io/scripting/scheduledsearch.html)  
+    - [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html)  
+    - [Tags](https://docs.gravwell.io/ingesters/ingesters.html#tags)  
+    - [Templates](https://docs.gravwell.io/gui/templates/templates.html)  
+- Cisco Adaptive Security Appliance (ASA)
+    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)
+    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)
+    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)
+    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)
+    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)
+    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)
+    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)
+    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)
+    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)
+    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)
+    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)
+    - [Cisco ASA Messages Listed by Severity Level](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/messages-listed-by-severity-level.html)
+    - [Cisco ASA Index](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/asa-syslog_index.html)
+
+***
+
+## 12. [Notes](#12-notes)
+
+***
+
+## 13. [Image credits](#13-image-credits)
+- [Banner](https://uxwing.com/cisco-icon/)
+- [Cover](https://uxwing.com/cisco-icon/)
+- [Icon](https://uxwing.com/cisco-icon/)
+
+***
\ No newline at end of file
diff --git a/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.meta b/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.meta
new file mode 100644
index 00000000..c7077523
--- /dev/null
+++ b/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.meta
@@ -0,0 +1,25 @@
+{
+	"UUID": "701191db-7a6b-4c5d-903d-26a695f13cfa",
+	"GUID": "df9a72aa-2c82-4454-a0f0-55b4a538b270",
+	"UID": 1,
+	"GIDs": [],
+	"Global": true,
+	"WriteAccess": {
+		"Global": false,
+		"GIDs": []
+	},
+	"Name": "Cisco ASA Kit for Gravwell - README",
+	"Desc": "A toolkit for interacting with Cisco ASA data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, and dashboards to help streamline Cisco analysis and monitoring across Authentication, Config, Events (catch-all), System, Threat, Traffic, and VPN log sources.",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"LastUpdated": "2026-03-17T20:54:34.521972008Z",
+	"Author": {
+		"Name": "Kyle Mallett",
+		"Email": "info@gravwell.io",
+		"Company": "Gravwell",
+		"URL": "gravwell.io"
+	},
+	"Synced": false
+}
\ No newline at end of file
diff --git a/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.playbook_metadata b/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.playbook_metadata
new file mode 100644
index 00000000..26f61360
--- /dev/null
+++ b/cisco_asa/playbook/df9a72aa-2c82-4454-a0f0-55b4a538b270.playbook_metadata
@@ -0,0 +1 @@
+{"dashboards":[],"attachments":[{"context":"cover","type":"image","fileGUID":"e0b98ad2-b2a7-4b24-8374-72f247a18822"},{"context":"banner","type":"image","fileGUID":"8b713d4b-635b-4a4d-8eba-85ca1a3adb6d"}]}
\ No newline at end of file
diff --git a/cisco_asa/resource/cisco_asa_syslog_messages.contents b/cisco_asa/resource/cisco_asa_syslog_messages.contents
new file mode 100644
index 00000000..268ce6ad
--- /dev/null
+++ b/cisco_asa/resource/cisco_asa_syslog_messages.contents
@@ -0,0 +1,2338 @@
+"cisco_id","msg_id","description","error_msg","explanation","recommended_action","sev_id","severity","risk_score","category","subcategory"
+"%ASA-1-101001","101001","(Primary) Failover cable OK.","%ASA-1-101001: (Primary) Failover cable OK.","The failover cable is present and functioning correctly. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","system","failover"
+"%ASA-1-101002","101002","(Primary) Bad failover cable.","%ASA-1-101002: (Primary) Bad failover cable.","The failover cable is present, but not functioning correctly. Primary can also be listed as Secondary for the secondary unit.","Replace the failover cable. 101003,","1","Alert","85","system","failover"
+"%ASA-1-101003","101003","(Primary) Failover cable not connected (this unit)","%ASA-1-101003: (Primary) Failover cable not connected (this unit)","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","1","Alert","75","system","failover"
+"%ASA-1-101004","101004","(Secondary) Failover cable not connected (other unit)","%ASA-1-101004: (Secondary) Failover cable not connected (other unit)","Failover mode is enabled, but the failover cable is not connected to one unit of the failover pair. Primary can also be listed as Secondary for the secondary unit.","Connect the failover cable to both units of the failover pair.","1","Alert","75","system","failover"
+"%ASA-1-101005","101005","(Primary) Error reading failover cable status.","%ASA-1-101005: (Primary) Error reading failover cable status.","The failover cable is connected, but the primary unit is unable to determine its status.","Replace the cable.","1","Alert","95","system","failover"
+"%ASA-1-103001","103001","(Primary) No response from other firewall (reason code = code).","%ASA-1-103001: (Primary) No response from other firewall (reason code = code).","The primary unit is unable to communicate with the secondary unit over the failover cable. Primary can also be listed as Secondary for the secondary unit. The following table lists the reason codes and the descriptions to determine why the failover occurred. Description Reason Code The local unit is not receiving the hello packet on the failover LAN interface when LAN failover occurs or on the serial failover cable when serial failover occurs, and declares that the peer is down. 1 An interface did not pass one of the four failover tests, which are as follows: 1) Link Up, 2) Monitor for Network Traffic, 3) ARP, and 4) Broadcast Ping. 2 No proper ACK for 15+ seconds after a command was sent on the serial cable. 3 The failover LAN interface is down, and other data interfaces are not responding to additional interface testing. In addition, the local unit is declaring that the peer is down. 4","Verify that the failover cable is connected correctly and both units have the same hardware, software, and configuration. If the problem persists, contact the Cisco TAC.","1","Alert","95","network","general"
+"%ASA-1-103002","103002","(Primary) Other firewall network interface interface_number OK.","%ASA-1-103002: (Primary) Other firewall network interface interface_number OK.","The primary unit has detected that the network interface on the secondary unit is okay. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-103003","103003","(Primary) Other firewall network interface interface_number failed.","%ASA-1-103003: (Primary) Other firewall network interface interface_number failed.","The primary unit has detected a bad network interface on the secondary unit. Primary can also be listed as Secondary for the secondary unit.","Check the network connections on the secondary unit and the network hub connection. If necessary, replace the failed network interface.","1","Alert","95","network","general"
+"%ASA-1-103004","103004","(Primary) Other firewall reports this firewall failed. reason-string","%ASA-1-103004: (Primary) Other firewall reports this firewall failed. reason-string","The primary unit received a message from the secondary unit indicating that the primary unit has failed. Primary can also be listed as Secondary for the secondary unit. The reason can be one of the following: • Missed poll packets on failover command interface exceeded threshold. • LAN failover interface failed. • Peer failed to enter Standby Ready state. • Failed to complete configuration replication. This firewall's configuration may be out of sync. • Failover message transmit failure and no ACK for busy condition received.","Verify the status of the primary unit.","1","Alert","95","network","general"
+"%ASA-1-103005","103005","(Primary) Other firewall reporting failure. Reason: SSM_card_failure","%ASA-1-103005: (Primary) Other firewall reporting failure. Reason: SSM_card_failure","The secondary unit has reported an SSM card failure to the primary unit. Primary can also be listed as Secondary for the secondary unit.","Verify the status of the secondary unit.","1","Alert","95","network","general"
+"%ASA-1-103006","103006","(Primary|Secondary) Mate version ver_num is not compatible with ours ver_num.","%ASA-1-103006: (Primary|Secondary) Mate version ver_num is not compatible with ours ver_num.","The Secure Firewall ASA has detected a peer unit that is running a version that is different than the local unit and is not compatible with the HA Hitless Upgrade feature. • ver_num —Version number.","Install the same or a compatible version image on both units.","1","Alert","85","network","general"
+"%ASA-1-103007","103007","(Primary|Secondary) Mate version ver_num is not identical with ours ver_num.","%ASA-1-103007: (Primary|Secondary) Mate version ver_num is not identical with ours ver_num.","The Secure Firewall ASA has detected that the peer unit is running a version that is not identical, but supports Hitless Upgrade and is compatible with the local unit. The system performance may be degraded because the image version is not identical, and the Secure Firewall ASA may develop a stability issue if the nonidentical image runs for an extended period. • ver_num—Version number","Install the same image version on both units as soon as possible.","1","Alert","85","network","general"
+"%ASA-1-103008","103008","host Mate hwdib index Idx is not identical with ours.","%ASA-1-103008: host Mate hwdib index Idx is not identical with ours.","The number of interfaces on the active and standby units is not the same.","Verify that the units have the same number of interfaces. You might need to install additional interface modules, or use different devices. After the physical interfaces match, force a configuration sync by entering the write standby command. 104001,","1","Alert","85","network","general"
+"%ASA-1-104001","104001","(Primary) Switching to ACTIVE - string.","%ASA-1-104001: (Primary) Switching to ACTIVE - string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","1","Alert","75","network","general"
+"%ASA-1-104002","104002","(Secondary) Switching to STANDBY - string.","%ASA-1-104002: (Secondary) Switching to STANDBY - string.","You have forced the failover pair to switch roles, either by entering the failover active command on the standby unit, or the no failover active command on the active unit. Primary can also be listed as Secondary for the secondary unit. Possible values for the string variable are as follows: • state check • bad/incomplete config • ifc [interface] check, mate is healthier • the other side wants me to standby • in failed state, cannot be active • switch to failed state • other unit set to active by CLI config command fail active","If the message occurs because of manual intervention, no action is required. Otherwise, use the cause reported by the secondary unit to verify the status of both units of the pair.","1","Alert","95","network","general"
+"%ASA-1-104003","104003","(Primary) Switching to FAILED.","%ASA-1-104003: (Primary) Switching to FAILED.","The primary unit has failed.","Check the messages for the primary unit for an indication of the nature of the problem (see message 104001). Primary can also be listed as Secondary for the secondary unit.","1","Alert","85","network","general"
+"%ASA-1-104004","104004","(Primary) Switching to OK.","%ASA-1-104004: (Primary) Switching to OK.","A previously failed unit reports that it is operating again. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-104500","104500","(Primary|Secondary) Switching to ACTIVE - switch reason: reason","%ASA-1-104500: (Primary|Secondary) Switching to ACTIVE - switch reason: reason","This HA unit is assuming the Active role for the Cloud HA pair. Possible values for the reason string are: • no existing Active unit present • unable to send message to Active unit • no response to Hello message received from Active unit • user initiated failover on this unit • user initiated failover on peer unit • invalid message received on failover connection","None required.","1","Alert","5","network","general"
+"%ASA-1-104501","104501","(Primary|Secondary) Switching to BACKUP - switch reason: reason","%ASA-1-104501: (Primary|Secondary) Switching to BACKUP - switch reason: reason","This HA unit is assuming the Backup role for the Cloud HA pair. Possible values for the reason string are: • existing Active unit present • user initiated failover on this unit • user initiated failover on peer unit","None required.","1","Alert","5","network","general"
+"%ASA-1-104502","104502","(Primary|Secondary) Becoming Backup unit failed","%ASA-1-104502: (Primary|Secondary) Becoming Backup unit failed","This HA unit failed to assume the Backup role for the Cloud HA pair. The reason being the same as that of 104500 and 104501.","None required.","1","Alert","5","network","general"
+"%ASA-1-105001","105001","(Primary) Disabling failover.","%ASA-1-105001: (Primary) Disabling failover.","In version 7.x and later, this message may indicate the following: failover has been automatically disabled because of a mode mismatch (single or multiple), a license mismatch (encryption or context), or a hardware difference (one unit has an IPS SSM installed, and its peer has a CSC SSM installed). Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-105002","105002","(Primary) Enabling failover.","%ASA-1-105002: (Primary) Enabling failover.","You have used the failover command with no arguments on the console, after having previously disabled failover. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-105003","105003","(Primary) Monitoring on interface interface_name waiting","%ASA-1-105003: (Primary) Monitoring on interface interface_name waiting","The Secure Firewall ASA is testing the specified network interface with the other unit of the failover pair. Primary can also be listed as Secondary for the secondary unit.","None required. The Secure Firewall ASA monitors its network interfaces frequently during normal operation.","1","Alert","5","network","general"
+"%ASA-1-105004","105004","(Primary) Monitoring on interface interface_name normal","%ASA-1-105004: (Primary) Monitoring on interface interface_name normal","The test of the specified network interface was successful. Primary can also be listed as Secondary for the secondary unit. There could be delay in the logging of syslog when compared to the actual status change. This delay is due to the poll time and hold time that is configured for the interface monitoring. Note","None required.","1","Alert","5","network","general"
+"%ASA-1-105005","105005","(Primary) Lost Failover communications with mate on interface interface_name","%ASA-1-105005: (Primary) Lost Failover communications with mate on interface interface_name","One unit of the failover pair can no longer communicate with the other unit of the pair. Primary can also be listed as Secondary for the secondary unit.","Verify that the network connected to the specified interface is functioning correctly. 105006,","1","Alert","85","network","general"
+"%ASA-1-105006","105006","(Primary) Link status 'Up' on interface interface_name","%ASA-1-105006: (Primary) Link status 'Up' on interface interface_name","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","1","Alert","75","network","general"
+"%ASA-1-105007","105007","(Primary) Link status 'Down' on interface interface_name.","%ASA-1-105007: (Primary) Link status 'Down' on interface interface_name.","The results of monitoring the link status of the specified interface have been reported. Primary can also be listed as Secondary for the secondary unit.","If the link status is down, verify that the network connected to the specified interface is operating correctly.","1","Alert","85","network","general"
+"%ASA-1-105008","105008","(Primary) Testing Interface interface_name","%ASA-1-105008: (Primary) Testing Interface interface_name","Testing of a specified network interface has occurred. This testing is performed only if the Secure Firewall ASA fails to receive a message from the standby unit on that interface after the expected interval. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-105009","105009","(Primary) Testing on interface interface_name {Passed|Failed}","%ASA-1-105009: (Primary) Testing on interface interface_name {Passed|Failed}","The result (either Passed or Failed) of a previous interface test has been reported. Primary can also be listed as Secondary for the secondary unit.","None required if the result is Passed. If the result is Failed, you should check the network cable connection to both failover units, that the network itself is functioning correctly, and verify the status of the standby unit.","1","Alert","5","network","general"
+"%ASA-1-105011","105011","(Primary) Failover cable communication failure","%ASA-1-105011: (Primary) Failover cable communication failure","The failover cable is not permitting communication between the primary and secondary units. Primary can also be listed as Secondary for the secondary unit.","Ensure that the cable is connected correctly.","1","Alert","85","network","general"
+"%ASA-1-105020","105020","(Primary) Incomplete/slow config replication","%ASA-1-105020: (Primary) Incomplete/slow config replication","When a failover occurs, the active Secure Firewall ASA detects a partial configuration in memory. Normally, this is caused by an interruption in the replication service. Primary can also be listed as Secondary for the secondary unit.","After the Secure Firewall ASA detects the failover, the Secure Firewall ASA automatically reboots and loads the configuration from flash memory and/or resynchronizes with another Secure Firewall ASA. If failovers occurs continuously, check the failover configuration and make sure that both Secure Firewall ASAs can communicate with each other.","1","Alert","75","network","general"
+"%ASA-1-105021","105021","(Failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name","%ASA-1-105021: (Failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name","During configuration synchronization, a standby unit will reload itself if some other process locks the configuration for more than five minutes, which prevents the failover process from applying the new configuration. This can occur when an administrator pages through a running configuration on the standby unit while configuration synchronization is in process. See also the show running-config command in privileged EXEC mode and the pager lines num command in global configuration mode in the Command Reference Guides.","Avoid viewing or modifying the configuration on the standby unit when it first boots up and is in the process of establishing a failover connection with the active unit.","1","Alert","100","network","general"
+"%ASA-1-105022","105022","(host) Config replication failed with reason = reason","%ASA-1-105022: (host) Config replication failed with reason = reason","When high availability replication fails, the message is generated. Where, • host—Indicates the current failover unit, namely, primary or secondary. • reason—The time out expiry reason for termination of the failover configuration replication: • CFG_SYNC_TIMEOUT—Where, the 60-second timer for the configuration to be replicated from active to standby lapses, and the device starts to reboot. • CFG_PROGRESSION_TIMEOUT—Where, the interval timer of 6 hours which governs the high availability configuration replication lapses.","None.","1","Alert","85","network","general"
+"%ASA-1-105031","105031","Failover LAN interface is up","%ASA-1-105031: Failover LAN interface is up","The LAN failover interface link is up.","None required.","1","Alert","5","network","general"
+"%ASA-1-105032","105032","LAN Failover interface is down","%ASA-1-105032: LAN Failover interface is down","The LAN failover interface link is down.","Check the connectivity of the LAN failover interface. Make sure that the speed or duplex setting is correct.","1","Alert","75","network","general"
+"%ASA-1-105033","105033","LAN FO cmd Iface down and up again","%ASA-1-105033: LAN FO cmd Iface down and up again","LAN interface of failover gone down.","Verify the failover link, might be a communication problem.","1","Alert","85","network","general"
+"%ASA-1-105034","105034","Receive a LAN_FAILOVER_UP message from peer.","%ASA-1-105034: Receive a LAN_FAILOVER_UP message from peer.","The peer has just booted and sent the initial contact message.","None required.","1","Alert","5","network","general"
+"%ASA-1-105035","105035","Receive a LAN failover interface down msg from peer.","%ASA-1-105035: Receive a LAN failover interface down msg from peer.","The peer LAN failover interface link is down. The unit switches to active mode if it is in standby mode.","Check the connectivity of the peer LAN failover interface.","1","Alert","75","network","general"
+"%ASA-1-105036","105036","dropped a LAN Failover command message.","%ASA-1-105036: dropped a LAN Failover command message.","The Secure Firewall ASA dropped an unacknowledged LAN failover command message, indicating a connectivity problem exists on the LAN failover interface.","Check that the LAN interface cable is connected.","1","Alert","95","network","general"
+"%ASA-1-105037","105037","(Primary and Standby ) Both units are switching back and forth as the active unit","%ASA-1-105037: (Primary and Standby ) Both units are switching back and forth as the active unit","The primary and standby units are switching back and forth as the active unit, indicating a LAN failover connectivity problem or software bug exists.","Make sure that the LAN interface cable is connected.","1","Alert","75","network","general"
+"%ASA-1-105038","105038","(Primary) Interface count mismatch","%ASA-1-105038: (Primary) Interface count mismatch","When a failover occurs, the active Secure Firewall ASA detects a partial configuration in memory. Normally, this is caused by an interruption in the replication service. Primary can also be listed as Secondary for the secondary unit.","Once the failover is detected by the Secure Firewall ASA, the Secure Firewall ASA automatically reboots and loads the configuration from flash memory and/or resynchronizes with another Secure Firewall ASA. If failovers occur continuously, check the failover configuration and make sure that both Secure Firewall ASAs can communicate with each other.","1","Alert","85","network","general"
+"%ASA-1-105039","105039","(Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.","%ASA-1-105039: (Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.","Failover initially verifies that the number of interfaces configured on the primary and secondary Secure Firewall ASAs are the same. This message indicates that the primary Secure Firewall ASA is not able to verify the number of interfaces configured on the secondary Secure Firewall ASA. This message indicates that the primary Secure Firewall ASA is not able to communicate with the secondary Secure Firewall ASA over the failover interface. Primary can also be listed as Secondary for the secondary unit.","Verify the failover LAN, interface configuration, and status on the primary and secondary Secure Firewall ASAs. Make sure that the secondary Secure Firewall ASA is running the Secure Firewall ASA application and that failover is enabled.","1","Alert","95","network","general"
+"%ASA-1-105040","105040","(Primary) Mate failover version is not compatible.","%ASA-1-105040: (Primary) Mate failover version is not compatible.","The primary and secondary Secure Firewall ASAs should run the same failover software version to act as a failover pair. This message indicates that the secondary Secure Firewall ASA failover software version is not compatible with the primary Secure Firewall ASA. Failover is disabled on the primary Secure Firewall ASA. Primary can also be listed as Secondary for the secondary Secure Firewall ASA.","Maintain consistent software versions between the primary and secondary Secure Firewall ASAs to enable failover.","1","Alert","75","network","general"
+"%ASA-1-105041","105041","cmd failed during sync","%ASA-1-105041: cmd failed during sync","Replication of the nameif command failed, because the number of interfaces on the active and standby units is not the same.","Verify that the units have the same number of interfaces. You might need to install additional interface modules, or use different devices. After the physical interfaces match, force a configuration sync by entering the write standby command.","1","Alert","95","network","general"
+"%ASA-1-105042","105042","(Primary) Failover interface OK","%ASA-1-105042: (Primary) Failover interface OK","The interface that sends failover messages could go down when physical status of the failover link is down or when L2 connectivity between the failover peers is lost resulting in dropping of ARP packets. This message is generated after restoring the L2 ARP connectivity.","None required.","1","Alert","95","network","general"
+"%ASA-1-105043","105043","(Primary) Failover interface failed","%ASA-1-105043: (Primary) Failover interface failed","This syslog is generated when physical status of the failover link is down or when L2 connectivity between the failover peers is lost. The disconnection results in loss of ARP packets flowing between the units.","• Check the physical status of the failover link, ensure its physical and operational status is functional. • Ensure ARP packets flow through the transit path of the failover links between the failover pairs.","1","Alert","85","network","general"
+"%ASA-1-105044","105044","(Primary) Mate operational mode (mode) is not compatible with my mode (mode).","%ASA-1-105044: (Primary) Mate operational mode (mode) is not compatible with my mode (mode).","When the operational mode (single or multiple) does not match between failover peers, failover will be disabled.","Configure the failover peers to have the same operational mode, and then reenable failover.","1","Alert","75","network","general"
+"%ASA-1-105045","105045","(Primary) Mate license (number_contexts) is not compatible with my license (number_contexts).","%ASA-1-105045: (Primary) Mate license (number_contexts) is not compatible with my license (number_contexts).","When the feature licenses do not match between failover peers, failover will be disabled.","Configure the failover peers to have the same feature license, and then reenable failover.","1","Alert","75","network","general"
+"%ASA-1-105046","105046","(Primary|Secondary) Mate has a different chassis","%ASA-1-105046: (Primary|Secondary) Mate has a different chassis","Two failover units have a different type of chassis. For example, one has a three-slot chassis; the other has a six-slot chassis.","Make sure that the two failover units are the same.","1","Alert","75","network","general"
+"%ASA-1-105047","105047","Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2","%ASA-1-105047: Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2","The two failover units have different types of cards in their respective slots.","Make sure that the card configurations for the failover units are the same.","1","Alert","75","network","general"
+"%ASA-1-105048","105048","(unit) Mate's service module (application) is different from mine (application).","%ASA-1-105048: (unit) Mate's service module (application) is different from mine (application).","The failover process detected that different applications are running on the service modules in the active and standby units. The two failover units are incompatible if different service modules are used. • unit—Primary or secondary • application—The name of the application, such as InterScan Security Card","Make sure that both units have identical service modules before trying to reenable failover.","1","Alert","95","network","general"
+"%ASA-1-105502","105502","(Primary|Secondary) Restarting Cloud HA on this unit, reason: string","%ASA-1-105502: (Primary|Secondary) Restarting Cloud HA on this unit, reason: string","An error occurred and caused this HA unit to restart Cloud HA. Possible values for the reason string are: • failed to become Backup unit • unable to create failover connection","None required.","1","Alert","5","network","general"
+"%ASA-1-106021","106021","Deny protocol reverse path check from source_address to dest_address on interface interface_name","%ASA-1-106021: Deny protocol reverse path check from source_address to dest_address on interface interface_name","An attack is in progress. Someone is attempting to spoof an IP address on an inbound connection. Unicast RPF, also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes that it is part of an attack on your Secure Firewall ASA. This message appears when you have enabled Unicast RPF with the ip verify reverse-path command. This feature works on packets input to an interface; if it is configured on the outside, then the Secure Firewall ASA checks packets arriving from the outside. The Secure Firewall ASA looks up a route based on the source_address. If an entry is not found and a route is not defined, then this message appears and the connection is dropped. If there is a route, the Secure Firewall ASA checks which interface it corresponds to. If the packet arrived on another interface, it is either a spoof or there is an asymmetric routing environment that has more than one path to a destination. The Secure Firewall ASA does not support asymmetric routing. If the Secure Firewall ASA is configured on an internal interface, it checks static route command statements or RIP, and if the source_address is not found, then an internal user is spoofing their address.","Even though an attack is in progress, if this feature is enabled, no user action is required. The Secure Firewall ASA repels the attack.","1","Alert","100","access_control","acl"
+"%ASA-1-106022","106022","Deny protocol connection spoof from source_address to dest_address on interface interface_name","%ASA-1-106022: Deny protocol connection spoof from source_address to dest_address on interface interface_name","A packet matching a connection arrived on a different interface from the interface on which the connection began. In addition, the ip verify reverse-path command is not configured. For example, if a user starts a connection on the inside interface, but the Secure Firewall ASA detects the same connection arriving on a perimeter interface, the Secure Firewall ASA has more than one path to a destination. This is known as asymmetric routing and is not supported on the Secure Firewall ASA. An attacker also might be attempting to append packets from one connection to another as a way to break into the Secure Firewall ASA. In either case, the Secure Firewall ASA shows this message and drops the connection.","Check that the routing is not asymmetric.","1","Alert","100","access_control","acl"
+"%ASA-1-106101","106101","Number of cached deny-flows for ACL log has reached limit (number)","%ASA-1-106101: Number of cached deny-flows for ACL log has reached limit (number)","If you configured the log option for an ACL deny statement (access-list id deny command), and a traffic flow matches the ACL statement, the Secure Firewall ASA caches the flow information. This message indicates that the number of matching flows that are cached on the Secure Firewall ASA exceeds the user-configured limit (using the access-list deny-flow-max command). This message might be generated as a result of a DoS attack. • number— The limit configured using the access-list deny-flow-max command","None required.","1","Alert","95","access_control","acl"
+"%ASA-1-107001","107001","RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name","%ASA-1-107001: RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name","The Secure Firewall ASA received a RIP reply message with bad authentication. This message might be caused by a misconfiguration on the router or the Secure Firewall ASA or by an unsuccessful attempt to attack the routing table of the Secure Firewall ASA.","This message indicates a possible attack and should be monitored. If you are not familiar with the source IP address listed in this message, change your RIP authentication keys between trusted entities. An attacker might be trying to determine the existing keys.","1","Alert","100","network","general"
+"%ASA-1-107002","107002","RIP pkt failed from IP_address: version=number on interface interface_name","%ASA-1-107002: RIP pkt failed from IP_address: version=number on interface interface_name","A router bug, a packet with non-RFC values inside, or a malformed entry may have caused this message to appear. This should not happen, and may be an attempt to exploit the routing table of the ASA.","This message indicates a possible attack and should be monitored. The packet has passed authentication, if enabled, and bad data is in the packet. Monitor the situation and change the keys if there are any doubts about the originator of the packet.","1","Alert","100","network","general"
+"%ASA-1-111111","111111","error_message","%ASA-1-111111: error_message","A system or infrastructure error has occurred.","If the problem persists, contact the Cisco TAC.","1","Alert","75","network","general"
+"%ASA-1-114001","114001","Failed to initialize card-type I/O card due to error_string.","%ASA-1-114001: Failed to initialize card-type I/O card due to error_string.","The system failed to initialize a 4GE SSM I/O card because of an I2C error or a switch initialization error. • syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","1","Alert","85","network","general"
+"%ASA-1-114002","114002","Failed to initialize SFP in card-type I/O card due to error_string.","%ASA-1-114002: Failed to initialize SFP in card-type I/O card due to error_string.","The system failed to initialize an SFP connector in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are the I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR • I2C_HOST_BUSY_ERROR • I2C_UNPOPULATED_ERROR • I2C_SMBUS_UNSUPPORT • I2C_BYTE_COUNT_ERROR • I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","1","Alert","85","network","general"
+"%ASA-1-114003","114003","Failed to run cached commands in card-type I/O card due to error_string.","%ASA-1-114003: Failed to run cached commands in card-type I/O card due to error_string.","The system failed to run cached commands in a 4GE SSM I/O card because of an I2C error or a switch initialization error.","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","1","Alert","85","network","general"
+"%ASA-1-199010","199010","Signal number caught in process/fiber (rtcli_async_executor_process)/(rtcli_async_executor) at address ip_address, corrective action at ip_address","%ASA-1-199010: Signal number caught in process/fiber (rtcli_async_executor_process)/(rtcli_async_executor) at address ip_address, corrective action at ip_address","The system has recovered from a serious error.","Contact the Cisco TAC.","1","Alert","75","network","general"
+"%ASA-1-199012","199012","Stack overflow during new_stack_call in process/fiber process_name/fiber_name, call target f, stack size s","%ASA-1-199012: Stack overflow during new_stack_call in process/fiber process_name/fiber_name, call target f, stack size s","A stack overflow condition has been detected.","Contact the Cisco TAC and attach the log file.","1","Alert","75","network","general"
+"%ASA-1-199013","199013","syslog","%ASA-1-199013: syslog","A variable syslog was generated by an assistive process. • syslog—The alert syslog passed verbatim from an external process","Contact the Cisco TAC.","1","Alert","75","network","general"
+"%ASA-1-199021","199021","System memory utilization has reached the configured threshold of Y%%. System will now reload.","%ASA-1-199021: System memory utilization has reached the configured threshold of Y%%. System will now reload.","The system memory utilization has reached 100% of the system memory watchdog facility's configured value. The system will automatically reload.","Reduce system memory utilization by reducing traffic load, removing traffic inspections, reducing the number of ACL entries, and so on. If a memory leak is suspected, contact Cisco TAC.","1","Alert","95","network","general"
+"%ASA-2-105506","105506","(Primary|Secondary) Unable to create socket for port port for failover_connection|load_balancer_probes, error: error_string","%ASA-2-105506: (Primary|Secondary) Unable to create socket for port port for failover_connection|load_balancer_probes, error: error_string","An internal error occurred while attempting to create a socket needed for the failover connection or resonding to Azure load balancer probes.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-105507","105507","(Primary|Secondary) Unable to bind socket for port port for failover_connection|load_balancer_probes, error: error_string","%ASA-2-105507: (Primary|Secondary) Unable to bind socket for port port for failover_connection|load_balancer_probes, error: error_string","An internal error occurred while attempting to start a socket needed for the failover connection or resonding to Azure load balancer probes.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-105508","105508","(Primary|Secondary) Error creating failover connection socket for port port","%ASA-2-105508: (Primary|Secondary) Error creating failover connection socket for port port","An internal error occurred while attempting to create a socket on the Active unit for exchanging failover control messages with the Backup unit.","This message is preceeded by a 104509 or 104510 message. Follow the Recommended Action for the message that precedes this one.","2","Critical","85","network","general"
+"%ASA-2-105525","105525","(Primary|Secondary) Incomplete configuration to initiate access token change request","%ASA-2-105525: (Primary|Secondary) Incomplete configuration to initiate access token change request","An attempt was made to acquire an access token but there was not enough configuration information need to initiate the request.","Ensure that an Azure authentication client ID, tenant ID and secret key are all present in the ASA configuration.","2","Critical","85","network","general"
+"%ASA-2-105526","105526","(Primary|Secondary) Unexpected status in response to access token request: status (status_string)","%ASA-2-105526: (Primary|Secondary) Unexpected status in response to access token request: status (status_string)","A response to an Azure access token request was received but the HTTP status code in the response was not 200 (OK).","Ensure that the Azure authentication client ID, tenant ID and secret key are all correct in the ASA configuration.","2","Critical","85","network","general"
+"%ASA-2-105527","105527","(Primary|Secondary) Failure reading response to access token request","%ASA-2-105527: (Primary|Secondary) Failure reading response to access token request","An internal error occurred while receiving a response to an Azure access token request.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-105528","105528","(Primary|Secondary) No access token in response to access token request","%ASA-2-105528: (Primary|Secondary) No access token in response to access token request","A response to an Azure route change request was received but it did not contain an access_token value.","Verify that the Azure authentication client ID, tenant ID and secret key are all correct in the ASA configuration.","2","Critical","95","network","general"
+"%ASA-2-105529","105529","(Primary|Secondary) Error creating authentication header from access token","%ASA-2-105529: (Primary|Secondary) Error creating authentication header from access token","An internal error occurred while attempting to create an authentication header needed for changing Azure routes.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","85","network","general"
+"%ASA-2-105530","105530","(Primary|Secondary) No response to access token request from url","%ASA-2-105530: (Primary|Secondary) No response to access token request from url","Azure route-table information was not able to be obtained for an Azure route-table change.","Verify route-table name is correct in ASA configuration and exists in Azure.","2","Critical","95","network","general"
+"%ASA-2-105531","105531","(Primary|Secondary) Failed to obtain route-table information needed for change request for route-table route_table_name","%ASA-2-105531: (Primary|Secondary) Failed to obtain route-table information needed for change request for route-table route_table_name","Azure route-table information was not able to be obtained for an Azure route-table change.","Verify route-table name is correct in ASA configuration and exists in Azure.","2","Critical","100","network","general"
+"%ASA-2-105532","105532","(Primary|Secondary) Unexpected status in response to route-table change request for route-table route_table_name: status (status_string)","%ASA-2-105532: (Primary|Secondary) Unexpected status in response to route-table change request for route-table route_table_name: status (status_string)","A response to an Azure route-tablechange request was received but the HTTP status code in the response was not 200 (OK).","Verify that the configured Azure subscription ID, route-table name and route-table resource group are correct.","2","Critical","95","network","general"
+"%ASA-2-105533","105533","(Primary|Secondary) Failure reading response to route-table change request for route-table route_table_name","%ASA-2-105533: (Primary|Secondary) Failure reading response to route-table change request for route-table route_table_name","An internal error occurred while receiving a response to an Azure route-table change request.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-105534","105534","(Primary|Secondary) No provisioning state in response to route-table change request route-table route_table_name","%ASA-2-105534: (Primary|Secondary) No provisioning state in response to route-table change request route-table route_table_name","A response to an Azure route-table change request was received but it did not contain a provisioningState value containing the route-table change status.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","85","network","general"
+"%ASA-2-105535","105535","(Primary|Secondary) No response to route-table change request for route-table route_table_name from url","%ASA-2-105535: (Primary|Secondary) No response to route-table change request for route-table route_table_name from url","No response was received to an Azure route-table change request.","Verify that management.azure.com is reachable from the ASA Virtual.","2","Critical","95","network","general"
+"%ASA-2-105536","105536","(Primary|Secondary) Failed to obtain Azure authentication header for route status request for route route_name","%ASA-2-105536: (Primary|Secondary) Failed to obtain Azure authentication header for route status request for route route_name","An Azure access token was not able to be obtained for an Azure route status query.","See the Recommended Action of access token related message that preceeds this message.","2","Critical","95","network","general"
+"%ASA-2-105537","105537","(Primary|Secondary) Unexpected status in response to route state request for route route_name: status (status_string)","%ASA-2-105537: (Primary|Secondary) Unexpected status in response to route state request for route route_name: status (status_string)","A response to an Azure route state request was received but the HTTP status code in the response was not 200 (OK).","Verify that the configured Azure subscription ID, route table name and route table resource group are correct.","2","Critical","95","network","general"
+"%ASA-2-105538","105538","(Primary|Secondary) Failure reading response to route state request for route route_name","%ASA-2-105538: (Primary|Secondary) Failure reading response to route state request for route route_name","An internal error occurred while receiving a response to an Azure route state request.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-105539","105539","(Primary|Secondary) No response to route state request for route route_name from url","%ASA-2-105539: (Primary|Secondary) No response to route state request for route route_name from url","No response was received to an Azure route state request.","Verify that management.azure.com is reachable from the ASA Virtual.","2","Critical","95","network","general"
+"%ASA-2-105540","105540","(Primary|Secondary) No route-tables configured","%ASA-2-105540: (Primary|Secondary) No route-tables configured","No Azure route-tables were detected to change.","Confirm that route-tables are correctly configured in ASA configuration.","2","Critical","85","network","general"
+"%ASA-2-105541","105541","(Primary|Secondary) Failed to update route-table route_table_name, provisioning state: state_string","%ASA-2-105541: (Primary|Secondary) Failed to update route-table route_table_name, provisioning state: state_string","A response to an Azure route-table state request was received that contained a provisioningState that indicated a failure to update the route-table.","The Active unit will make three attempts to update an Azure route-table. If all three attempts fail, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-105544","105544","(Primary|Secondary) Error creating load balancer probe socket for port port","%ASA-2-105544: (Primary|Secondary) Error creating load balancer probe socket for port port","An internal error occurred while attempting to create a socket for responding to probes from an Azure Load Balancer.","This message will be preceeded by a 104509 or 104510 message. Follow the Recommended Action for the message that precedes this one.","2","Critical","85","network","general"
+"%ASA-2-106001","106001","Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name","%ASA-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name","An attempt was made to connect to an inside address is denied by the security policy that is defined for the specified traffic type. The IP address displayed is the real IP address instead of the IP address that appears through NAT. Possible tcp_flags values correspond to the flags in the TCP header that were","None required.","2","Critical","100","access_control","acl"
+"%ASA-2-106002","106002","protocol Connection denied by outbound list acl_ID src inside_address dest outside_address","%ASA-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address","The specified connection failed because of an outbound deny command. The protocol variable can be ICMP, TCP, or UDP.","Use the show outbound command to check outbound lists.","2","Critical","100","access_control","acl"
+"%ASA-2-106006","106006","Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name","%ASA-2-106006: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name","An inbound UDP packet was denied by the security policy that is defined for the specified traffic type.","None required.","2","Critical","100","access_control","acl"
+"%ASA-2-106007","106007","Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query}","%ASA-2-106007: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query}","A UDP packet containing a DNS query or response was denied.","If the inside port number is 53, the inside host probably is set up as a caching name server. Add an access-list command statement to permit traffic on UDP port 53 and a translation entry for the inside host. If the outside port number is 53, a DNS server was probably too slow to respond, and the query was answered by another server.","2","Critical","100","access_control","acl"
+"%ASA-2-106013","106013","Dropping echo request from IP_address to PAT address IP_address","%ASA-2-106013: Dropping echo request from IP_address to PAT address IP_address","The Secure Firewall ASA discarded an inbound ICMP Echo Request packet with a destination address that corresponds to a PAT global address. The inbound packet is discarded because it cannot specify which PAT host should receive the packet.","None required.","2","Critical","100","access_control","acl"
+"%ASA-2-106016","106016","Deny IP spoof from (ip_address) to ip_address on interface interface_name","%ASA-2-106016: Deny IP spoof from (ip_address) to ip_address on interface interface_name","A packet arrived at the Secure Firewall ASA interface that has a destination IP address of 0.0.0.0 and a destination MAC address of the Secure Firewall ASA interface. In addition, this message is generated when the Secure Firewall ASA discarded a packet with an invalid source address, which may include one of the following or some other invalid address: • Loopback network (127.0.0.0) • Broadcast (limited, net-directed, subnet-directed, and all-subnets-directed) • The destination host (land.c) To further enhance spoof packet detection, use the icmp command to configure the Secure Firewall ASA to discard packets with source addresses belonging to the internal network, because the access-list command has been deprecated and is no longer guaranteed to work correctly.","Determine if an external user is trying to compromise the protected network. Check for misconfigured clients.","2","Critical","100","access_control","acl"
+"%ASA-2-106017","106017","Deny IP due to Land Attack from IP_address to IP_address","%ASA-2-106017: Deny IP due to Land Attack from IP_address to IP_address","The Secure Firewall ASA received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.","If this message persists, an attack may be in progress. The packet does not provide enough information to determine where the attack originates.","2","Critical","100","access_control","acl"
+"%ASA-2-106018","106018","ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address","%ASA-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address","The outgoing ICMP packet with the specified ICMP from local host (inside_address) to the foreign host (outside_address) was denied by the outbound ACL list.","None required.","2","Critical","100","access_control","acl"
+"%ASA-2-106020","106020","Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address","%ASA-2-106020: Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address","The Secure Firewall ASA discarded an IP packet with a teardrop signature containing either a small offset or fragment overlapping. This is a hostile event that circumvents the Secure Firewall ASA or an Intrusion Detection System.","Contact the remote peer administrator or escalate this issue according to your security policy.","2","Critical","100","access_control","acl"
+"%ASA-2-106024","106024","Access rules memory exhausted. Aborting current compilation and continuing to use the existing access rules","%ASA-2-106024: Access rules memory exhausted. Aborting current compilation and continuing to use the existing access rules","The access list compilation process has run out of memory. All configuration information that has been added since the last successful access list was removed from the Secure Firewall ASA, and the most recently compiled set of access lists will continue to be used.","Access lists, AAA, ICMP, SSH, Telnet, and other rule types are stored and compiled as access list rule types. Remove some of these rule types so that others can be added. 106025,","2","Critical","85","access_control","acl"
+"%ASA-2-108002","108002","SMTP replaced string: out source_address in inside_address data: string","%ASA-2-108002: SMTP replaced string: out source_address in inside_address data: string","A Mail Guard (SMTP) message has been generated by the inspect esmtp command. The ASA has replaced an invalid character in an e-mail address with a space.","None required.","2","Critical","5","network","general"
+"%ASA-2-108003","108003","Terminating ESMTP connection; malicious pattern detected in the mail address from source_interface:source_address/source_port to dest_interface:dest_address/dset_port. Mail Address:string","%ASA-2-108003: Terminating ESMTP connection; malicious pattern detected in the mail address from source_interface:source_address/source_port to dest_interface:dest_address/dset_port. Mail Address:string","The ASA has detected a malicious pattern in an e-mail address and drops the connection. An attack is in progress.","None required.","2","Critical","100","network","general"
+"%ASA-2-109011","109011","Authen Session Start: user 'user', sid number","%ASA-2-109011: Authen Session Start: user 'user', sid number","An authentication session started between the host and the Secure Firewall ASA and has not yet completed.","None required.","2","Critical","5","authentication","aaa"
+"%ASA-2-112001","112001","Clear finished","%ASA-2-112001: Clear finished","A request to clear the module configuration was completed. The source file and line number are identified.","None required.","2","Critical","5","network","general"
+"%ASA-2-113022","113022","AAA Marking protocol server {IP_address | hostname} in aaa-server group tag as FAILED","%ASA-2-113022: AAA Marking protocol server {IP_address | hostname} in aaa-server group tag as FAILED","The Secure Firewall ASA has tried an authentication, authorization, or accounting request to the AAA server and did not receive a response within the configured timeout window. The AAA server will be marked as failed and has been removed from service. • protocol —The type of authentication protocol, which can be one of the following: - RADIUS - TACACS+ - NT - RSA SecurID - Kerberos - LDAP • ip-addr —The IP address of the AAA server • tag —The server group name","Verify that the AAA server is online and is accessible from the Secure Firewall ASA.","2","Critical","100","network","general"
+"%ASA-2-113023","113023","AAA Marking protocol server ip-addr in aaa-server group tag as ACTIVE","%ASA-2-113023: AAA Marking protocol server ip-addr in aaa-server group tag as ACTIVE","The Secure Firewall ASA has reactivated the AAA server that was previously marked as failed. The AAA server is now available to service AAA requests. • protocol —The type of authentication protocol, which can be one of the following: - RADIUS - TACACS+ - NT - RSA SecurID - Kerberos - LDAP • ip-addr —The IP address of the AAA server • tag —The server group name","None required.","2","Critical","5","network","general"
+"%ASA-2-113027","113027","Error activating tunnel-group scripts","%ASA-2-113027: Error activating tunnel-group scripts","The script file cannot be loaded successfully. No tunnel groups using the username-from-certificate use-script option work correctly.","The administrator should check the script file for errors using ASDM. Use the debug aaa command to obtain a more detailed error message that may be useful.","2","Critical","85","network","general"
+"%ASA-2-115000","115000","Critical assertion in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","%ASA-2-115000: Critical assertion in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","A high priority defect should be filed, the reason for the assertion should be investigated, and the problem corrected.","2","Critical","95","network","general"
+"%ASA-2-199011","199011","Close on bad channel in process/fiber process_name/fiber_name, channel ID p, channel state channel_state","%ASA-2-199011: Close on bad channel in process/fiber process_name/fiber_name, channel ID p, channel state channel_state","An unexpected channel close condition has been detected. • p—The channel ID • process/fiber —The name of the process/fiber that caused the bad channel close operation • s—The channel state","Contact the Cisco TAC and attach a log file.","2","Critical","85","network","general"
+"%ASA-2-199014","199014","syslog","%ASA-2-199014: syslog","A variable syslog was generated by an assistive process. • syslog—The critical syslog passed verbatim from an external process","Contact the Cisco TAC.","2","Critical","85","network","general"
+"%ASA-2-199020","199020","System memory utilization has reached X %. System will reload if memory usage reaches the configured trigger level of Y %.","%ASA-2-199020: System memory utilization has reached X %. System will reload if memory usage reaches the configured trigger level of Y %.","The system memory utilization has reached 80% of the system memory watchdog facility's configured value.","Reduce system memory utilization by reducing traffic load, removing traffic inspections, reducing the number of ACL entries, and so on. If a memory leak is suspected, contact Cisco TAC.","2","Critical","100","network","general"
+"%ASA-3-105010","105010","(Primary) Failover message block alloc failed","%ASA-3-105010: (Primary) Failover message block alloc failed","Block memory was depleted. This is a transient message and the Secure Firewall ASA should recover. Primary can also be listed as Secondary for the secondary unit.","Use the show blocks command to monitor the current block memory.","3","Error","75","network","general"
+"%ASA-3-105050","105050","(host) Number of Ethernet interfaces on Standby unit (int_number) is less than number on Active unit (int_number).","%ASA-3-105050: (host) Number of Ethernet interfaces on Standby unit (int_number) is less than number on Active unit (int_number).","Number of Ethernet interfaces on standby unit is less than that on active unit.","Secure Firewall ASA with same number of interfaces should be paired up with each other. Verify that the units have the same number of interfaces. You might need to install additional interface modules, or use different devices. After the physical interfaces match, force a configuration sync by entering the write standby command.","3","Error","75","network","general"
+"%ASA-3-105052","105052","HA:cipher in use algorithm name strong encryption is status, please reboot to use strong cipher and preferably change the key in use","%ASA-3-105052: HA:cipher in use algorithm name strong encryption is status, please reboot to use strong cipher and preferably change the key in use","When the failover key is configured prior to a license update, the weaker cipher is not switched to a stronger cipher automatically. This syslog is generated, every 30 seconds to alert that a weaker cipher is still being used when a stronger cipher is available. Example","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","general"
+"%ASA-3-105509","105509","(Primary|Secondary) Error sending message_name message to peer unit peer-ip, error: error_string","%ASA-3-105509: (Primary|Secondary) Error sending message_name message to peer unit peer-ip, error: error_string","An error occurred while attempting to send a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105510","105510","(Primary|Secondary) Error receiving message from peer unit peer-ip, error: error_string","%ASA-3-105510: (Primary|Secondary) Error receiving message from peer unit peer-ip, error: error_string","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105511","105511","(Primary|Secondary) Incomplete read of message header of message from peer unit peer-ip: bytes bytes read of expected header_length header byte","%ASA-3-105511: (Primary|Secondary) Incomplete read of message header of message from peer unit peer-ip: bytes bytes read of expected header_length header byte","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105512","105512","(Primary|Secondary) Error receiving message body of message from peer unit peer-ip, error: error_string","%ASA-3-105512: (Primary|Secondary) Error receiving message body of message from peer unit peer-ip, error: error_string","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105513","105513","(Primary|Secondary) Incomplete read of message body of message from peer unit peer-ip: bytes bytes read of expected message_length message body bytes","%ASA-3-105513: (Primary|Secondary) Incomplete read of message body of message from peer unit peer-ip: bytes bytes read of expected message_length message body bytes","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105514","105514","(Primary|Secondary) Error occurred when responding to message_name message received from peer unit peer-ip, error: error_string","%ASA-3-105514: (Primary|Secondary) Error occurred when responding to message_name message received from peer unit peer-ip, error: error_string","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105515","105515","(Primary|Secondary) Error receiving message_name message from peer unit peer-ip, error: error_string","%ASA-3-105515: (Primary|Secondary) Error receiving message_name message from peer unit peer-ip, error: error_string","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105516","105516","(Primary|Secondary) Incomplete read of message header of message_name message from peer unit peer-ip: bytes bytes read of expected header_length header bytes","%ASA-3-105516: (Primary|Secondary) Incomplete read of message header of message_name message from peer unit peer-ip: bytes bytes read of expected header_length header bytes","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105517","105517","(Primary|Secondary) Error receiving message body of message_name message from peer unit peer-ip, error: error_string","%ASA-3-105517: (Primary|Secondary) Error receiving message body of message_name message from peer unit peer-ip, error: error_string","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105518","105518","(Primary|Secondary) Incomplete read of message body of message_name message from peer unit peer-ip: bytes bytes read of expected message_length message body bytes","%ASA-3-105518: (Primary|Secondary) Incomplete read of message body of message_name message from peer unit peer-ip: bytes bytes read of expected message_length message body bytes","An error occurred while attempting to receive a failover control message to the peer unit.","If the error was not caused by the failure of the peer unit, copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105519","105519","(Primary|Secondary) Invalid response to message_name message received from peer unit peer-ip: type message_type, version message_version, length message_length","%ASA-3-105519: (Primary|Secondary) Invalid response to message_name message received from peer unit peer-ip: type message_type, version message_version, length message_length","An unexpected message was received in response to a failover control message.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-105545","105545","(Primary|Secondary) Error starting load balancer probe socket for port port, error code: error_code","%ASA-3-105545: (Primary|Secondary) Error starting load balancer probe socket for port port, error code: error_code","An internal error occurred while attempting to start receiving probes from an Azure Load Balancer. The Active unit will continue to attempt to enable the receiving of probes.","If this condition persists copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-105546","105546","(Primary|Secondary) Error starting load balancer probe handler","%ASA-3-105546: (Primary|Secondary) Error starting load balancer probe handler","An internal error occurred while attempting to create a process for receiving probes from an Azure Load Balancer.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-105547","105547","(Primary|Secondary) Error generating encryption key for Azure secret key","%ASA-3-105547: (Primary|Secondary) Error generating encryption key for Azure secret key","An internal error occurred while attempting to generate the encryption key used for encrypting the Azure secret key in the configuration.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-105548","105548","(Primary|Secondary) Error storing encryption key for Azure secret key","%ASA-3-105548: (Primary|Secondary) Error storing encryption key for Azure secret key","An internal error occurred while attempting to store the encryption key used for encrypting the Azure secret key in the configuration.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-105549","105549","(Primary|Secondary) Error retrieving encryption key for Azure secret key","%ASA-3-105549: (Primary|Secondary) Error retrieving encryption key for Azure secret key","An internal error occurred while attempting to retrieve the encryption key used for encrypting the Azure secret key in the configuration.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-105550","105550","(Primary|Secondary) Error encrypting Azure secret key","%ASA-3-105550: (Primary|Secondary) Error encrypting Azure secret key","An internal error occurred while encrypting the Azure secret key in the configuration.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-105551","105551","(Primary|Secondary) Error decrypting Azure secret key","%ASA-3-105551: (Primary|Secondary) Error decrypting Azure secret key","An internal error occurred while decrypting the Azure secret key in the configuration.","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-106010","106010","Deny inbound protocolsrc [interface_name : source_address/source_port ] [([idfw_user | FQDN_string ], sg_info )] dst [interface_name : dest_address /dest_port }[([idfw_user | FQDN_string ], sg_info )]","%ASA-3-106010: Deny inbound protocolsrc [interface_name : source_address/source_port ] [([idfw_user | FQDN_string ], sg_info )] dst [interface_name : dest_address /dest_port }[([idfw_user | FQDN_string ], sg_info )]","An inbound connection was denied by your security policy.","Modify the security policy if traffic should be permitted. If the message occurs at regular intervals, contact the remote peer administrator.","3","Error","85","access_control","acl"
+"%ASA-3-106011","106011","Deny inbound (No xlate) protocol_src_Interface:IP/port_dst_Interface-nameif:IP/port","%ASA-3-106011: Deny inbound (No xlate) protocol_src_Interface:IP/port_dst_Interface-nameif:IP/port","The message appears under normal traffic conditions if there are internal users that are accessing the Internet through a web browser. Any time a connection is reset, when the host at the end of the connection sends a packet after the Secure Firewall ASA receives the connection reset, this message appears. It can typically be ignored.","Prevent this message from getting logged to the syslog server by entering the no logging message 106011 command.","3","Error","85","access_control","acl"
+"%ASA-3-106014","106014","Deny inbound src","%ASA-3-106014: Deny inbound src","The Secure Firewall ASA denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically allowed.","None required.","3","Error","85","access_control","acl"
+"%ASA-3-109010","109010","Auth from inside_address/inside_port to outside_address/outside_port failed (too many pending auths) on interface interface_name","%ASA-3-109010: Auth from inside_address/inside_port to outside_address/outside_port failed (too many pending auths) on interface interface_name","An authentication request cannot be processed because the server has too many requests pending.","Check to see if the authentication server is too slow to respond to authentication requests. Enable the Flood Defender feature with the floodguard enable command.","3","Error","65","authentication","aaa"
+"%ASA-3-109013","109013","User must authenticate before using this service","%ASA-3-109013: User must authenticate before using this service","The user must be authenticated before using the service.","Authenticate using FTP, Telnet, or HTTP before using the service.","3","Error","65","authentication","aaa"
+"%ASA-3-109016","109016","Cannot find authorization ACL 'acl_id' on 'server_name' for user 'user'","%ASA-3-109016: Cannot find authorization ACL 'acl_id' on 'server_name' for user 'user'","The specified on the AAA server for this user does not exist on the Secure Firewall ASA. This error can occur if you configure the AAA server before you configure the Secure Firewall ASA. The Vendor-Specific Attribute (VSA) on your AAA server might be one of the following values: • acl=acl_ID • shell:acl=acl_ID • ACS:CiscoSecured-Defined-ACL=acl_ID","Add the ACL to the Secure Firewall ASA, making sure to use the same name specified on the AAA server.","3","Error","65","authentication","aaa"
+"%ASA-3-109018","109018","Downloaded ACL 'acl_ID' is empty","%ASA-3-109018: Downloaded ACL 'acl_ID' is empty","The downloaded authorization has no ACEs. This situation might be caused by misspelling the attribute string ip:inacl# or omitting the access-list command. junk:junk# 1=permit tcp any any eq junk ip:inacl#1=”","Correct the ACL components that have the indicated error on the AAA server.","3","Error","65","authentication","aaa"
+"%ASA-3-109019","109019","Downloaded ACL 'acl_ID' has parsing error; ACE: 'string'; string","%ASA-3-109019: Downloaded ACL 'acl_ID' has parsing error; ACE: 'string'; string","An error occurred during parsing the sequence number NNN in the attribute string ip:inacl#NNN= of a downloaded authorization. The reasons include: - missing = - contains nonnumeric, nonpace characters between # and = - NNN is greater than 999999999. ip:inacl# 1 permit tcp any any ip:inacl# 1junk2=permit tcp any any ip:inacl# 1000000000=permit tcp any any","Correct the ACL element that has the indicated error on the AAA server.","3","Error","65","authentication","aaa"
+"%ASA-3-109020","109020","Downloaded ACL has config error; ACE","%ASA-3-109020: Downloaded ACL has config error; ACE","One of the components of the downloaded authorization has a configuration error. The entire text of the element is included in the message. This message is usually caused by an invalid access-list command statement.","Correct the ACL component that has the indicated error on the AAA server.","3","Error","75","authentication","aaa"
+"%ASA-3-109023","109023","User from source_address/source_port to dest_address/dest_port on interface outside_interface using service_name must authenticate before using this service","%ASA-3-109023: User from source_address/source_port to dest_address/dest_port on interface outside_interface using service_name must authenticate before using this service","Based on the configured policies, you need to be authenticated before you can use this service port.","Authenticate using Telnet, FTP, or HTTP before attempting to use this service port.","3","Error","65","authentication","aaa"
+"%ASA-3-109026","109026","[ aaa_protocol ] Invalid reply digest received; shared server key may be mismatched.","%ASA-3-109026: [ aaa_protocol ] Invalid reply digest received; shared server key may be mismatched.","The response from the AAA server cannot be validated. The configured server key is probably incorrect. This message may be generated during transactions with RADIUS or TACACS+ servers. Verify that the server key, configured using the aaa-server command, is correct.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","85","authentication","aaa"
+"%ASA-3-109032","109032","Unable to install ACL 'access_list', downloaded for user username; Error in ACE: 'ace'","%ASA-3-109032: Unable to install ACL 'access_list', downloaded for user username; Error in ACE: 'ace'","The Secure Firewall ASA received an access control list from a RADIUS server to apply to a user connection, but an entry in the list contains a syntax error. Th euse of a list containing an error could result in the violation of a security policy, so the Secure Firewall ASA failed to authenticate the user.","Correct the access list definition in the RADIUS server configuration.","3","Error","75","authentication","aaa"
+"%ASA-3-109035","109035","Exceeded maximum number (999) of DAP attribute instances for user = user","%ASA-3-109035: Exceeded maximum number (999) of DAP attribute instances for user = user","This log is generated when the number of DAP attributes received from the RADIUS server exceeds the maximum number allowed when authenticating a connection for the specified user.","Modify the DAP attribute configuration to reduce the number of DAP attributes below the maximum number allowed as specified in the log so that the specified user can connect.","3","Error","75","authentication","aaa"
+"%ASA-3-109037","109037","Exceeded 5000 attribute values for the attribute_name attribute for user username","%ASA-3-109037: Exceeded 5000 attribute values for the attribute_name attribute for user username","The Secure Firewall ASA supports multiple values of the same attribute received from a AAA server. If the AAA server sends a response containing more than 5000 values for the same attribute, then the Secure Firewall ASA treats this response message as being malformed and rejects the authentication. This condition has only been seen in lab environments using specialized test tools. It is unlikely that the condition would occur in a real-world production network. • attribute_name —The LDAP attribute name • username —The username at login","Capture the authentication traffic between the Secure Firewall ASA and AAA server using a protocol sniffer (such as WireShark), then forward the trace file to the Cisco TAC for analysis.","3","Error","75","authentication","aaa"
+"%ASA-3-109038","109038","Attribute internal-attribute-name value ""string-from-server"" from AAA server could not be parsed as a type","%ASA-3-109038: Attribute internal-attribute-name value ""string-from-server"" from AAA server could not be parsed as a type","The AAA subsystem tried to parse an attribute from the AAA server into an internal representation and failed. • string-from-server— String received from the AAA server, truncated to 40 characters. • type —The type of the specified attribute","Verify that the attribute is being generated correctly on the AAA server. For additional information, use the debug ldap and debug radius commands.","3","Error","85","authentication","aaa"
+"%ASA-3-109103","109103","CoA action-type from coa-source-ip failed for user ""username"", with session ID: audit-session-id.","%ASA-3-109103: CoA action-type from coa-source-ip failed for user ""username"", with session ID: audit-session-id.","The Secure Firewall ASA has received a correctly formatted change of authorization request, but was unable to process it successfully. • action-type —The requested change of authorization action (update or disconnect) • coa-source-ip —Originating IP address of the change of authorization request • username —User whose session is being changed • audit-session-id —The global ID of the session being modified","Investigate the relevant VPN subsystem logs to determine why the updated attributes could not be applied or why the session could not be terminated.","3","Error","85","authentication","aaa"
+"%ASA-3-109104","109104","CoA (Action type: action-type) from coa-source-ip failed for user ""username"", with session ID: audit-session-id. Action not supported.","%ASA-3-109104: CoA (Action type: action-type) from coa-source-ip failed for user ""username"", with session ID: audit-session-id. Action not supported.","The Secure Firewall ASA has received a correctly formatted change of authorization request, but did not process it because the indicated action is not supported by the Secure Firewall ASA. • action-type —The requested change of authorization action (update or disconnect) • coa-source-ip —Originating IP address of the change of authorization request • username —User whose session is being changed • audit-session-id —The global ID of the session being modified","None required.","3","Error","5","authentication","aaa"
+"%ASA-3-109105","109105","Failed to determine the egress interface for locally generated traffic destined to protocol IP:port.","%ASA-3-109105: Failed to determine the egress interface for locally generated traffic destined to protocol IP:port.","It is necessary for Secure Firewall ASA to log a syslog if no routes are present when the interface is BVI. Apparently, if default route is present and it does not route packet to the correct interface then it becomes impossible to track it.","It is highly recommended to add default route for correct destination or add static routes.","3","Error","75","authentication","aaa"
+"%ASA-3-109203","109203","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed adding entry.","%ASA-3-109203: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed adding entry.","This message is generated when the device failed to apply ACL rules for newly created user entry.","Try to reconnect.","3","Error","75","network","general"
+"%ASA-3-109205","109205","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed applying filter.","%ASA-3-109205: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed applying filter.","This message is generated when the user entry already exists and failed to apply new rules to session on interface.","Try to reconnect.","3","Error","75","network","general"
+"%ASA-3-109206","109206","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Removing stale entry added hours ago.","%ASA-3-109206: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Removing stale entry added hours ago.","This message is generated when the device failed to add user entry due to collision and has removed stale entry.","Try to reconnect.","3","Error","75","network","general"
+"%ASA-3-109208","109208","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating entry - no entry.","%ASA-3-109208: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating entry - no entry.","This message is generated when the device has failed to update user entry with new rules.","Try to reconnect again.","3","Error","75","network","general"
+"%ASA-3-109209","109209","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating filter for entry. Entry was allocated to Session=session, User=username hours ago.","%ASA-3-109209: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating filter for entry. Entry was allocated to Session=session, User=username hours ago.","This message is generated when the device has failed to update the rules in user entry due to collision.","Try to reconnect again.","3","Error","75","network","general"
+"%ASA-3-109212","109212","UAUTH: Session=session, User=user_name, Assigned IP=ip_address, Failed removing entry - reason_string.","%ASA-3-109212: UAUTH: Session=session, User=user_name, Assigned IP=ip_address, Failed removing entry - reason_string.","This message is generated when the device fails to delete due to invalid address, missing entry, or bad entry.","Try to disconnect again.","3","Error","75","network","general"
+"%ASA-3-109213","109213","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed removing entry. Address was allocated to Session=session, User=username hours ago.","%ASA-3-109213: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed removing entry. Address was allocated to Session=session, User=username hours ago.","This message is generated when the device fails to delete due to collision in user entry.","Try to disconnect again. Messages 110002 to 113045 This section includes messages from 110002 to 113045.","3","Error","65","network","general"
+"%ASA-3-113001","113001","Unable to open AAA session. Session limit [limit] reached","%ASA-3-113001: Unable to open AAA session. Session limit [limit] reached","The AAA operation on an IPsec tunnel or WebVPN connection cannot be performed because of the unavailability of AAA resources. The limit value indicates the maximum number of concurrent AAA transactions.","Reduce the demand for AAA resources, if possible.","3","Error","75","network","general"
+"%ASA-3-113018","113018","User: 'user', Unsupported downloaded ACL Entry: 'ACL_entry', Action: 'action'","%ASA-3-113018: User: 'user', Unsupported downloaded ACL Entry: 'ACL_entry', Action: 'action'","An ACL entry in unsupported format was downloaded from the authentication server. The following list describes the message values: • user—User trying to log in • ACL_entry—Unsupported ACL entry downloaded from the authentication server • action—Action taken when encountering the unsupported ACL entry","The ACL entry on the authentication server has to be changed by the administrator to conform to the supported ACL entry formats.","3","Error","65","network","general"
+"%ASA-3-113020","113020","Kerberos error : Clock skew with server ip_address greater than time_in_seconds seconds","%ASA-3-113020: Kerberos error : Clock skew with server ip_address greater than time_in_seconds seconds","Authentication for an IPsec or WebVPN user through a Kerberos server has failed because the clocks on the Secure Firewall ASA and the server are more than five minutes (300 seconds) apart. When this occurs, the connection attempt is rejected. • ip_address —The IP address of the Kerberos server","Synchronize the clocks on the Secure Firewall ASA and the Kerberos server.","3","Error","75","network","general"
+"%ASA-3-113021","113021","Attempted console login failed user 'username' did NOT have appropriate Admin Rights.","%ASA-3-113021: Attempted console login failed user 'username' did NOT have appropriate Admin Rights.","A user has tried to access the management console and was denied. • username —The username entered by the user","If the user is a newly added admin rights user, check that the service type (LOCAL or RADIUS authentication server) for that user is set to allow access: • nas-prompt—Allows login to the console and exec privileges at the required level, but not enable (configuration modification) access • admin—Allows all access and can be further constrained by command privileges Otherwise, the user is inappropriately trying to access the management console; the action to be taken should be consistent with company policy for these matters.","3","Error","95","network","general"
+"%ASA-3-114006","114006","Failed to get port statistics in card-type I/O card due to error_string.","%ASA-3-114006: Failed to get port statistics in card-type I/O card due to error_string.","The Secure Firewall ASA failed to obtain port statistics in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are the I2C serial bus errors:","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114007","114007","Failed to get current msr in card-type I/O card due to error_string.","%ASA-3-114007: Failed to get current msr in card-type I/O card due to error_string.","The Secure Firewall ASA failed to obtain the current module status register information in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are the I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR • I2C_HOST_BUSY_ERROR • I2C_UNPOPULATED_ERROR • I2C_SMBUS_UNSUPPORT • I2C_BYTE_COUNT_ERROR • I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114008","114008","Failed to enable port after link is up in card-type I/O card due to error_string.","%ASA-3-114008: Failed to enable port after link is up in card-type I/O card due to error_string.","The Secure Firewall ASA failed to enable a port after the link transition to Up state is detected in a 4GE SSM I/O card because of either an I2C serial bus access error or a switch access error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR • I2C_HOST_BUSY_ERROR • I2C_UNPOPULATED_ERROR • I2C_SMBUS_UNSUPPORT • I2C_BYTE_COUNT_ERROR • I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114009","114009","Failed to set multicast address in card-type I/O card due to error_string.","%ASA-3-114009: Failed to set multicast address in card-type I/O card due to error_string.","The Secure Firewall ASA failed to set the multicast address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR • I2C_HOST_BUSY_ERROR • I2C_UNPOPULATED_ERROR • I2C_SMBUS_UNSUPPORT • I2C_BYTE_COUNT_ERROR • I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114010","114010","Failed to set multicast hardware address in card-type I/O card due to error_string.","%ASA-3-114010: Failed to set multicast hardware address in card-type I/O card due to error_string.","The Secure Firewall ASA failed to set the multicast hardware address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR • I2C_HOST_BUSY_ERROR • I2C_UNPOPULATED_ERROR • I2C_SMBUS_UNSUPPORT • I2C_BYTE_COUNT_ERROR • I2C_DATA_PTR_ERROR • I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114011","114011","Failed to delete multicast address in card-type I/O card due to error_string.","%ASA-3-114011: Failed to delete multicast address in card-type I/O card due to error_string.","The Secure Firewall ASA failed to delete the multicast address in a 4GE SSM I/O card because of either an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114012","114012","Failed to delete multicast hardware address in card-type I/O card due to error_string.","%ASA-3-114012: Failed to delete multicast hardware address in card-type I/O card due to error_string.","The Secure Firewall ASA failed to delete the multicast hardware address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR • I2C_HOST_BUSY_ERROR • I2C_UNPOPULATED_ERROR • I2C_SMBUS_UNSUPPORT • I2C_BYTE_COUNT_ERROR • I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114013","114013","Failed to set mac address table in card-type I/O card due to error_string.","%ASA-3-114013: Failed to set mac address table in card-type I/O card due to error_string.","The Secure Firewall ASA failed to set the MAC address table in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114014","114014","Failed to set mac address in card-type I/O card due to error_string.","%ASA-3-114014: Failed to set mac address in card-type I/O card due to error_string.","The Secure Firewall ASA failed to set the MAC address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114015","114015","Failed to set mode in card-type I/O card due to error_string.","%ASA-3-114015: Failed to set mode in card-type I/O card due to error_string.","The Secure Firewall ASA failed to set individual or promiscuous mode in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114016","114016","Failed to set multicast mode in card-type I/O card due to error_string.","%ASA-3-114016: Failed to set multicast mode in card-type I/O card due to error_string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114017","114017","Failed to get link status in card-type I/O card due to error_string.","%ASA-3-114017: Failed to get link status in card-type I/O card due to error_string.","The Secure Firewall ASA failed to obtain link status in a 4GE SSM I/O card because of an I2C serial bus access error or a switch access error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are the I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR","Perform the following steps: 1. Notify the system administrator. 2. Log and review the messages and the errors associated with the event. 3. Reboot the software running on the Secure Firewall ASA. 4. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 5. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114018","114018","Failed to set port speed in card-type I/O card due to error_string.","%ASA-3-114018: Failed to set port speed in card-type I/O card due to error_string.","The Secure Firewall ASA failed to set the port speed in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier • >error_string —An I2C serial bus error or a switch access error, which is a decimal error code. The following are the I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114019","114019","Failed to set media type in card-type I/O card due to error_string.","%ASA-3-114019: Failed to set media type in card-type I/O card due to error_string.","The Secure Firewall ASA failed to set the media type in a 4GE SSM I/O card because of an I2C error or a switch initialization error. • >syslog_id —Message identifier","Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114020","114020","Port link speed is unknown in 4GE_SSM I/O card.","%ASA-3-114020: Port link speed is unknown in 4GE_SSM I/O card.","The Secure Firewall ASA cannot detect the port link speed in a 4GE SSM I/O card.","Perform the following steps: 1. Log and review the messages associated with the event. 2. Reset the 4GE SSM I/O card and observe whether or not the software automatically recovers from the event. 3. If the software does not recover automatically, power cycle the device. When you turn off the power, make sure you wait several seconds before you turn the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-114021","114021","Failed to set multicast address table in 4GE_SSM I/O card due to error.","%ASA-3-114021: Failed to set multicast address table in 4GE_SSM I/O card due to error.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Perform the following steps: 1. Log and review the messages associated with the event. 2. Try to reboot the Secure Firewall ASA. 3. If the software does not recover automatically, power cycle the device. When you turn off the power, make sure you wait several seconds before you turn the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-114022","114022","Failed to pass broadcast traffic in 4GE SSM I/O card due to error_string","%ASA-3-114022: Failed to pass broadcast traffic in 4GE SSM I/O card due to error_string","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Perform the following steps: 1. Log the message and errors surrounding the event. 2. Retrieve the ssm4ge_dump file from the compact flash, and send it to Cisco TAC. 3. Contact Cisco TAC with the information collected in Steps 1 and 2. The 4GE SSM will be automatically reset and recover. Note","3","Error","75","network","general"
+"%ASA-3-114023","114023","Failed to cache/flush mac table in 4GE_SSM I/O card due to error_string.","%ASA-3-114023: Failed to cache/flush mac table in 4GE_SSM I/O card due to error_string.","A failure to cache or flush the MAC table in a 4GE SSM I/O card occurred because of an I2C serial bus access error or a switch access error. This message rarely occurs. • error_string— Either an I2C serial bus error (see the second bullet for possible values) or a switch access error (which is a decimal error code). • I2C serial bus errors are as follows: I2C_BUS_TRANSACTION_ERROR I2C_CHKSUM_ERROR","Perform the following steps: 1. Log the syslog message and the errors surrounding the event. 2. Try to software reboot the Secure Firewall ASA. 3. Power cycle the Secure Firewall ASA. When you turn off the power, make sure that you wait several seconds before powering on again. After you complete steps 1-3, if the problem persists, contact the Cisco TAC and provide the information described in step 1. You may need to RMA the Secure Firewall ASA. Note","3","Error","75","network","general"
+"%ASA-3-115001","115001","Error in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","%ASA-3-115001: Error in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","An error assertion has gone off and is used during development in checked builds only, but never in production builds.","A defect should be filed, the reason for the assertion should be investigated, and the problem fixed.","3","Error","75","network","general"
+"%ASA-3-120010","120010","Call-Home command command to client client failed. Reason: reason.","%ASA-3-120010: Call-Home command command to client client failed. Reason: reason.","The Smart Call Home module notified Smart Call Home clients of certain events through the callback function. If the client does not interpret the command correctly, does not understand the command, or cannot process the command, an error will be returned. • command— ENABLE, DISABLE, or READY • client —The name of the Smart Call Home client • reason —The reason for failure","Turn on debugging by entering the debug sch fail command to obtain more detailed debugging information.","3","Error","75","network","general"
+"%ASA-3-199015","199015","syslog","%ASA-3-199015: syslog","A variable syslog was generated by an assistive process. • syslog—The error syslog passed verbatim from an external process. Example of syslog messages generated: These logs do not indicate any issues. They are populated only to provide information. Note • port-manager: PHYREG debug list for if_index = value is empty • port-manager: mrvlGetEpmPhyPortNumfromSlotInterfaceAggrPort finding interfaceName = Ethernet 1/5 • port-manager: mrvlGetEpmPhyPortNumfromSlotInterfaceAggrPort: portNum was not found for slot 0 port = port interfaceName = Ethernet 1/16 • port-manager: mrvlGetPortNumFromSrcId: port was not found for src_id number","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-4-105505","105505","(Primary|Secondary) Failed to connect to peer unit peer-ip:port","%ASA-4-105505: (Primary|Secondary) Failed to connect to peer unit peer-ip:port","This HA unit has failed to establish communication with its HA peer.","This may occur if there is no HA peer present. If there is an HA peer present with failover enabled there could be connectivity issue between peers. Verify using the show failover command that: • The peer IP address configured on each unit is matches an interface IP address on the peer • The peer port number on each unit matches the failover control (server) port on the peer • The interfaces used for the peer connection are not shutdown • Any IP routes required for IP connectivity are present","4","Warning","65","network","general"
+"%ASA-4-105524","105524","(Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit","%ASA-4-105524: (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit","Another Active HA unit was detected, transitioning unit to negotiating state.","None required","4","Warning","5","network","general"
+"%ASA-4-105553","105553","(Primary|Secondary) Detected another Active HA unit","%ASA-4-105553: (Primary|Secondary) Detected another Active HA unit","Another Active HA unit was detected.","None required","4","Warning","5","network","general"
+"%ASA-4-106023","106023","Deny interface_name by access-group ""source_address"" [source_port, idfw_user]","%ASA-4-106023: Deny interface_name by access-group ""source_address"" [source_port, idfw_user]","A real IP packet was denied by the ACL. This message appears even if you do not have the log option enabled for an ACL. The IP address is the real IP address instead of the values that display through NAT. Both user identity information and FQDN information is provided for the IP addresses if a matched one is found. The Secure Firewall ASA logs either identity information (domain\user) or FQDN (if the username is not available). If the identity information or FQDN is available, the Secure Firewall ASA logs this information for both the source and destination.","If messages persist from the same source address, a footprinting or port scanning attempt might be occurring. Contact the remote host administrator.","4","Warning","65","access_control","acl"
+"%ASA-4-106027","106027","Deny int_type src src_address:src_mac dst dst_address:dest_mac by access-group ""access-list name"".","%ASA-4-106027: Deny int_type src src_address:src_mac dst dst_address:dest_mac by access-group ""access-list name"".","An non IP packet was denied by the ACL. This message is displayed even if you do not have the log option enabled for an extended ACL.","If messages persist from the same source address, it might indicate a foot-printing or port-scanning attempt. Contact the remote host administrator.","4","Warning","65","access_control","acl"
+"%ASA-4-106103","106103","access-list acl_ID denied protocol for user 'username' source_address/source_port_interface_name(interface_name) -&gt; dest_address/dest_port(interface_name) hit-cnt sg_info number [string, number]","%ASA-4-106103: access-list acl_ID denied protocol for user 'username' source_address/source_port_interface_name(interface_name) -&gt; dest_address/dest_port(interface_name) hit-cnt sg_info number [string, number]","A packet was denied by an access-list that was applied through a VPN filter. This message is the VPN/AAA filter equivalent of message106023.","None required.","4","Warning","65","access_control","acl"
+"%ASA-4-108004","108004","action_class:action ESMTP req_resp from src_ifc:sip/sport to dest_ifc:dip/dport; further_info","%ASA-4-108004: action_class:action ESMTP req_resp from src_ifc:sip/sport to dest_ifc:dip/dport; further_info","An ESMTP classification is performed on an ESMTP message, and the specified criteria are satisfied. The configured action is taken. • action_class—The class of action: ESMTP Classification for ESMTP match commands; ESMTP Parameter for parameter commands • action—Action taken: Dropped, Dropped connection for, Reset connection for, or Masked header flags for • req_resp—Request or Response • src_ifc—Source interface name • sip|sport—Source IP address or source port • dest_ifc—Destination interface name • dip|dport—Destination IP address or destination port • further info—One of the following: For a single match command: matched Class id : match_command (for example, matched Class 1234: match body length 100). For parameter commands: parameter-command : descriptive-message (for example, mail-relay: No Mail Relay allowed)","None required.","4","Warning","65","network","general"
+"%ASA-4-109017","109017","User at IP_address exceeded auth proxy connection limit (max limit)","%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max limit)","A user has exceeded the user authentication proxy limit, and has opened too many connections to the proxy.","Increase the proxy limit by entering the proxy-limit proxy_limit command, or ask the user to close unused connections. If the error persists, it may indicate a possible DoS attack.","4","Warning","75","authentication","aaa"
+"%ASA-4-109022","109022","HTTPS proxy resource limit reached.","%ASA-4-109022: HTTPS proxy resource limit reached.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","None required.","4","Warning","5","authentication","aaa"
+"%ASA-4-109027","109027","[ aaa_protocol ] Unable to decipher response message Server = server_IP_address, User = user","%ASA-4-109027: [ aaa_protocol ] Unable to decipher response message Server = server_IP_address, User = user","The response from the AAA server cannot be validated. The configured server key is probably incorrect. This message may be displayed during transactions with RADIUS or TACACS+ servers. The server_IP_address is the IP address of the relevant AAA server. The user is the user name associated with the connection.","Verify that the server key, configured using the aaa-server command, is correct.","4","Warning","65","authentication","aaa"
+"%ASA-4-109028","109028","aaa bypassed for same-security traffic from ingress_interface:source_address/source_port to egress_interface:dest_address/dest_port","%ASA-4-109028: aaa bypassed for same-security traffic from ingress_interface:source_address/source_port to egress_interface:dest_address/dest_port","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","None required.","4","Warning","5","authentication","aaa"
+"%ASA-4-109030","109030","Autodetect ACL convert wildcard did not convert ACL access_list_source dest netmask netmask","%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list_source dest netmask netmask","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Check the access list netmask on the RADIUS server for the wildcard configuration. If the netmask is supposed to be a wildcard, and if all access list netmasks on that server are wildcards, then use the wildcard setting for acl-netmask-convert for the AAA server. Otherwise, change the netmask to a normal netmask or to a wildcard netmask that does not contain holes (that is, where the netmask presents consecutive binary 1s. For example, 00000000.00000000.00011111.11111111 or hex 0.0.31.255). If the mask is supposed to be normal and all access list netmasks on that server are normal, then use the normal setting for acl-netmask-convert for the AAA server.","4","Warning","45","authentication","aaa"
+"%ASA-4-109031","109031","NT Domain Authentication Failed: rejecting guest login for username .","%ASA-4-109031: NT Domain Authentication Failed: rejecting guest login for username .","A user has tried to authenticate to an NT domain that was configured for guest account access and the username is not a valid username on the NT server. The connection is denied.","If the user is a valid user, add an account to the NT server. If the user is not allowed access, no action is required.","4","Warning","75","authentication","aaa"
+"%ASA-4-109033","109033","Authentication failed for admin user user from src_IP. Interactive challenge processing is not supported for protocol","%ASA-4-109033: Authentication failed for admin user user from src_IP. Interactive challenge processing is not supported for protocol","AAA challenge processing was triggered during authentication of an administrative connection, but the Secure Firewall ASA cannot initiate interactive challenge processing with the client application. When this occurs, the authentication attempt will be rejected and the connection denied. • user —The name of the user being authenticated • src_IP —The IP address of the client host • protocol —The client connection protocol (SSH v1 or administrative HTTP)","Reconfigure AAA so that challenge processing does not occur for these connection types. This generally means to avoid authenticating these connection types to RSA SecurID servers or to any token-based AAA server via RADIUS.","4","Warning","85","authentication","aaa"
+"%ASA-4-109034","109034","Authentication failed for network user user from src_IP/port to dst_IP/port. Interactive challenge processing is not supported for protocol connections","%ASA-4-109034: Authentication failed for network user user from src_IP/port to dst_IP/port. Interactive challenge processing is not supported for protocol connections","AAA challenge processing was triggered during authentication of a network connection, but the Secure Firewall ASA cannot initiate interactive challenge processing with the client application. When this occurs, the authentication attempt will be rejected and the connection denied. • user —The name of the user being authenticated • src_IP/port —The IP address and port of the client host • dst_IP/port —The IP address and port of the server to which the client is attempting to connect • protocol —The client connection protocol (for example, FTP)","Reconfigure AAA so that challenge processing does not occur for these connection types. This generally means to avoid authenticating these connection types to RSA SecurID servers or to any token-based AAA server via RADIUS.","4","Warning","85","authentication","aaa"
+"%ASA-4-109040","109040","User at IP exceeded auth proxy rate limit of 10 connections/sec","%ASA-4-109040: User at IP exceeded auth proxy rate limit of 10 connections/sec","A connection attempt has been rejected because the ASA has detected a high frequency of HTTPS authentication requests from the same host. • IP —The IP address of the host from which the connection was initiated","Limit the number of cut-through proxy authentication attempts from users.","4","Warning","55","authentication","aaa"
+"%ASA-4-109102","109102","Received CoA action-type from coa-source-ip, but cannot find named session audit-session-id.","%ASA-4-109102: Received CoA action-type from coa-source-ip, but cannot find named session audit-session-id.","The Secure Firewall ASA has received a valid change of authorization request, but the session ID specified in the request does not match any active sessions on the Secure Firewall ASA. This could be the","None required.","4","Warning","5","authentication","aaa"
+"%ASA-4-113019","113019","Group = group, Username = username, IP = peer_address, Session disconnected. Session Type: type, Duration: duration, Bytes xmt: count, Bytes rcv: count, Reason: reason","%ASA-4-113019: Group = group, Username = username, IP = peer_address, Session disconnected. Session Type: type, Duration: duration, Bytes xmt: count, Bytes rcv: count, Reason: reason","An indication of when and why the longest idle user is disconnected.","Unless the reason indicates a problem, then no action is required.","4","Warning","45","network","general"
+"%ASA-4-113026","113026","Error error while executing Lua script for group tunnel_group","%ASA-4-113026: Error error while executing Lua script for group tunnel_group","An error occurred while extracting a username from the client certificate for use in AAA. This message is only generated when the username-from-certificate use-script option is enabled. • error —Error string returned from the Lua environment • tunnel group —The tunnel group attempting to extract a username from a certificate","Examine the script being used by the username-from-certificate use-script option for errors.","4","Warning","45","network","general"
+"%ASA-4-113029","113029","Group group User user IP ipaddr Session could not be established: session limit of num reached.","%ASA-4-113029: Group group User user IP ipaddr Session could not be established: session limit of num reached.","The user session cannot be established because the current number of sessions exceeds the maximum session load.","Increase the configured limit, if possible, to create a load-balanced cluster.","4","Warning","45","network","general"
+"%ASA-4-113030","113030","Group group User user IP ipaddr User ACL acl from AAA doesn't exist on the device, terminating connection.","%ASA-4-113030: Group group User user IP ipaddr User ACL acl from AAA doesn't exist on the device, terminating connection.","The specified ACL was not found on the Secure Firewall ASA. • group—The name of the group • user—The name of the user • ipaddr—The IP address • acl—The name of the ACL","Modify the configuration to add the specified ACL or to correct the ACL name.","4","Warning","45","network","general"
+"%ASA-4-113031","113031","Group group User user IP ipaddr AnyConnect 'vpn-filter filter' is an IPv6 ACL; ACL not applied.","%ASA-4-113031: Group group User user IP ipaddr AnyConnect 'vpn-filter filter' is an IPv6 ACL; ACL not applied.","The type of ACL to be applied is incorrect. An IPv6 ACL has been configured as an IPv4 ACL through the vpn-filter command. • group —The group policy name of the user • user —The username • ipaddr —The public (not assigned) IP address of the user • filter —The name of the VPN filter","Validate the VPN filter and IPv6 VPN filter configurations on the Secure Firewall ASA, and the filter parameters on the AAA (RADIUS) server. Make sure that the correct type of ACL is specified.","4","Warning","45","network","general"
+"%ASA-4-113032","113032","Group group User user IP ipaddr AnyConnect 'ipv6-vpn-filter filter' is an IPv4 ACL; ACL not applied.","%ASA-4-113032: Group group User user IP ipaddr AnyConnect 'ipv6-vpn-filter filter' is an IPv4 ACL; ACL not applied.","The type of ACL to be applied is incorrect. An IPv4 ACL has been configured as an IPv6 ACL through the ipv6-vpn-filter command. • group —The group policy name of the user • user —The username • ipaddr —The public (not assigned) IP address of the user • filter —The name of the VPN filter","Validate the VPN filter and IPv6 VPN filter configurations on the Secure Firewall ASA and the filter parameters on the AAA (RADIUS) server. Make sure that the correct type of ACL is specified.","4","Warning","45","network","general"
+"%ASA-4-113034","113034","Group group User user IP ipaddr User ACL acl from AAA ignored, AV-PAIR ACL used instead.","%ASA-4-113034: Group group User user IP ipaddr User ACL acl from AAA ignored, AV-PAIR ACL used instead.","The specified ACL was not used because a Cisco AV-PAIR ACL was used. • group—The name of the group • user—The name of the user • ipaddr—The IP address • acl—The name of the ACL","Determine the correct ACL to use and correct the configuration.","4","Warning","45","network","general"
+"%ASA-4-113035","113035","Group &lt;group&gt; User &lt;user&gt; IP &lt;ip_address&gt; Session terminated: AnyConnect not enabled or invalid AnyConnect image on the device_name","%ASA-4-113035: Group &lt;group&gt; User &lt;user&gt; IP &lt;ip_address&gt; Session terminated: AnyConnect not enabled or invalid AnyConnect image on the device_name","The user logged in via the AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The session connection has been terminated. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • iaddrp —The IP address of the user who is trying to connect","Enable the SVC globally using the svc-enable command. Validate the integrity and versions of the SVC images by reloading new images using the svc image command.","4","Warning","75","network","general"
+"%ASA-4-113036","113036","Group group User user IP ipaddr AAA parameter name value invalid.","%ASA-4-113036: Group group User user IP ipaddr AAA parameter name value invalid.","The given parameter has a bad value. The value is not shown because it might be very long. • group—The name of the group • user—The name of the user • ipadddr—The IP address • name—The name of the parameter","Modify the configuration to correct the indicated parameter.","4","Warning","45","network","general"
+"%ASA-4-113038","113038","Group group User user IP ipaddr Unable to create AnyConnect_parent session.","%ASA-4-113038: Group group User user IP ipaddr Unable to create AnyConnect_parent session.","The AnyConnect session was not created for the user in the specified group because of resource issues. For example, the user may have reached the maximum login limit. • group—The name of the group • user—The name of the user • ipadddr—The IP address","None required.","4","Warning","5","network","general"
+"%ASA-4-113040","113040","Group group User user IP ipaddr Terminating the VPN connection attempt from attempted_group. Reason: This connection is group locked to locked_group..","%ASA-4-113040: Group group User user IP ipaddr Terminating the VPN connection attempt from attempted_group. Reason: This connection is group locked to locked_group..","The tunnel group over which the connection is attempted is not the same as the tunnel group set in the group lock. • attempted group —The tunnel group over which the connection came in • locked group —The tunnel group for which the connection is locked or restricted","Check the group-lock value in the group policy or the user attributes.","4","Warning","45","network","general"
+"%ASA-4-113041","113041","Redirect ACL configured for assigned_IP does not exist on the device.","%ASA-4-113041: Redirect ACL configured for assigned_IP does not exist on the device.","An error occurred when the redirect URL was installed and the ACL was received from the ISE, but the redirect ACL does not exist on the Secure Firewall ASA. • assigned IP —The IP address that is assigned to the client","Configure the redirect ACL on the Secure Firewall ASA.","4","Warning","45","network","general"
+"%ASA-4-113042","113042","Non-HTTP connection from src_if:src_ip/src_port to dest_if:dest_ip/dest_port denied by redirect filter; only HTTP connections are supported for redirection.","%ASA-4-113042: Non-HTTP connection from src_if:src_ip/src_port to dest_if:dest_ip/dest_port denied by redirect filter; only HTTP connections are supported for redirection.","For the CoA feature, the redirect ACL filter drops the matching non-HTTP traffic during the redirect processing and provides information about the terminated traffic flow. • src_if , src_ip , src_port —The source interface, IP address, and port of the flow • dest_if , dest_ip , dest_port —The destination interface, IP address, and port of the flow • username —The name of the user • client_IP —The IP address of the client","Validate the redirect ACL configuration on the Secure Firewall ASA. Make sure that the correct filter is used to match the traffic to redirect and does not block the flow that is intended to be allowed through.","4","Warning","65","network","general"
+"%ASA-4-115002","115002","Warning in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","%ASA-4-115002: Warning in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","A warning assertion has gone off and is used during development in checked builds only, but never in production builds. • process name— The name of the process • fiber name —The name of the fiber • component name —The name of the specified component • subcomponent name —The name of the specified subcomponent • filename —The name of the specified file • line number —The line number for the specified line • condition —The specified condition","The reason for the assertion should be investigated and if a problem is found, a defect should be filed, and the problem corrected.","4","Warning","55","network","general"
+"%ASA-4-120004","120004","Call-Home group event title was dropped. Reason: reason","%ASA-4-120004: Call-Home group event title was dropped. Reason: reason","A Smart Call-Home event was dropped. The event may have been dropped because of an internal error, the event queue is full, or the Smart Call-Home module was disabled after the message was generated, but before it was processed. • group —The event group, which can be any of the following: inventory, configuration, diagnostic, environment, snapshot, telemetry, threat, and test. • title —The event title • reason —The drop reason, which can any of the following: Internal Error—Various internal system errors occurred, such as being out of memory or parsing a CLI failed. Queue Full—The number of events reached the configured limit. Cancelled—The event was cancelled because the Smart Call-Home module is disabled.","If the drop reason is Queue Full, try to increase the event queue size and the rate-limit configuration to avoid event queue buildup. If the drop reason is Internal Error, turn on debugging by entering the debug sch fail command to obtain more detailed debugging information.","4","Warning","75","network","general"
+"%ASA-4-120005","120005","Call-Home group message to destination was dropped. Reason: reason","%ASA-4-120005: Call-Home group message to destination was dropped. Reason: reason","A Smart Call-Home message was dropped. The message may have been dropped because of an internal error, a network error, or the Smart Call-Home module was disabled after the message was generated, but before it was delivered. • group —The event group, which can be any of the following: inventory, configuration, diagnostic, environment, snapshot, telemetry, threat, and test. • destination— The e-mail or URL destination • reason —The drop reason, which can any of the following: Internal Error—Various internal system errors occurred. Delivery Failed—The packets cannot be delivered because a network error occurred. Cancelled—The event was cancelled because the Smart Call-Home module is disabled.","If the drop reason is Delivery Failed, the message is dropped after three unsuccessful retransmissions, or because the error is local (such as no route to destination). Search message 120006 for the delivery failure reason, or turn on debugging by entering the debug sch fail command to obtain more detailed debugging information.","4","Warning","75","network","general"
+"%ASA-4-120006","120006","Call-Home group message to destination failed. Reason: reason","%ASA-4-120006: Call-Home group message to destination failed. Reason: reason","An error occurred while the Smart Call Home module tried to deliver a message. The error may be transient. The message is not dropped when message 120006 is generated. The message may be queued for retransmission. The message is only dropped when message 120005 is generated. • group —The event group, which can be any of the following: inventory, configuration, diagnostic, environment, snapshot, telemetry, threat, and test • destination— The e-mail or URL destination • reason —The failure reason","Check the error reason in the message. If the reason is NO_ROUTE, INVALID_ADDRESS, or INVALID_URL, check the system configuration, DNS, and the name setting.","4","Warning","75","network","general"
+"%ASA-4-120011","120011","To ensure Smart Call Home can properly communicate with Cisco, use the command \ to configure at least one DNS server.","%ASA-4-120011: To ensure Smart Call Home can properly communicate with Cisco, use the command \ to configure at least one DNS server.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Once this syslog is generated, run the dns name-server command to configure at least one DNS server. Otherwise, network-local DNS server or Cisco DNS server will be used.","4","Warning","45","network","general"
+"%ASA-4-199016","199016","mm dd HH:MM:SS acpid: input device has been disconnected, fd 4","%ASA-4-199016: mm dd HH:MM:SS acpid: input device has been disconnected, fd 4","A variable syslog was generated by an assistive process. • syslog—The warning syslog passed verbatim from an external process In some instances, the message may appear to be an issue that is internal to the device platform process. For example, in the following message though it indicates to be an internal device issue, it is related to an internal virtual device which is not used on the device platform, and it does not cause any functionality impact.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-5-105500","105500","(Primary|Secondary) Started HA","%ASA-5-105500: (Primary|Secondary) Started HA","Cloud HA has been enabled on this ASA Virtual.","None required.","5","Notification","5","network","general"
+"%ASA-5-105501","105501","(Primary|Secondary) Stopping HA","%ASA-5-105501: (Primary|Secondary) Stopping HA","Cloud HA has been disabled on this ASA Virtual.","None required.","5","Notification","5","network","general"
+"%ASA-5-105503","105503","(Primary|Secondary) Internal state changed from previous_state to new_state","%ASA-5-105503: (Primary|Secondary) Internal state changed from previous_state to new_state","There was a change to the internal HA state.","None required.","5","Notification","5","network","general"
+"%ASA-5-105504","105504","(Primary|Secondary) Connected to peer peer-ip:port","%ASA-5-105504: (Primary|Secondary) Connected to peer peer-ip:port","This HA unit has established communication with its HA peer.","None required.","5","Notification","5","network","general"
+"%ASA-5-105520","105520","(Primary|Secondary) Responding to Azure Load Balancer probes","%ASA-5-105520: (Primary|Secondary) Responding to Azure Load Balancer probes","The Active unit has begun responding to Azure Load Balancer probes.","None required","5","Notification","5","network","general"
+"%ASA-5-105521","105521","(Primary|Secondary) No longer responding to Azure Load Balancer probes","%ASA-5-105521: (Primary|Secondary) No longer responding to Azure Load Balancer probes","The Backup unit has stopped responding to Azure Load Balancer probes.","None required","5","Notification","5","network","general"
+"%ASA-5-105522","105522","(Primary|Secondary) Updating route-table route_table_name","%ASA-5-105522: (Primary|Secondary) Updating route-table route_table_name","The Active unit has started the process of updating an Azure route-table.","None required","5","Notification","5","network","general"
+"%ASA-5-105523","105523","(Primary|Secondary) Updated route-table route_table_name","%ASA-5-105523: (Primary|Secondary) Updated route-table route_table_name","The Active unit has completed the process of updating an Azure route-table.","None required","5","Notification","5","network","general"
+"%ASA-5-105542","105542","(Primary|Secondary) Enabling load balancer probe responses","%ASA-5-105542: (Primary|Secondary) Enabling load balancer probe responses","The Active unit is will now respond to probes from the Azure Load Balancer.","None required.","5","Notification","5","network","general"
+"%ASA-5-105543","105543","(Primary|Secondary) Disabling load balancer probe responses","%ASA-5-105543: (Primary|Secondary) Disabling load balancer probe responses","The Active unit is no longer responding to probes from the Azure Load Balancer.","None required.","5","Notification","5","network","general"
+"%ASA-5-105552","105552","(Primary|Secondary) Stopped HA","%ASA-5-105552: (Primary|Secondary) Stopped HA","Cloud HA has been disabled on this ASA Virtual.","None required.","5","Notification","5","network","general"
+"%ASA-5-109012","109012","Authen Session End: user 'user', sid number, elapsed number seconds","%ASA-5-109012: Authen Session End: user 'user', sid number, elapsed number seconds","The authentication cache has timed out. Users must reauthenticate on their next connection. You can change the duration of this timer with the timeout uauth command.","None required.","5","Notification","5","authentication","aaa"
+"%ASA-5-109029","109029","Parsing downloaded ACL: string","%ASA-5-109029: Parsing downloaded ACL: string","A syntax error occurred while parsing an access list that was downloaded from a RADIUS server during user authentication. • string —An error message detailing the syntax error that prevented the access list from parsing correctly","Use the information presented in this message to identify and correct the syntax error in the access list definition within the RADIUS server configuration.","5","Notification","25","authentication","aaa"
+"%ASA-5-109039","109039","AAA Authentication: Dropping an unsupported IPv6/IP46/IP64 packet from lifc:laddr to fifc:faddr","%ASA-5-109039: AAA Authentication: Dropping an unsupported IPv6/IP46/IP64 packet from lifc:laddr to fifc:faddr","A packet containing IPv6 addresses or IPv4 addresses translated to IPv6 addresses by NAT requires AAA authentication or authorization. AAA authentication and authorization do not support IPv6 addresses. The packet is dropped. • lifc —The ingress interface • laddr —The source IP address","None required.","5","Notification","45","authentication","aaa"
+"%ASA-5-109201","109201","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded adding entry.","%ASA-5-109201: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded adding entry.","When a VPN user is sucessfully added, this message is generated.","None.","5","Notification","25","network","general"
+"%ASA-5-109204","109204","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded applying filter.","%ASA-5-109204: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded applying filter.","This message is generated when the device failed to apply ACL rules for newly created user entry.","None.","5","Notification","35","network","general"
+"%ASA-5-109207","109207","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded updating entry.","%ASA-5-109207: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded updating entry.","This message is generated when the device has successfully applied rules for user on interface.","None.","5","Notification","25","network","general"
+"%ASA-5-109210","109210","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded removing entry.","%ASA-5-109210: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded removing entry.","This message is generated when the device has successfully removed the rules for user during tunnel torn down.","None.","5","Notification","25","network","general"
+"%ASA-5-111001","111001","Begin configuration: IP_address writing to device","%ASA-5-111001: Begin configuration: IP_address writing to device","You have entered the write command to store your configuration on a device (either floppy, flash memory, TFTP, the failover standby unit, or the console terminal). The IP_address indicates whether the login was made at the console port or with a Telnet connection.","None required.","5","Notification","5","network","general"
+"%ASA-5-111002","111002","Begin configuration: ip_address reading from device","%ASA-5-111002: Begin configuration: ip_address reading from device","You have entered the read command to read your configuration from a device (either floppy disk, flash memory, TFTP, the failover standby unit, or the console terminal). The ip_address indicates whether the login was made at the console port or with a Telnet connection.","None required.","5","Notification","5","network","general"
+"%ASA-5-111003","111003","IP_address Erase configuration.","%ASA-5-111003: IP_address Erase configuration.","You have erased the contents of flash memory by entering the write erase command at the console. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.","After erasing the configuration, reconfigure the Secure Firewall ASA and save the new configuration. Alternatively, you can restore information from a configuration that was previously saved, either on a floppy disk or on a TFTP server elsewhere on the network.","5","Notification","35","network","general"
+"%ASA-5-111004","111004","IP_address end configuration: {FAILED|OK}","%ASA-5-111004: IP_address end configuration: {FAILED|OK}","You have entered the config floppy/memory/ network command or the write floppy/memory/network/standby command. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.","None required if the message ends with OK. If the message indicates a failure, try to fix the problem. For example, if writing to a floppy disk, ensure that the floppy disk is not write protected; if writing to a TFTP server, ensure that the server is up.","5","Notification","5","network","general"
+"%ASA-5-111005","111005","IP_address end configuration: OK","%ASA-5-111005: IP_address end configuration: OK","You have exited the configuration mode. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.","None required.","5","Notification","5","network","general"
+"%ASA-5-111007","111007","Begin configuration: IP_address reading from device","%ASA-5-111007: Begin configuration: IP_address reading from device","You have entered the reload or configure command to read in a configuration. The device text can be floppy, memory, net, standby, or terminal. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.","None required.","5","Notification","45","network","general"
+"%ASA-5-111008","111008","User 'user' executed the 'string' command.","%ASA-5-111008: User 'user' executed the 'string' command.","The user entered any command, with the exception of a show command.","None required. There is an exception for this syslog ID. Syslogs will be seen in logging <destination> even though global syslog is disabled. Note","5","Notification","5","network","general"
+"%ASA-5-111010","111010","User 'username', running 'application-name' from IP ip_addr, executed 'cmd'","%ASA-5-111010: User 'username', running 'application-name' from IP ip_addr, executed 'cmd'","A user made a configuration change. • username —The user making the configuration change • application-name —The application that the user is running • ip addr —The IP address of the management station • cmd —The command that the user has executed","None required. There is an exception for this syslog ID. Syslogs will be seen in logging <destination> even though global syslog is disabled. Note","5","Notification","5","network","general"
+"%ASA-5-113024","113024","Group tg: Authenticating type connection from ip with username, user_name, from client certificate","%ASA-5-113024: Group tg: Authenticating type connection from ip with username, user_name, from client certificate","The prefill username feature overrides the username with one derived from the client certificate for use in AAA. • tg —The tunnel group • type —The type of connection (ssl-client or clientless) • ip —The IP address of the connecting user • user_name —The name extracted from the client certificate for use in AAA","None required.","5","Notification","5","network","general"
+"%ASA-5-113025","113025","Group tg: fields Could not authenticate connection_type connection from ip","%ASA-5-113025: Group tg: fields Could not authenticate connection_type connection from ip","A username cannot be successfully extracted from the certificate. • tg —The tunnel group • fields —The DN fields being searched for • connection type —The type of connection (SSL client or clientless) • ip —The IP address of the connecting user","The administrator should check that the authentication aaa certificate, ssl certificate-authentication, and authorization-dn-attributes keywords have been set correctly.","5","Notification","25","network","general"
+"%ASA-5-120001","120001","Call-Home Module started.","%ASA-5-120001: Call-Home Module started.","The Smart Call-Home module started successfully after system bootup and failover in a stable state, and is ready to process Smart-Call Home events.","None required.","5","Notification","5","network","general"
+"%ASA-5-120002","120002","Call-Home Module terminated.","%ASA-5-120002: Call-Home Module terminated.","When the Smart Call-Home module is disabled, it is then terminated.","None required.","5","Notification","5","network","general"
+"%ASA-5-120008","120008","Call-Home client client was activated.","%ASA-5-120008: Call-Home client client was activated.","The Smart Call Home module is enabled, an event group is also enabled, and that event group is subscribed to by at least one active profile. If these conditions are met, then all clients of that group will be activated. • client —The name of the Smart Call Home client","None required.","5","Notification","5","network","general"
+"%ASA-5-120009","120009","Call-Home client client was deactivated.","%ASA-5-120009: Call-Home client client was deactivated.","The Smart Call Home module is disabled, an event group is enabled, or an event group is no longer subscribed to by any active profile. If these conditions are met, clients of that event group will be deactivated. • client —The name of the Smart Call Home client","None required.","5","Notification","5","network","general"
+"%ASA-5-120012","120012","User ""username"" chose to choice call-home anonymous reporting at the prompt.","%ASA-5-120012: User ""username"" chose to choice call-home anonymous reporting at the prompt.","The administrator was notified that a user has responded to the Smart Call Home prompt to enable, disable, or postpone anonymous reporting. • username —The user who responded to the prompt • choice —The available entries are enable, disable, or postpone","To enable anonymous reporting in the future, enter the call-home reporting anonymous command. To disable anonymous reporting, enter the no call-home reporting anonymous command.","5","Notification","25","network","general"
+"%ASA-5-121001","121001","msgId 1. Telemetry support on the chassis: disabled","%ASA-5-121001: msgId 1. Telemetry support on the chassis: disabled","Whenever telemetry support is enabled or disabled on the chassis, this message is displayed. • id—The message identifier as in the appAG-appAgent message • status— The available values are enabled or disabled Example","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-5-121002","121002","Telemetry support on the blade: enabled %ASA-5-121002: Telemetry support on the blade: disabled","%ASA-5-121002: Telemetry support on the blade: enabled %ASA-5-121002: Telemetry support on the blade: disabled","Whenever telemetry support is enabled or disabled on the blade, this message is displayed. • status—The available entries are enable or disable Example","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-5-199001","199001","Reloaded at time by user. Reload reason: reload reason","%ASA-5-199001: Reloaded at time by user. Reload reason: reload reason","The address of the host that is initiating an Secure Firewall ASA reboot with the reload command has been recorded.","None required.","5","Notification","45","network","general"
+"%ASA-5-199017","199017","syslog","%ASA-5-199017: syslog","A variable syslog was generated by an assistive process. • syslog—The notification syslog passed verbatim from an external process","None required.","5","Notification","5","network","general"
+"%ASA-5-199027","199027","Restore operation was aborted at &lt;HH:MM:SS&gt;UTC&lt;DD:MM:YY&gt;.","%ASA-5-199027: Restore operation was aborted at &lt;HH:MM:SS&gt;UTC&lt;DD:MM:YY&gt;.","This message indicates that the backup restoration failed while using the 'restore' command.","","5","Notification","35","network","general"
+"%ASA-6-106012","106012","Deny IP from IP_address to IP_address, IP options: ""hex""","%ASA-6-106012: Deny IP from IP_address to IP_address, IP options: ""hex""","An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.","Contact the remote host system administrator to determine the problem. Check the local site for loose source routing or strict source routing.","6","Informational","35","access_control","acl"
+"%ASA-6-106015","106015","Deny TCP (no connection) from IP_address /port to IP_address /port flags tcp_flags on interface interface_name.","%ASA-6-106015: Deny TCP (no connection) from IP_address /port to IP_address /port flags tcp_flags on interface interface_name.","The Secure Firewall ASA discarded a TCP packet that has no associated connection in the Secure Firewall ASA connection table. The Secure Firewall ASA looks for a SYN flag in the packet, which","None required unless the Secure Firewall ASA receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.","6","Informational","45","access_control","acl"
+"%ASA-6-106025","106025","Failed to determine security context for packet: vlansource Vlan src source_address/source_port dest dest_address/dest_port_protocol","%ASA-6-106025: Failed to determine security context for packet: vlansource Vlan src source_address/source_port dest dest_address/dest_port_protocol","The security context of the packet in multiple context mode cannot be determined. Both messages can be generated for IP packets being dropped in either router and transparent mode.","None required.","6","Informational","45","access_control","acl"
+"%ASA-6-106026","106026","Failed to determine security context for packet: source_vlan src source_address/source_port dest dest_address/dest_port_protocol","%ASA-6-106026: Failed to determine security context for packet: source_vlan src source_address/source_port dest dest_address/dest_port_protocol","The security context of the packet in multiple context mode cannot be determined. Both messages can be generated for IP packets being dropped in either router and transparent mode.","None required.","6","Informational","45","access_control","acl"
+"%ASA-6-106100","106100","access-list acl_ID protocol interface_name source_address/source_port(idfw_user)sg_info -&gt; interface_name/dest_address(dest_port)idfw_user hit-cnt sg_info number [string, number]","%ASA-6-106100: access-list acl_ID protocol interface_name source_address/source_port(idfw_user)sg_info -&gt; interface_name/dest_address(dest_port)idfw_user hit-cnt sg_info number [string, number]","The initial occurrence or the total number of occurrences during an interval are listed. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level. When an access-list line has the log argument, it is expected that this message ID might be triggered because of a nonsynchronized packet reaching the Secure Firewall ASA and being evaluated by the access list. For example, if an ACK packet is received on the Secure Firewall ASA (for which no TCP connection exists in the connection table), the Secure Firewall ASA might generate message 106100, indicating that the packet was permitted; however, the packet is later correctly dropped because of no matching connection. The following list describes the message values: • permitted | denied | est-allowed—These values specify if the packet was permitted or denied by the ACL. If the value is est-allowed, the packet was denied by the ACL but was allowed for an already established session (for example, an internal user is allowed to accesss the Internet, and responding packets that would normally be denied by the ACL are accepted). • protocol —TCP, UDP, ICMP, or an IP protocol number. • interface_name —The interface name for the source or destination of the logged flow. The VLAN interfaces are supported. • source_address —The source IP address of the logged flow. The IP address is the real IP address instead of the values that display through NAT. • dest_address —The destination IP address of the logged flow. The IP address is the real IP address instead of the values that display through NAT. • source_port —The source port of the logged flow (TCP or UDP). For ICMP, the number after the source port is the message type. • idfw_user— The user identity username, including the domain name that is added to the existing syslog when the Secure Firewall ASA can find the username for the IP address. • sg_info— The security group tag that is added to the syslog when the Secure Firewall ASA can find a security group tag for the IP address. The security group name is displayed with the security group tag, if available. • dest_port —The destination port of the logged flow (TCP or UDP). For ICMP, the number after the destination port is the ICMP message code, which is available for some message types. For type 8, it is always 0. For a list of ICMP message types, see the following URL: http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml. • hit-cnt number —The number of times this flow was permitted or denied by this ACL entry in the configured time interval. The value is 1 when the Secure Firewall ASA generates the first message for this flow. • first hit—The first message generated for this flow. • number -second interval—The interval in which the hit count is accumulated. Set this interval using the access-list command with the interval option. • hash codes—Two are always printed for the object group ACE and the constituent regular ACE. Values are determined on which ACE that the packet hit. To display these hash codes, enter the show-access list command.","None required.","6","Informational","35","access_control","acl"
+"%ASA-6-106102","106102","access-list acl_ID {permitted | denied} protocol for user username","%ASA-6-106102: access-list acl_ID {permitted | denied} protocol for user username","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","35","access_control","acl"
+"%ASA-6-108005","108005","action_class:Received ESMTP req_resp from src_ifc:sip/sport to dest_ifc:dip/dport; further_info","%ASA-6-108005: action_class:Received ESMTP req_resp from src_ifc:sip/sport to dest_ifc:dip/dport; further_info","An ESMTP classification is performed on an ESMTP message, and the specified criteria are satisfied. The standalone log action is taken. • action_class—The class of action: ESMTP Classification for ESMTP match commands; ESMTP Parameter for parameter commands • req_resp—Request or Response • src_ifc—Source interface name • sip|sport—Source IP address or source port • dest_ifc—Destination interface name • dip|dport—Destination IP address or destination port • further info—One of the following: For a single match command: matched Class id : match_command (for example, matched Class 1234: match body length 100) For parameter commands (commands under the parameter section): parameter-command : descriptive-message (for example, mail-relay: No Mail Relay allowed)","None required.","6","Informational","5","network","general"
+"%ASA-6-108007","108007","TLS started on ESMTP session between client client-side_interface-name:client_IP_address/client_port and server server-side_interface-name:server_IP_address/server_port","%ASA-6-108007: TLS started on ESMTP session between client client-side_interface-name:client_IP_address/client_port and server server-side_interface-name:server_IP_address/server_port","On an ESMTP connection, the server has responded with a 220 reply code to the client STARTTLS command. The ESMTP inspection engine no longer inspects the traffic on this connection. • client-side interface-name —The name for the interface that faces the client side • client IP address —The IP address of the client","Log and review the message. Check whether the ESMTP policy map associated with this connection has the allow-tls action log setting. If not, contact the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-6-109001","109001","Auth start for user 'user' from inside_address/inside_port to outside_address/outside_port","%ASA-6-109001: Auth start for user 'user' from inside_address/inside_port to outside_address/outside_port","The ASA is configured for AAA and detects an authentication request by the specified user.","None required.","6","Informational","5","authentication","aaa"
+"%ASA-6-109002","109002","Auth from inside_address/inside_port to outside_address/outside_port failed (server IP_address failed) on interface interface_name","%ASA-6-109002: Auth from inside_address/inside_port to outside_address/outside_port failed (server IP_address failed) on interface interface_name","An authentication request failed because the specified authentication server cannot be contacted by the module.","Check that the authentication daemon is running on the specified authentication server.","6","Informational","25","authentication","aaa"
+"%ASA-6-109003","109003","Auth from inside_address/inside_port to outside_address/outside_port failed (all servers failed) on interface interface_name","%ASA-6-109003: Auth from inside_address/inside_port to outside_address/outside_port failed (all servers failed) on interface interface_name","No authentication server can be found.","Ping the authentication servers from the ASA. Make sure that the daemons are running.","6","Informational","15","authentication","aaa"
+"%ASA-6-109005","109005","Authentication succeeded for user 'user' from inside_address/inside_port to outside_address/outside_port on interface interface_name","%ASA-6-109005: Authentication succeeded for user 'user' from inside_address/inside_port to outside_address/outside_port on interface interface_name","The specified authentication request succeeded.","None required.","6","Informational","5","authentication","aaa"
+"%ASA-6-109006","109006","Authentication failed for user 'user' from inside_address/inside_port to outside_address/outside_port on interface interface_name","%ASA-6-109006: Authentication failed for user 'user' from inside_address/inside_port to outside_address/outside_port on interface interface_name","The specified authentication request failed, possibly because of an incorrect password. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.","None required.","6","Informational","45","authentication","aaa"
+"%ASA-6-109007","109007","Authorization permitted for user 'user' from inside_address/inside_port to outside_address/outside_port on interface interface_name","%ASA-6-109007: Authorization permitted for user 'user' from inside_address/inside_port to outside_address/outside_port on interface interface_name","The specified authorization request succeeded.","None required.","6","Informational","5","authentication","aaa"
+"%ASA-6-109008","109008","Authorization denied for user 'user' from outside_address/outside_port to inside_address/inside_port on interface interface_name","%ASA-6-109008: Authorization denied for user 'user' from outside_address/outside_port to inside_address/inside_port on interface interface_name","A user is not authorized to access the specified address, possibly because of an incorrect password.","None required.","6","Informational","35","authentication","aaa"
+"%ASA-6-109024","109024","Authorization denied from source_address/source_port to dest_address/dest_port (not authenticated) on interface interface_name using protocol to","%ASA-6-109024: Authorization denied from source_address/source_port to dest_address/dest_port (not authenticated) on interface interface_name using protocol to","The ASA is configured for AAA and a user attempted to make a TCP connection across the ASA without prior authentication.","None required.","6","Informational","35","authentication","aaa"
+"%ASA-6-109025","109025","Authorization denied (acl=acl_ID) for user 'user' from source_address/source_port to dest_address/dest_port on interface interface_name using protocol","%ASA-6-109025: Authorization denied (acl=acl_ID) for user 'user' from source_address/source_port to dest_address/dest_port on interface interface_name using protocol","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","None required.","6","Informational","35","authentication","aaa"
+"%ASA-6-109036","109036","Exceeded 1000 attribute values for the attribute_name attribute for user username","%ASA-6-109036: Exceeded 1000 attribute values for the attribute_name attribute for user username","The LDAP response message contains an attribute that has more than 1000 values. • attribute_name —The LDAP attribute name • username —The username at login","None required.","6","Informational","5","authentication","aaa"
+"%ASA-6-109100","109100","Received CoA update from coa-source-ip for user ""username"", with session ID audit-session-id, changing authorization attributes.","%ASA-6-109100: Received CoA update from coa-source-ip for user ""username"", with session ID audit-session-id, changing authorization attributes.","The Secure Firewall ASA has successfully processed the CoA policy update request from coa-source-ip for user username with session id audit-session-id . This syslog message is generated after a change of authorization policy update has been received by the Secure Firewall ASA, validated and applied. In a non-error case, this is the only syslog message that is generated when a change of authorization is received and processed. • coa-source-ip —Originating IP address of the change of authorization request • username —User whose session is being changed • audit-session-id —The global ID of the session being modified","None required.","6","Informational","5","authentication","aaa"
+"%ASA-6-109101","109101","Received CoA disconnect request from coa-source-ip for user ""username"", with session ID: audit-session-id.","%ASA-6-109101: Received CoA disconnect request from coa-source-ip for user ""username"", with session ID: audit-session-id.","The Secure Firewall ASA has received a correctly formatted Disconnect-Request for an active VPN session and has successfully terminated the connection. • coa-source-ip —Originating IP address of the change of authorization request • username —User whose session is being changed • audit-session-id —The global ID of the session being modified","None required.","6","Informational","5","authentication","aaa"
+"%ASA-6-109202","109202","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded incrementing entry use","%ASA-6-109202: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded incrementing entry use","The VPN user account already exists and successfully incremented the reference count.","None.","6","Informational","15","network","general"
+"%ASA-6-109211","109211","UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded decrementing entry use.","%ASA-6-109211: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded decrementing entry use.","This message is generated when the reference count decremented successfully after tunnel removal.","None.","6","Informational","15","network","general"
+"%ASA-6-110002","110002","Failed to locate egress interface for protocol from src_interface:src_ip/src_port to dest_ip/dest_port","%ASA-6-110002: Failed to locate egress interface for protocol from src_interface:src_ip/src_port to dest_ip/dest_port","An error occurred when the Secure Firewall ASA tried to find the interface through which to send the packet. • protocol —The protocol of the packet • src_interface —The interface from which the packet was received • src_ip —The source IP address of the packet • src_port —The source port number • dest_ip —The destination IP address of the packet • dest_port —The destination port number","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.","6","Informational","25","network","general"
+"%ASA-6-110003","110003","Routing failed to locate next hop for protocol from src_interface:src_ip/src_port to dest_interface:dest_ip/dest_port","%ASA-6-110003: Routing failed to locate next hop for protocol from src_interface:src_ip/src_port to dest_interface:dest_ip/dest_port","An error occurred when the Secure Firewall ASA tried to find the next hop on an interface routing table. • protocol —The protocol of the packet • src_interface —The interface from which the packet was received","Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC. During debugging, use the show asp table routing command to view the routing table details.","6","Informational","25","network","general"
+"%ASA-6-110004","110004","Egress interface changed from old_active_ifc to new_active_ifc on ip_protocol connection conn_id for outside_zone/parent_outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_zone/parent_inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)","%ASA-6-110004: Egress interface changed from old_active_ifc to new_active_ifc on ip_protocol connection conn_id for outside_zone/parent_outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_zone/parent_inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)","A flow changed on the egress interface.","None required.","6","Informational","5","network","general"
+"%ASA-6-110005","110005","Routing failed to locate next hop for protocol from interface:address/port to interface:address/port","%ASA-6-110005: Routing failed to locate next hop for protocol from interface:address/port to interface:address/port","A flow not found during output route lookup.","None.","6","Informational","25","network","general"
+"%ASA-6-113003","113003","AAA group policy for user user is being set to policy_name","%ASA-6-113003: AAA group policy for user user is being set to policy_name","The group policy that is associated with the tunnel group is being overridden with a user-specific policy, policy_name . The policy_name is specified using the username command when LOCAL authentication is configured or is returned in the RADIUS CLASS attribute when RADIUS authentication is configured.","None required.","6","Informational","5","network","general"
+"%ASA-6-113004","113004","AAA user aaa_type Successful : server = server_IP_address : user = user","%ASA-6-113004: AAA user aaa_type Successful : server = server_IP_address : user = user","The AAA operation on an IPsec or WebVPN connection has been completed successfully. The AAA types are authentication, authorization, or accounting. The server_IP_address is the IP address of the relevant AAA server. The user is the user name associated with the connection.","None required.","6","Informational","5","network","general"
+"%ASA-6-113005","113005","AAA user authorization Rejected : reason = reason : server = ip_address : user =user_name : user IP = ip_address","%ASA-6-113005: AAA user authorization Rejected : reason = reason : server = ip_address : user =user_name : user IP = ip_address","The AAA authorization on a connection has failed. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.","Retry the authorization.","6","Informational","25","network","general"
+"%ASA-6-113006","113006","User 'user' locked out on exceeding 'number' successive failed authentication attempts","%ASA-6-113006: User 'user' locked out on exceeding 'number' successive failed authentication attempts","A locally configured user is being locked out. This happens when a configured number of consecutive authentication failures have occurred for this user and indicates that all future authentication attempts by this user will be rejected until an administrator unlocks the user using the clear aaa local user lockout command. The user is the user that is now locked, and the number is the consecutive failure threshold configured using the aaa local authentication attempts max-fail command.","Try unlocking the user using the clear_aaa_local_user_lockout command or adjusting the maximum number of consecutive authentication failures that are tolerated.","6","Informational","25","network","general"
+"%ASA-6-113007","113007","User 'user' unlocked by 'administrator'","%ASA-6-113007: User 'user' unlocked by 'administrator'","A locally configured user that was locked out after exceeding the maximum number of consecutive authentication failures set by using the aaa local authentication attempts max-fail command has been unlocked by the indicated administrator.","None required.","6","Informational","5","network","general"
+"%ASA-6-113008","113008","AAA transaction status ACCEPT : user = user","%ASA-6-113008: AAA transaction status ACCEPT : user = user","The AAA transaction for a user associated with an IPsec or WebVPN connection was completed successfully. The user is the username associated with the connection.","None required.","6","Informational","5","network","general"
+"%ASA-6-113009","113009","AAA retrieved default group policy (policy) for user = username","%ASA-6-113009: AAA retrieved default group policy (policy) for user = username","The authentication or authorization of an IPsec or WebVPN connection has occurred. The attributes of the group policy that were specified with the tunnel-group or webvpn commands have been retrieved.","None required.","6","Informational","5","network","general"
+"%ASA-6-113010","113010","AAA challenge received for user user from server server_IP_address.","%ASA-6-113010: AAA challenge received for user user from server server_IP_address.","The authentication of an IPsec connection has occurred with a SecurID server. The user will be prompted to provide further information before being authenticated. • user—The username associated with the connection • server _IP_address—The IP address of the relevant AAA server","None required.","6","Informational","5","network","general"
+"%ASA-6-113011","113011","AAA retrieved user specific group policy (policy) for user = user","%ASA-6-113011: AAA retrieved user specific group policy (policy) for user = user","The authentication or authorization of an IPsec or WebVPN connection has occurred. The attributes of the group policy that was specified with the tunnel-group or webvpn commands have been retrieved.","None required.","6","Informational","5","network","general"
+"%ASA-6-113012","113012","AAA user authentication Successful : local database : user = user","%ASA-6-113012: AAA user authentication Successful : local database : user = user","The user associated with a IPsec or WebVPN connection has been successfully authenticated to the local user database. • user—The username associated with the connection","None required.","6","Informational","5","network","general"
+"%ASA-6-113013","113013","AAA unable to complete the request Error : reason = reason : user = user","%ASA-6-113013: AAA unable to complete the request Error : reason = reason : user = user","The AAA transaction for a user associated with an IPsec or WebVPN connection has failed because of an error or has been rejected because of a policy violation. • reason—The reason details • user—The username associated with the connection","None required.","6","Informational","5","network","general"
+"%ASA-6-113014","113014","AAA authentication server not accessible : server = server_IP_address : user = user","%ASA-6-113014: AAA authentication server not accessible : server = server_IP_address : user = user","The device was unable to communicate with the configured AAA server during the AAA transaction associated with an IPsec or WebVPN connection. This may or may not result in a failure of the user connection attempt depending on the backup servers configured in the aaa-server group and the availability of those servers. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.","Verify connectivity with the configured AAA servers.","6","Informational","35","network","general"
+"%ASA-6-113015","113015","AAA user authentication Rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx","%ASA-6-113015: AAA user authentication Rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx","A request for authentication to the local user database for a user associated with an IPsec or WebVPN connection has been rejected. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured. • reason—The details of why the request was rejected • user—The username associated with the connection • user_ip —The IP address of the user who initiated the authentication or authorization request<915CLI>","None required.","6","Informational","5","network","general"
+"%ASA-6-113016","113016","AAA credentials rejected : reason = reason : server = server_IP_address : user = user&lt;915CLI&gt;: : user IP = xxx.xxx.xxx.xxx","%ASA-6-113016: AAA credentials rejected : reason = reason : server = server_IP_address : user = user&lt;915CLI&gt;: : user IP = xxx.xxx.xxx.xxx","The AAA transaction for a user associated with an IPsec or WebVPN connection has failed because of an error or rejected due to a policy violation. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured. • reason—The details of why the request was rejected • server_IP_address—The IP address of the relevant AAA server • user—The username associated with the connection • <915CLI>user_ip —The IP address of the user who initiated the authentication or authorization request","None required.","6","Informational","5","network","general"
+"%ASA-6-113017","113017","AAA credentials rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx","%ASA-6-113017: AAA credentials rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx","The AAA transaction for a user associated with an IPsec or WebVPN connection has failed because of an error or rejected because of a policy violation. This event only appears when the AAA transaction is with the local user database rather than with an external AAA server. • reason—The details of why the request was rejected • user—The username associated with the connection • user_ip —The IP address of the user who initiated the authentication or authorization request","None required.","6","Informational","5","network","general"
+"%ASA-6-113033","113033","Group group User user IP ipaddr AnyConnect session not allowed. ACL parse error.","%ASA-6-113033: Group group User user IP ipaddr AnyConnect session not allowed. ACL parse error.","The WebVPN session for the specified user in this group is not allowed because the associated ACL did not parse. The user will not be allowed to log in via WebVPN until this error has been corrected. • group —The group policy name of the user • user —The username • ipaddr —The public (not assigned) IP address of the user","Correct the WebVPN ACL.","6","Informational","15","network","general"
+"%ASA-6-113037","113037","Group &lt;group&gt; User &lt;user&gt; IP &lt;ip_address&gt; Reboot pending, new sessions disabled. Denied user login.","%ASA-6-113037: Group &lt;group&gt; User &lt;user&gt; IP &lt;ip_address&gt; Reboot pending, new sessions disabled. Denied user login.","A user was unable to log in to WebVPN because the Secure Firewall ASA is in the process of rebooting.","None required.","6","Informational","5","network","general"
+"%ASA-6-113039","113039","Group group User user IP ipaddr AnyConnect_parent session started.","%ASA-6-113039: Group group User user IP ipaddr AnyConnect_parent session started.","The AnyConnect session has started for the user in this group at the specified IP address. When the user logs in via the AnyConnect login page, the AnyConnect session starts. • group—The name of the group • user—The name of the user • ipadddr—The IP address","None required.","6","Informational","5","network","general"
+"%ASA-6-113045","113045","AAA SDI server 10.x.x.x in aaa-server group test-SDI-group: status changed from OK to REMOVED","%ASA-6-113045: AAA SDI server 10.x.x.x in aaa-server group test-SDI-group: status changed from OK to REMOVED","When servers are administratively added to or removed from SDI cluster, a new state","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","network","general"
+"%ASA-6-114004","114004","4GE_SSM I/O card Initialization is started.","%ASA-6-114004: 4GE_SSM I/O card Initialization is started.","The user has been notified that a 4GE SSM I/O initialization is starting. • >syslog_id —Message identifier","None required.","6","Informational","5","network","general"
+"%ASA-6-114005","114005","4GE_SSM I/O card Initialization has completed.","%ASA-6-114005: 4GE_SSM I/O card Initialization has completed.","The user has been notified that an 4GE SSM I/O initialization is finished. • >syslog_id —Message identifier","None required.","6","Informational","5","network","general"
+"%ASA-6-120003","120003","Call-Home is processing group event title.","%ASA-6-120003: Call-Home is processing group event title.","The Smart Call-Home module retrieved an event from the queue to process. • group —The event group, which may be the following: inventory, configuration, diagnostic, environment, snapshot, telemetry, threat, and test. • title —The event title","None required.","6","Informational","5","network","general"
+"%ASA-6-120007","120007","Call-Home group message to destination delivered.","%ASA-6-120007: Call-Home group message to destination delivered.","A Smart Call Home message was successfully delivered. • group —The event group, which can be any of the following: inventory, configuration, diagnostic, environment, snapshot, telemetry, threat, and test • destination— The e-mail or URL destination","None required.","6","Informational","5","network","general"
+"%ASA-6-121003","121003","msgId 2. Telemetry request from the chassis received. SSE connector status: enabled. Telemetry config on the blade: enabled. Telemetry data Sent %ASA-6-121003: msgId 1. Telemetry request from the chassis received. SSE connector status: enabled. Telemetry config on the blade: enabled. Telemetry data Sent","%ASA-6-121003: msgId 2. Telemetry request from the chassis received. SSE connector status: enabled. Telemetry config on the blade: enabled. Telemetry data Sent %ASA-6-121003: msgId 1. Telemetry request from the chassis received. SSE connector status: enabled. Telemetry config on the blade: enabled. Telemetry data Sent","The message is displayed whenever ASA receives a telemetry request from FXOS. The message displays the SSE connector status, telemetry support status on the blade, and whether the telemetry data was sent to FXOS. • id—The message identifier as in the appAG-appAgent message • connector status—Whether telemetry support is enabled or disabled on the chassis • blade status—Whether telemetry support is enabled or disabled on the blade • data status—Whether telemetry data is sent or not Example","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","network","general"
+"%ASA-6-199002","199002","Startup completed. Beginning operation.","%ASA-6-199002: Startup completed. Beginning operation.","The Secure Firewall ASA finished its initial boot and the flash memory reading sequence, and is ready to begin operating normally.","None required.","6","Informational","5","network","general"
+"%ASA-6-199003","199003","Reducing Link MTU dec","%ASA-6-199003: Reducing Link MTU dec","The Secure Firewall ASA received a packet from the outside network that uses a larger MTU than the inside network. The Secure Firewall ASA then sent an ICMP message to the outside host to negotiate an appropriate MTU. The log message includes the sequence number of the ICMP message.","None required.","6","Informational","5","network","general"
+"%ASA-6-199005","199005","Startup begin","%ASA-6-199005: Startup begin","The Secure Firewall ASA started.","None required.","6","Informational","5","network","general"
+"%ASA-6-199018","199018","syslog","%ASA-6-199018: syslog","A variable syslog was generated by an assistive process. • syslog—The informational syslog passed verbatim from an external process","None required.","6","Informational","5","network","general"
+"%ASA-7-108006","108006","Detected ESMTP size violation from src_ifc:sip/sport to dest_ifc:dip/dport; declared size is: decl_size, actual size is act_size","%ASA-7-108006: Detected ESMTP size violation from src_ifc:sip/sport to dest_ifc:dip/dport; declared size is: decl_size, actual size is act_size","This event is generated when an ESMTP message size exceeds the size declared in the RCPT command. • src_ifc—Source interface name • sip|sport—Source IP address or source port • dest_ifc—Destination interface name • dip|dport—Destination IP address or destination port • decl_size—Declared size • act_size—Actual size","None required.","7","Debugging","5","network","general"
+"%ASA-7-109014","109014","A non-telnet connection was denied to the configured Virtual Telnet IP Address","%ASA-7-109014: A non-telnet connection was denied to the configured Virtual Telnet IP Address","A request to authenticate did not have a corresponding request for authorization.","Ensure that both the aaa authentication and aaa authorization command statements are included in the configuration.","7","Debugging","25","authentication","aaa"
+"%ASA-7-109021","109021","Uauth null proxy error (uap number)","%ASA-7-109021: Uauth null proxy error (uap number)","An internal user authentication error has occurred.","None required. However, if this error appears repeatedly, contact the Cisco TAC.","7","Debugging","5","authentication","aaa"
+"%ASA-7-111009","111009","User 'user' executed cmd: string","%ASA-7-111009: User 'user' executed cmd: string","The user entered a command that does not modify the configuration. This message appears only for show commands.","None required.","7","Debugging","5","network","general"
+"%ASA-7-113028","113028","Extraction of username from VPN client certificate has string.. [Request num]","%ASA-7-113028: Extraction of username from VPN client certificate has string.. [Request num]","The processing request of a username from a certificate is running or has finished. • num —The ID of the request (the value of the pointer to the fiber), which is a monotonically increasing number. • string —The status message, which can one of the following: • been requested • started • finished with error • finished successfully • completed","None required.","7","Debugging","5","network","general"
+"%ASA-7-199019","199019","syslog","%ASA-7-199019: syslog","A variable syslog was generated by an assistive process. • syslog—The debugging syslog passed verbatim from an external process","None required.","7","Debugging","5","network","general"
+"%ASA-3-201002","201002","Too many TCP connections on {static|xlate} global_address ! econns_nconns","%ASA-3-201002: Too many TCP connections on {static|xlate} global_address ! econns_nconns","The maximum number of TCP connections to the specified global address was exceeded. • econns—The maximum number of embryonic connections • nconns—The maximum number of connections permitted for the static or xlate global address","Use the show static or show nat command to check the limit imposed on connections to a static address. The limit is configurable.","3","Error","75","network","general"
+"%ASA-2-201003","201003","Embryonic limit exceeded nconns/elimit for outside_address/outside_port to inside_address(global_address)/inside_port on interface interface_name","%ASA-2-201003: Embryonic limit exceeded nconns/elimit for outside_address/outside_port to inside_address(global_address)/inside_port on interface interface_name","The number of embryonic connections from the specified foreign address with the specified static global address to the specified local address exceeds the embryonic limit. When the limit on embryonic connections to the Secure Firewall ASA is reached, the Secure Firewall ASA attempts to accept them anyway, but puts a time limit on the connections. This situation allows some connections to succeed even if the Secure Firewall ASA is very busy. This message indicates a more serious overload than message 201002, which can be caused by a SYN attack, or by a very heavy load of legitimate traffic. • nconns—The maximum number of embryonic connections received • elimit —The maximum number of embryonic connections specified in the static or nat command","Use the show static command to check the limit imposed on embryonic connections to a static address.","2","Critical","100","network","general"
+"%ASA-3-201004","201004","Too many udp connections on {static|xlate} global_address! udp_connections_limit","%ASA-3-201004: Too many udp connections on {static|xlate} global_address! udp_connections_limit","The maximum number of UDP connections to the specified global address was exceeded. • udp conn limit—The maximum number of UDP connections permitted for the static address or translation","Use the show static or show nat command to check the limit imposed on connections to a static address. You can configure the limit.","3","Error","75","network","general"
+"%ASA-3-201005","201005","FTP data connection failed for IP_address","%ASA-3-201005: FTP data connection failed for IP_address","The Secure Firewall ASA cannot allocate a structure to track the data connection for FTP because of insufficient memory.","Reduce the amount of memory usage or purchase additional memory.","3","Error","75","network","general"
+"%ASA-3-201006","201006","RCMD backconnection failed for IP_address/port","%ASA-3-201006: RCMD backconnection failed for IP_address/port","The Secure Firewall ASA cannot preallocate connections for inbound standard output for rsh commands because of insufficient memory.","Check the rsh client version; the Secure Firewall ASA only supports the Berkeley rsh client version. You can also reduce the amount of memory usage, or purchase additional memory.","3","Error","75","network","general"
+"%ASA-3-201008","201008","Disallowing new connections.","%ASA-3-201008: Disallowing new connections.","You have enabled TCP system log messaging and the syslog server cannot be reached, or when using the ASA syslog server (PFSS) and the disk on the Windows NT system is full, or when the auto-update timeout is configured and the auto-update server is not reachable.","Disable TCP syslog messaging. If using PFSS, free up space on the Windows NT system where PFSS resides. Also, make sure that the syslog server is up and you can ping the host from the ASA console. Then restart TCP system message logging to allow traffic. If the Auto Update Server has not been contacted for a certain period of time, enter the [no] auto-update timeout period command to have it stop sending packets.","3","Error","75","network","general"
+"%ASA-3-201009","201009","TCP connection limit of number for host IP_address on interface_name exceeded","%ASA-3-201009: TCP connection limit of number for host IP_address on interface_name exceeded","The maximum number of connections to the specified static address was exceeded. • number—The maximum of connections permitted for the host • IP_address—The host IP address • interface_name— The name of the interface to which the host is connected","Use the show static and show nat commands to check the limit imposed on connections to an address. The limit is configurable.","3","Error","75","network","general"
+"%ASA-6-201010","201010","Embryonic connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port on interface interface_name","%ASA-6-201010: Embryonic connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port on interface interface_name","An attempt to establish a TCP connection failed because of an exceeded embryonic connection limit, which was configured with the set connection embryonic-conn-max MPC command for a traffic class. To reduce the impact of anomalous incoming traffic on ASA's different management or data interfaces and protocols, the interfaces are configured with a default embryonic limit of 100. This syslog message appears when the embryonic connections to ASA interface exceeds 100. This default value cannot be modified or disabled. • econns—The current count of embryonic connections associated to the configured traffic class • limit—The configured embryonic connection limit for the traffic class • dir—input: The first packet that initiates the connection is an input packet on the interface interface_name output: The first packet that initiates the connection is an output packet on the interface interface_name • source_address/source_port —The source real IP address and the source port of the packet initiating the connection • dest_address/dest_port —The destination real IP address and the destination port of the packet initiating the connection • interface_name—The name of the interface on which the policy limit is enforced","None required.","6","Informational","5","network","general"
+"%ASA-3-201011","201011","Connection limit exceeded cnt/limit for dir packet from sip/sport to dip/dport on interface if_name","%ASA-3-201011: Connection limit exceeded cnt/limit for dir packet from sip/sport to dip/dport on interface if_name","A new connection through the Secure Firewall ASA resulted in exceeding at least one of the configured maximum connection limits. This message applies both to connection limits configured using a static command, or to those configured using Cisco Modular Policy Framework. The new connection will not be allowed through the Secure Firewall ASA until one of the existing connections is torn down, which brings the current connection count below the configured maximum. • cnt —Current connection count • limit —Configured connection limit • dir —Direction of traffic, inbound or outbound • sip —Source real IP address • sport —Source port • dip —Destination real IP address • dpor t—Destination port","None required.","3","Error","5","network","general"
+"%ASA-6-201012","201012","Per-client embryonic connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name","%ASA-6-201012: Per-client embryonic connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name","An attempt to establish a TCP connection failed because the per-client embryonic connection limit was exceeded. By default, this message is rate limited to 1 message every 10 seconds. • curr_num—The current number • limit—The configured limit • [input|output]—Input or output packet on interface interface_name • ip_address—Real IP address • port—TCP or UDP port • interface_name—The name of the interface on which the policy is applied","When the limit is reached, any new connection request will be proxied by the Secure Firewall ASA to prevent a SYN flood attack. The Secure Firewall ASA will only connect to the server if the client is able to finish the three-way handshake. This usually does not affect the end user or the application. However, if this creates a problem for any application that has a legitimate need for a higher number of embryonic connections, you can adjust the setting by entering the set connection per-client-embryonic-max command.","6","Informational","45","network","general"
+"%ASA-3-201013","201013","Per-client connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name","%ASA-3-201013: Per-client connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name","A connection was rejected because the per-client connection limit was exceeded. • curr num—The current number • limit—The configured limit • [input|output]—The input or output packet on interface interface_name • ip—The real IP address • port—The TCP or UDP port • interface_name—The name of the interface on which the policy is applied","When the limit is reached, any new connection request will be silently dropped. Normally an application will retry the connection, which will cause a delay or even a timeout if all retries also fail. If an application has a legitimate need for a higher number of concurrent connections, you can adjust the setting by entering the set connection per-client-max command.","3","Error","95","network","general"
+"%ASA-3-202001","202001","Out of address translation slots!","%ASA-3-202001: Out of address translation slots!","The ASA has no more address translation slots available.","Check the size of the global pool compared to the number of inside network clients. A PAT address may be necessary. Alternatively, shorten the timeout interval of translates and connections.","3","Error","75","network","general"
+"%ASA-3-202005","202005","Non-embryonic in embryonic list outside_address/outside_port inside_address/inside_port","%ASA-3-202005: Non-embryonic in embryonic list outside_address/outside_port inside_address/inside_port","A connection object (xlate) is in the wrong list.","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-202010","202010","NAT/PAT pool exhausted in pool 'pool_name' IP ip_address. Unable to create connection.","%ASA-3-202010: NAT/PAT pool exhausted in pool 'pool_name' IP ip_address. Unable to create connection.","• pool_name —The name of the NAT or PAT pool. If the interface PAT or mapped IP is a raw address, pool name is logged as empty string (""""). • protocol —The protocol used to create the connection • inside_interface —The ingress interface • src_ip —The source IP address • src_port —The source port • outside_interface —The egress interface • dest_ip —The destination IP address • dest_port —The destination port The Secure Firewall ASA has no more address translation pools available.","Use the show nat pool and show nat detail commands to determine why all addresses and ports in the pool are used up. If this occurs under normal conditions, then add additional IP addresses to the NAT/PAT pool.","3","Error","65","network","general"
+"%ASA-3-202016","202016","Unable to pre-allocate SIP ip_protocol secondary channel for message from src_ifname:src_ip_addr/src_port to dst_ifname:dest_ip_addr/dest_port with PAT and missing port information.","%ASA-3-202016: Unable to pre-allocate SIP ip_protocol secondary channel for message from src_ifname:src_ip_addr/src_port to dst_ifname:dest_ip_addr/dest_port with PAT and missing port information.","When SIP application generates an SDP payload with Media port set to 0, you cannot allocate a PAT xlate for such invalid port request and drop the packet with this syslog.","None. This is an application specific issue.","3","Error","95","network","general"
+"%ASA-3-208005","208005","Clear (command) return code","%ASA-3-208005: Clear (command) return code","The Secure Firewall ASA received a nonzero value (an internal error) when attempting to clear the configuration in flash memory. The message includes the reporting subroutine filename and line number.","For performance reasons, the end host should be configured not to inject IP fragments. This configuration change is probably because of NFS. Set the read and write size equal to the interface MTU for NFS.","3","Error","65","network","general"
+"%ASA-4-209003","209003","Fragment database limit of number exceeded: src = source_address , dest = dest_address , proto = protocol , id = number","%ASA-4-209003: Fragment database limit of number exceeded: src = source_address , dest = dest_address , proto = protocol , id = number","Too many IP fragments are currently awaiting reassembly. By default, the maximum number of fragments is 200 (to raise the maximum, see the fragment size command in the command reference guide). The Secure Firewall ASA limits the number of IP fragments that can be concurrently reassembled. This restriction prevents memory depletion at the Secure Firewall ASA under abnormal network conditions. In general, fragmented traffic should be a small percentage of the total traffic mix. An exception is in a network environment with NFS over UDP where a large percentage is fragmented traffic; if this type of traffic is relayed through the Secure Firewall ASA, consider using NFS over TCP instead. To prevent fragmentation, see the sysopt connection tcpmss bytes command in the command reference guide.","If this message persists, a denial of service (DoS) attack might be in progress. Contact the remote peer administrator or upstream provider.","4","Warning","75","network","general"
+"%ASA-4-209004","209004","Invalid IP fragment, size = bytes exceeds maximum size = bytes : src = source_address , dest = dest_address , proto = protocol , id = number","%ASA-4-209004: Invalid IP fragment, size = bytes exceeds maximum size = bytes : src = source_address , dest = dest_address , proto = protocol , id = number","An IP fragment is malformed. The total size of the reassembled IP packet exceeds the maximum possible size of 65,535 bytes.","A possible intrusion event may be in progress. If this message persists, contact the remote peer administrator or upstream provider.","4","Warning","75","network","general"
+"%ASA-4-209005","209005","Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.","%ASA-4-209005: Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.","The Secure Firewall ASA disallows any IP packet that is fragmented into more than 24 fragments. For more information, see the fragment command in the command reference guide.","A possible intrusion event may be in progress. If the message persists, contact the remote peer administrator or upstream provider. You can change the number of fragments per packet by using the fragment chain xxx interface_name command.","4","Warning","65","network","general"
+"%ASA-4-209006","209006","Fragment queue threshold exceeded, dropped protocol fragment from IP address/port to IP address/port on outside interface.","%ASA-4-209006: Fragment queue threshold exceeded, dropped protocol fragment from IP address/port to IP address/port on outside interface.","The Secure Firewall ASA drops the fragmented packets when the fragment database threshold, that is 2/3 of the queue size per interface, has exceeded.","None required.","4","Warning","75","network","general"
+"%ASA-3-210001","210001","LU sw_module_name error = number","%ASA-3-210001: LU sw_module_name error = number","A Stateful Failover error occurred.","If this error persists after traffic lessens through the Secure Firewall ASA, report this error to the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-210002","210002","LU allocate block (bytes) failed","%ASA-3-210002: LU allocate block (bytes) failed","Stateful Failover cannot allocate a block of memory to transmit stateful information to the standby Secure Firewall ASA.","Check the failover interface using the show interface command to make sure its transmit is normal. Also check the current block memory using the show block command. If current available count is 0 within any of the blocks of memory, then reload the Secure Firewall ASA software to recover the lost blocks of memory.","3","Error","95","network","general"
+"%ASA-3-210003","210003","Unknown LU Object number","%ASA-3-210003: Unknown LU Object number","Stateful Failover received an unsupported Logical Update object and was unable to process it. This can be caused by corrupted memory, LAN transmissions, and other events.","If you see this error infrequently, then no action is required. If this error occurs frequently, check the Stateful Failover link LAN connection. If the error was not caused by a faulty failover link LAN connection, determine if an external user is trying to compromise the protected network. Also check for misconfigured clients.","3","Error","95","network","general"
+"%ASA-3-210005","210005","LU allocate secondary (optional ) connection failed for protocol [TCP |UDP ] connection from ingress interface name :Real IP Address /Real Port to egress interface name :Real IP Address /Real Port","%ASA-3-210005: LU allocate secondary (optional ) connection failed for protocol [TCP |UDP ] connection from ingress interface name :Real IP Address /Real Port to egress interface name :Real IP Address /Real Port","Stateful Failover cannot allocate a new connection on the standby unit. This may be caused by little or no RAM memory available within the Secure Firewall ASA. This could additionally be caused by flow creation failure due to resource limitation or reaching configured resource usage limits.","Check the available memory using the show memory command to make sure that the Secure Firewall ASA has free memory. If there is no available memory, add more physical memory to the Secure Firewall ASA. Check resource limitation using the show resource usage command and show asp drop to ensure that the device is not reaching the resource limitation.","3","Error","95","network","general"
+"%ASA-3-210006","210006","LU look NAT for IP_address failed","%ASA-3-210006: LU look NAT for IP_address failed","Stateful Failover was unable to locate a NAT group for the IP address on the standby unit. The active and standby Secure Firewall ASAs may be out-of-sync with each other.","Use the write standby command on the active unit to synchronize system memory with the standby unit.","3","Error","75","network","general"
+"%ASA-3-210007","210007","LU allocate xlate failed for type-staticdynamic NAT translation from PAT:secondary(optional)/protocol (ingress_interface_name/Real_IP_Address) to real_port:Mapped_IP_Address/Mapped_Port (egress_interface_name/Real_IP_Address)","%ASA-3-210007: LU allocate xlate failed for type-staticdynamic NAT translation from PAT:secondary(optional)/protocol (ingress_interface_name/Real_IP_Address) to real_port:Mapped_IP_Address/Mapped_Port (egress_interface_name/Real_IP_Address)","Stateful Failover failed to allocate a translation slot record.","Check the available memory by using the show memory command to make sure that the Secure Firewall ASA has free memory available. If no memory is available, add more memory.","3","Error","75","network","general"
+"%ASA-3-210008","210008","LU no xlate for inside_address/inside_port outside_address/outside_port","%ASA-3-210008: LU no xlate for inside_address/inside_port outside_address/outside_port","The Secure Firewall ASA cannot find a translation slot record for a Stateful Failover connection; as a result, the Secure Firewall ASA cannot process the connection information.","Use the write standby command on the active unit to synchronize system memory between the active and standby units.","3","Error","65","network","general"
+"%ASA-3-210010","210010","LU make UDP connection for outside_address:outside_port inside_address:inside_port failed","%ASA-3-210010: LU make UDP connection for outside_address:outside_port inside_address:inside_port failed","Stateful Failover was unable to allocate a new record for a UDP connection.","Check the available memory by using the show memory command to make sure that the Secure Firewall ASA has free memory available. If no memory is available, add more memory.","3","Error","75","network","general"
+"%ASA-3-210020","210020","LU PAT port port reserve failed","%ASA-3-210020: LU PAT port port reserve failed","Stateful Failover is unable to allocate a specific PAT address that is in use.","Use the write standby command on the active unit to synchronize system memory between the active and standby units.","3","Error","75","network","general"
+"%ASA-3-210021","210021","LU create static xlate global_address ifc interface_name failed","%ASA-3-210021: LU create static xlate global_address ifc interface_name failed","Stateful Failover is unable to create a translation slot.","Enter the write standby command on the active unit to synchronize system memory between the active and standby units.","3","Error","75","network","general"
+"%ASA-6-210022","210022","LU missed number updates","%ASA-6-210022: LU missed number updates","Stateful Failover assigns a sequence number for each record sent to the standby unit. When a received record sequence number is out of sequence with the last updated record, the information in between is assumed to be lost, and this error message is sent as a result.","Unless LAN interruptions occur, check the available memory on both Secure Firewall ASA units to ensure that enough memory is available to process the stateful information. Use the show failover command to monitor the quality of stateful information updates. Messages 211001 to 219002 This chapter includes messages from 211001 to 219002.","6","Informational","15","network","general"
+"%ASA-3-211001","211001","Memory allocation Error","%ASA-3-211001: Memory allocation Error","The Secure Firewall ASA failed to allocate RAM system memory.","If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-211003","211003","Error in computed percentage CPU usage value","%ASA-3-211003: Error in computed percentage CPU usage value","The percentage of CPU usage is greater than 100 percent.","If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-1-211004","211004","WARNING: Minimum Memory Requirement for device version ver not met. min MB required, actual MB found.","%ASA-1-211004: WARNING: Minimum Memory Requirement for device version ver not met. min MB required, actual MB found.","The Secure Firewall ASA does not meet the minimum memory requirements for this version. • ver—Running image version number • min—Minimum required amount of RAM to run the installed image. • actual—Amount of RAM currently installed in the system","Install the required amount of RAM.","1","Alert","75","network","general"
+"%ASA-3-212001","212001","Unable to open SNMP channel (UDP port port) on interface ""interface_number"", error code = code","%ASA-3-212001: Unable to open SNMP channel (UDP port port) on interface ""interface_number"", error code = code","The Secure Firewall ASA is unable to receive SNMP requests destined for the Secure Firewall ASA from SNMP management stations located on this interface. The SNMP traffic passing through the Secure Firewall ASA on any interface is not affected. The error codes are as follows: • An error code of -1 indicates that the Secure Firewall ASA cannot open the SNMP transport for the interface. This can occur when the user attempts to change the port on which SNMP accepts queries to one that is already in use by another feature. In this case, the port used by SNMP will be reset to the default port for incoming SNMP queries (UDP 161). • An error code of -2 indicates that the Secure Firewall ASA cannot bind the SNMP transport for the interface.","After the Secure Firewall ASA reclaims some of its resources when traffic is lighter, reenter the snmp-server host command for that interface.","3","Error","75","network","general"
+"%ASA-3-212002","212002","Unable to open SNMP trap channel (UDP port port) on interface ""interface_number"", error code = code","%ASA-3-212002: Unable to open SNMP trap channel (UDP port port) on interface ""interface_number"", error code = code","The Secure Firewall ASA is unable to send its SNMP traps from the Secure Firewall ASA to SNMP management stations located on this interface. The SNMP traffic passing through the Secure Firewall ASA on any interface is not affected. The error codes are as follows: • An error code of -1 indicates that the Secure Firewall ASA cannot open the SNMP trap transport for the interface. • An error code of -2 indicates that the Secure Firewall ASA cannot bind the SNMP trap transport for the interface. • An error code of -3 indicates that the Secure Firewall ASA cannot set the trap channel as write-only.","After the Secure Firewall ASA reclaims some of its resources when traffic is lighter, reenter the snmp-server host command for that interface.","3","Error","75","network","general"
+"%ASA-3-212003","212003","Unable to receive an SNMP request on interface ""interface_number"", error code = code, will try again.","%ASA-3-212003: Unable to receive an SNMP request on interface ""interface_number"", error code = code, will try again.","An internal error occurred in receiving an SNMP request destined for the Secure Firewall ASA on the specified interface. The error codes are as follows: • An error code of -1 indicates that the Secure Firewall ASA cannot find a supported transport type for the interface. • An error code of -5 indicates that the Secure Firewall ASA received no data from the UDP channel for the interface. • An error code of -7 indicates that the Secure Firewall ASA received an incoming request that exceeded the supported buffer size. • An error code of -14 indicates that the Secure Firewall ASA cannot determine the source IP address from the UDP channel. • An error code of -22 indicates that the Secure Firewall ASA received an invalid parameter.","None required. The Secure Firewall ASA SNMP agent goes back to wait for the next SNMP request.","3","Error","5","network","general"
+"%ASA-3-212004","212004","Unable to send an SNMP response to IP_address, error code = port","%ASA-3-212004: Unable to send an SNMP response to IP_address, error code = port","An internal error occurred in sending an SNMP response from the Secure Firewall ASA to the specified host on the specified interface. The error codes are as follows: • An error code of -1 indicates that the Secure Firewall ASA cannot find a supported transport type for the interface. • An error code of -2 indicates that the Secure Firewall ASA sent an invalid parameter. • An error code of -3 indicates that the Secure Firewall ASA was unable to set the destination IP address in the UDP channel. • An error code of -4 indicates that the Secure Firewall ASA sent a PDU length that exceeded the supported UDP segment size. • An error code of -5 indicates that the Secure Firewall ASA was unable to allocate a system block to construct the PDU.","None required.","3","Error","5","network","general"
+"%ASA-3-212005","212005","incoming SNMP request (number bytes) from interface_name exceeds data buffer size, discarding this SNMP request.","%ASA-3-212005: incoming SNMP request (number bytes) from interface_name exceeds data buffer size, discarding this SNMP request.","The length of the incoming SNMP request that is destined for the Secure Firewall ASA exceeds the size of the internal data buffer (512 bytes) used for storing the request during internal processing. The Secure Firewall ASA is unable to process this request. The SNMP traffic passing through the Secure Firewall ASA on any interface is not affected.","Have the SNMP management station resend the request with a shorter length. For example, instead of querying multiple MIB variables in one request, try querying only one MIB variable in a request. You may need to modify the configuration of the SNMP manager software.","3","Error","75","network","general"
+"%ASA-3-212006","212006","Dropping SNMP request from src_addr/src_port to ifc:dst_addr/dst_port because: reasonusername","%ASA-3-212006: Dropping SNMP request from src_addr/src_port to ifc:dst_addr/dst_port because: reasonusername","The Secure Firewall ASA cannot process the SNMP request being sent to it for the following reasons: • user not found—The username cannot be located in the local SNMP user database. • username exceeds maximum length—The username embedded in the PDU exceeds the maximum length allowed by the SNMP RFCs. • authentication algorithm failure—An authentication failure caused by an invalid password or a packet authenticated using the incorrect algorithm. • privacy algorithm failure—A privacy failure caused by an invalid password or a packet encrypted using the incorrect algorithm. • error decrypting request—An error occurred in the platform crypto module decrypting the user request. • error encrypting response—An error occurred in the platform crypto module encrypting the user response or trap notification. • engineBoots has reached maximum value—The engineBoots variable has reached the maximum allowed value. For more information, see message 212011. The username appears after each reason listed. Note","Check the Secure Firewall ASA SNMP server settings and confirm that the NMS configuration is using the expected user, authentication, and encryption settings. Enter the show crypto accelerator statistics command to isolate errors in the platform crypto module.","3","Error","95","network","general"
+"%ASA-5-212009","212009","Configuration request for SNMP group groupname failed. User username reason","%ASA-5-212009: Configuration request for SNMP group groupname failed. User username reason","A user has tried to change the SNMP server group configuration. One or more users that refer to the group have insufficient settings to comply with the requested group changes. • groupname—A string that represents the group name • username —A string that represents the username • reason—A string that represents one of the following reasons: - missing auth-password —A user has tried to add authentication to the group, and the user has not specified an authentication password - missing priv-password —A user has tried to add privacy to the group, and the user has not specified an encryption password - reference group intended for removal —A user has tried to remove a group that has users belonging to it","The user must update the indicated user configurations before changing the group or removing indicated users, and then add them again after making changes to the group.","5","Notification","35","network","general"
+"%ASA-3-212010","212010","Configuration request for SNMP user s failed. Host s reason","%ASA-3-212010: Configuration request for SNMP user s failed. Host s reason","A user has tried to change the SNMP server user configuration by removing one or more hosts that reference the user. One message is generated per host. • %s—A string that represents the username or hostname • reason —A string the represents the following reason: - references user intended for removal— The name of the user to be removed from the host.","The user must either update the indicated host configuration before changing a user or remove the indicated hosts, then add them again after making changes to the user.","3","Error","75","network","general"
+"%ASA-3-212011","212011","SNMP engineBoots is set to maximum value. Reason: error accessing persistent data. User intervention necessary.","%ASA-3-212011: SNMP engineBoots is set to maximum value. Reason: error accessing persistent data. User intervention necessary.","The device has rebooted 214783647 times, which is the maximum allowed value of the engineBoots variable, or an error reading the persistent value from flash memory has occurred. The engineBoots value is stored in flash memory in the flash:/snmp/ctx-name file, where ctx-name is the name of the context. In single mode, the name of this file is flash:/snmp/single_vf. In multi-mode, the name of the file for the admin context is flash:/snmp/admin. During a reboot, if the device is unable to read from the file or write to the file, the engineBoots value is set to the maximum. • %s—A string that represents the reason that the engineBoots value is set to the maximum allowed value. The two valid strings are “device reboots” and “error accessing persistent data.”","For the first string, the administrator must delete all SNMP Version 3 users and add them again to reset the engineBoots variable to 1. All subsequent Version 3 queries will fail until all users have been removed. For the second string, the administrator must delete the context-specific file, then delete all SNMP Version users, and add them again to reset the engineBoots variable to 1. All subsequent Version 3 queries will fail until all users have been removed.","3","Error","75","network","general"
+"%ASA-3-212012","212012","Unable to write engine data to persistent storage.","%ASA-3-212012: Unable to write engine data to persistent storage.","The SNMP engine data is written to the file, flash:/snmp/context-name . For example: in single mode, the data is written to the file, flash:/snmp/single_vf. In the admin context in multi-mode, the file is written to the directory, flash:/snmp/admin. The error may be caused by a failure to create the flash:/snmp directory or the flash:/snmp/context-name file. The error may also be caused by a failure to write to the file.","The system administrator should remove the flash:/snmp/context-name file, then remove all SNMP Version 3 users, and add them again. This procedure should recreate the flash:/snmp/context-name file. If the problem persists, the system administrator should try reformatting the flash.","3","Error","75","network","general"
+"%ASA-3-213001","213001","PPTP control daemon socket io string, errno = number","%ASA-3-213001: PPTP control daemon socket io string, errno = number","An internal TCP socket I/O error occurred.","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-213002","213002","PPTP tunnel hashtable insert failed, peer = IP_address","%ASA-3-213002: PPTP tunnel hashtable insert failed, peer = IP_address","An internal software error occurred while creating a new PPTP tunnel.","Contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-213003","213003","PPP virtual interface interface_number isn't opened","%ASA-3-213003: PPP virtual interface interface_number isn't opened","An internal software error occurred while closing a PPP virtual interface.","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-213004","213004","PPP virtual interface interface_number client ip allocation failed","%ASA-3-213004: PPP virtual interface interface_number client ip allocation failed","An internal software error occurred while allocating an IP address to the PPTP client when the IP local address pool was depleted.","Consider allocating a larger pool with the ip local pool command.","3","Error","65","network","general"
+"%ASA-3-213005","213005","L2TP: Dynamic-Access-Policy action is not continue,""abort connection""","%ASA-3-213005: L2TP: Dynamic-Access-Policy action is not continue,""abort connection""","The DAP is dynamically created by selecting configured access policies based on the authorization rights of the user and the posture assessment results of the remote endpoint device. The resulting dynamic policy indicates that the session should be terminated.","None required.","3","Error","5","network","general"
+"%ASA-3-213006","213006","L2TP: Dynamic-Access-Policy failure","%ASA-3-213006: L2TP: Dynamic-Access-Policy failure","There was either an error in retrieving the DAP policy record data, or the action configuration was missing.","A configuration change might have resulted in deleting a DAP record. Use ASDM to recreate the DAP record.","3","Error","75","network","general"
+"%ASA-4-213007","213007","L2TP: Failed to install Redirect URL: redirect_URL Redirect ACL: non_exist for assigned_IP.","%ASA-4-213007: L2TP: Failed to install Redirect URL: redirect_URL Redirect ACL: non_exist for assigned_IP.","An error occurred for an L2TP connection when the redirect URL was installed and the ACL was received from the ISE, but the redirect ACL does not exist on the ASA. • redirect URL —The URL for the HTTP traffic redirection • assigned IP —The IP address that is assigned to the user","Configure the redirect ACL on the ASA.","4","Warning","55","network","general"
+"%ASA-2-214001","214001","Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number bytes) longer than number bytes","%ASA-2-214001: Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number bytes) longer than number bytes","An incoming encrypted data packet destined for the Secure Firewall ASA management port indicates a packet length exceeding the specified upper limit. This may be a hostile event. The Secure Firewall ASA immediately terminates this management connection.","Ensure that the management connection was initiated by Cisco Secure Policy Manager.","2","Critical","85","network","general"
+"%ASA-2-215001","215001","Bad route_compress() call, sdb = number","%ASA-2-215001: Bad route_compress() call, sdb = number","An internal software error occurred.","Contact the Cisco TAC.","2","Critical","85","network","general"
+"%ASA-3-216002","216002","Unexpected event (major: major_id , minor: minor_id ) received by task_string in function at line: line_num","%ASA-3-216002: Unexpected event (major: major_id , minor: minor_id ) received by task_string in function at line: line_num","A task registers for event notification, but the task cannot handle the specific event. Events that can be watched include those associated with queues, booleans, and timer services. If any of the registered events occur, the scheduler wakes up the task to process the event. This message is generated if an unexpected event woke up the task, but it does not know how to handle the event. If an event is left unprocessed, it can wake up the task very often to make sure that it is processed, but this should not occur under normal conditions. If this message appears, it does not necessarily mean the device is unusable, but something unusual has occurred and needs to be investigated. • major_id —Event identifier • minor_id — Event identifier • task_string —Custom string passed by the task to identify itself • function —The function that received the unexpected event • line_num —Line number in the code","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-216003","216003","Unrecognized timer timer_ptr , timer_id received by task_string in function at line: line_num","%ASA-3-216003: Unrecognized timer timer_ptr , timer_id received by task_string in function at line: line_num","An unexpected timer event woke up the task, but the task does not know how to handle the event. A task can register a set of timer services with the scheduler. If any of the timers expire, the scheduler wakes up the task to take action. This message is generated if the task is awakened by an unrecognized timer event. An expired timer, if left unprocessed, wakes up the task continuously to make sure that it is processed, and this is undesirable. This should not occur under normal conditions. If this message appears, it does not necessarily mean the device is unusable, but something unusual has occurred and needs to be investigated. • timer_ptr —Pointer to the timer • timer_id —Timer identifier • task_string —Custom string passed by the task to identify itself • function —The function that received the unexpected event • line_num —Line number in the code","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-4-216004","216004","prevented: error in function at file(line) - stack trace","%ASA-4-216004: prevented: error in function at file(line) - stack trace","An internal logic error has occurred, which should not occur during normal operation. • error —Internal logic error. Possible errors include the following: - Exception - Dereferencing null pointer - Array index out of bounds - Invalid buffer size - Writing from input - Source and destination overlap - Invalid date - Access offset from array indices • function —The calling function that generated the error • file(line) —The file and line number that generated the error • stack trace —Full call stack traceback, starting with the calling function. For example: (“0x001010a4 0x00304e58 0x00670060 0x00130b04”)","If the problem persists, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-1-216005","216005","ERROR: Duplex-mismatch on interface_name resulted in transmitter lockup. A soft reset of the switch was performed.","%ASA-1-216005: ERROR: Duplex-mismatch on interface_name resulted in transmitter lockup. A soft reset of the switch was performed.","A duplex mismatch on the port caused a problem in which the port can no longer transmit packets. This condition was detected, and the switch was reset to autorecover. This message applies only to the ASA 5505. • interface_name —The interface name that was locked up","A duplex mismatch exists between the specified port and the ASA 5505 that is connected to it. Correct the duplex mismatch by either setting both devices to autorecover, or hard coding the duplex mismatch for both devices to be the same.","1","Alert","85","network","general"
+"%ASA-2-217001","217001","No memory for string in string","%ASA-2-217001: No memory for string in string","An operation failed because of low memory.","If sufficient memory exists, then send the error message, the configuration, and any details about the events leading up to the error to the Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-218001","218001","Failed Identification Test in slot# [fail #/res ].","%ASA-2-218001: Failed Identification Test in slot# [fail #/res ].","The module in slot# of the Secure Firewall ASA cannot be identified as a genuine Cisco product. Cisco warranties and support programs apply only to genuine Cisco products. If Cisco determines that the cause of a support issue is related to non-Cisco memory, SSM modules, SSC modules, or other modules, Cisco may deny support under your warranty or under a Cisco support program such as SmartNet.","If this message recurs, copy it exactly as it appears on the console or in the system log. Research and try to resolve the error using the Output Interpreter. Also perform a search with the Bug Toolkit. If the problem persists, contact the Cisco TAC.","2","Critical","100","network","general"
+"%ASA-2-218002","218002","Module slot# is a registered proto-type for Cisco Lab use only, and not certified for live network operation.","%ASA-2-218002: Module slot# is a registered proto-type for Cisco Lab use only, and not certified for live network operation.","The hardware in the specified location is a prototype module that came from a Cisco lab.","If this message reoccurs, copy it exactly as it appears on the console or in the system log. Research and try to resolve the error using the Output Interpreter. Also perform a search with the Bug Toolkit. If the problem persists, contact the Cisco TAC.","2","Critical","85","network","general"
+"%ASA-2-218003","218003","Module Version in slot# is obsolete. The module in slot = slot# is obsolete and must be returned via RMA to Cisco Manufacturing. If it is a lab unit, it must be returned to Proto Services for upgrade.","%ASA-2-218003: Module Version in slot# is obsolete. The module in slot = slot# is obsolete and must be returned via RMA to Cisco Manufacturing. If it is a lab unit, it must be returned to Proto Services for upgrade.","Obsolete hardware has been detected or the show module command has been run for the module. This message is generated once per minute after it first appears.","If this message recurs, copy it exactly as it appears on the console or in the system log. Research and try to resolve the error using the Output Interpreter. Also perform a search with the Bug Toolkit. If the problem persists, contact the Cisco TAC.","2","Critical","85","network","general"
+"%ASA-2-218004","218004","Failed Identification Test in slot# [fail#/res]","%ASA-2-218004: Failed Identification Test in slot# [fail#/res]","A problem occurred while identifying hardware in the specified location.","If this message recurs, copy it exactly as it appears on the console or in the system log. Research and try to resolve the error using the Output Interpreter. Also perform a search with the Bug Toolkit. If the problem persists, contact the Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-218005","218005","Inconsistency detected in the system information programmed in non-volatile memory.","%ASA-2-218005: Inconsistency detected in the system information programmed in non-volatile memory.","System information programmed in non-volatile memory is not consistent. This syslog will be generated during bootup if Secure Firewall ASA detects that the contents of the IDPROM are not identical to the contents of ACT2 EEPROM. Since the IDPROM and ACT2 EEPROM are programmed with exactly the same contents in manufacturing, this would happen either due to an error in manufacturing or if the IDPROM contents are tampered with.","If the message recurs, collect the output of the show tech-support command and contact Cisco TAC.","2","Critical","85","network","general"
+"%ASA-3-219002","219002","I2C_API_name() error, slot = slot_number, device = device_number, address = address, byte count = count. Reason: reason_string","%ASA-3-219002: I2C_API_name() error, slot = slot_number, device = device_number, address = address, byte count = count. Reason: reason_string","The I2C serial bus API has failed because of a hardware or software problem. • I2C_API_name —The I2C API that failed, which can be one of the following: • I2C_read_byte_w_wait() • I2C_read_word_w_wait() • I2C_read_block_w_wait() • I2C_write_byte_w_wait() • I2C_write_word_w_wait() • I2C_write_block_w_wait() • I2C_read_byte_w_suspend() • I2C_read_word_w_suspend() • I2C_read_block_w_suspend() • I2C_write_byte_w_suspend() • I2C_write_word_w_suspend() • I2C_write_block_w_suspend() • slot_number —The hexadecimal number of the slot where the I/O operation that generated the message occurred. The slot number cannot be unique to a slot in the chassis. Depending on the chassis, two different slots might have the same I2C slot number. Also, the value is not necessarily less than or equal to the number of slots. The value depends on the way the I2C hardware is wired. • device_number —The hexadecimal number of the device on the slot for which the I/O operation was performed • address —The hexadecimal address of the device on which the I/O operation occurred • byte_count —The byte count in decimal format of the I/O operation • error_string —The reason for the error, which can be one of the following: • I2C_BUS_TRANSACTION_ERROR • I2C_CHKSUM_ERROR • I2C_TIMEOUT_ERROR • I2C_BUS_COLLISION_ERROR • I2C_HOST_BUSY_ERROR • I2C_UNPOPULATED_ERROR • I2C_SMBUS_UNSUPPORT • I2C_BYTE_COUNT_ERROR • I2C_DATA_PTR_ERROR","Perform the following steps: 1. Log and review the messages and the errors associated with the event. If the message does not occur continuously and disappears after a few minutes, it might be because the I2C serial bus is busy. 2. Reboot the software running on the Secure Firewall ASA. 3. Power cycle the device. When you turn off the power, make sure that you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-6-302003","302003","Built H245 connection for faddr foreign_ip_address/foreign_port laddr local_ip_address","%ASA-6-302003: Built H245 connection for faddr foreign_ip_address/foreign_port laddr local_ip_address","An H.245 connection has been started from the foreign_ip_address to the local_ip_address. The Secure Firewall ASA has detected the use of an Intel Internet Phone. The foreign port (foreign_port ) only appears on connections from outside the Secure Firewall ASA. The local port value (local_port ) only appears on connections that were started on an internal interface.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302004","302004","Pre-allocate H323 {TCP | UDP} backconnection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","%ASA-6-302004: Pre-allocate H323 {TCP | UDP} backconnection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","An H.323 UDP back connection has been preallocated to the foreign address (foreign_ip_address) from the local address (local_ip_address). The Secure Firewall ASA has detected the use of an Intel Internet Phone. The foreign port (foreign_port) only appears on connections from outside the Secure Firewall ASA. The local port value (local_port) only appears on connections that were started on an internal interface.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302010","302010","connections in use, connections most used","%ASA-6-302010: connections in use, connections most used","Provides information on the number of connections that are in use and most used. • connections—The number of connections","None required.","6","Informational","5","network","connection"
+"%ASA-6-302012","302012","Pre-allocate H225 Call Signalling Connection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","%ASA-6-302012: Pre-allocate H225 Call Signalling Connection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","An H.225 secondary channel has been preallocated.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302013","302013","Built {inbound | outbound}[Probe] TCP connection connection_id for interface:real-address/real-port ((mapped-address/mapped-port))idfw_user to interface:real-address/real-port (mapped-address/mapped-port)inside_idfw_and_sg_info id_port_num rx_ring_num [(user)]","%ASA-6-302013: Built {inbound | outbound}[Probe] TCP connection connection_id for interface:real-address/real-port ((mapped-address/mapped-port))idfw_user to interface:real-address/real-port (mapped-address/mapped-port)inside_idfw_and_sg_info id_port_num rx_ring_num [(user)]","A TCP connection slot between two hosts was created. • probe—Indicates the TCP connection is a probe connection • connection_id —A unique identifier • interface, real-address, real-port—The actual sockets • mapped-address, mapped-port—The mapped sockets • user—The AAA name of the user • idfw_user—The name of the identity firewall user If inbound is specified, the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, the original control connection was initiated from the inside.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302014","302014","Teardown [Probe]TCP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes reason_stringteardown_initiatorinitiator id_port_num rx_ring_num max-rate conn_rate/max_permissible_rate (user)","%ASA-6-302014: Teardown [Probe]TCP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes reason_stringteardown_initiatorinitiator id_port_num rx_ring_num max-rate conn_rate/max_permissible_rate (user)","A TCP connection between two hosts was deleted. The following list describes the message values:","None required.","6","Informational","5","network","connection"
+"%ASA-6-302015","302015","Built {inbound | outbound} UDP connection connection_id for interface:real_address/real_port (mapped_address/mapped_port)idfw_user to interface:real_address/real_port (mapped_address/mapped_port)idfw_user id_port_num rx_ring_num [(user)]","%ASA-6-302015: Built {inbound | outbound} UDP connection connection_id for interface:real_address/real_port (mapped_address/mapped_port)idfw_user to interface:real_address/real_port (mapped_address/mapped_port)idfw_user id_port_num rx_ring_num [(user)]","A UDP connection slot between two hosts was created. The following list describes the message values: • number—A unique identifier • interface, real_address, real_port—The actual sockets • mapped_address and mapped_port—The mapped sockets • user—The AAA name of the user • idfw_user —The name of the identity firewall user If inbound is specified, then the original control connection is initiated from the outside. For example, for UDP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, then the original control connection is initiated from the inside.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302016","302016","Teardown UDP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num max-rate conn_rate/max_permissible_rate Bps (user)","%ASA-6-302016: Teardown UDP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num max-rate conn_rate/max_permissible_rate Bps (user)","A UDP connection slot between two hosts was deleted. The following list describes the message values:","None required.","6","Informational","5","network","connection"
+"%ASA-6-302017","302017","Built {inbound | outbound} GRE connection id from interface:real_address (translated_address)idfw_user to interface:real_address/real_cid (translated_address/translated_cid)idfw_user id_port_num rx_ring_num [(user)]","%ASA-6-302017: Built {inbound | outbound} GRE connection id from interface:real_address (translated_address)idfw_user to interface:real_address/real_cid (translated_address/translated_cid)idfw_user id_port_num rx_ring_num [(user)]","A GRE connection slot between two hosts was created. The id is an unique identifier. The interface, real_address, real_cid tuple identifies the one of the two simplex PPTP GRE streams. The parenthetical translated_address, translated_cid tuple identifies the translated value with NAT. If inbound is indicated, then the connection can only be used inbound. If outbound is indicated, then the connection can only be used for outbound. The following list describes the message values: • id—Unique number identifying the connection • inbound—Control connection is for inbound PPTP GRE flow • outbound—Control connection is for outbound PPTP GRE flow • interface_name—The interface name • real_address—IP address of the actual host • real_cid—Untranslated call ID for the connection • translated_address—IP address after translation • translated_cid—Translated call • user—AAA user name • idfw_user—The name of the identity firewall user","None required.","6","Informational","5","network","connection"
+"%ASA-6-302018","302018","Teardown GRE connection id from interface:real_addresstranslated_address to interface:real_address/real_cididfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num [(user)]","%ASA-6-302018: Teardown GRE connection id from interface:real_addresstranslated_address to interface:real_address/real_cididfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num [(user)]","A GRE connection slot between two hosts was deleted. The interface, real_address, real_port tuples identify the actual sockets. Duration identifies the lifetime of the connection. The following list describes the message values: • id—Unique number identifying the connection • interface—The interface name • real_address—IP address of the actual host • real_port—Port number of the actual host • hh:mm:ss—Time in hour:minute:second format • bytes—Number of PPP bytes transferred in the GRE session • reason—Reason why the connection was terminated • user—AAA user name • idfw_user—The name of the identity firewall user","None required.","6","Informational","5","network","connection"
+"%ASA-3-302019","302019","H.323 library_name ASN Library failed to initialize, error code number","%ASA-3-302019: H.323 library_name ASN Library failed to initialize, error code number","The specified ASN librar y that the Secure Firewall ASA uses for decoding the H.323 messages failed to initialize; the Secure Firewall ASA cannot decode or inspect the arriving H.323 packet. The Secure Firewall ASA allows the H.323 packet to pass through without any modification. When the next H.323 message arrives, the Secure Firewall ASA tries to initialize the library again.","If this message is generated consistently for a particular library, contact the Cisco TAC and provide them with all log messages (preferably with timestamps).","3","Error","75","network","connection"
+"%ASA-6-302020","302020","Built outbound ICMP connection for faddr dest_ip_address/dest_portoutside_idfw_user gaddr src_ip/src_port laddr src_ip/src_portinside_idfw_user[(user)] type type code code Internal-Data0/id_port_num:RX[rx_ring_num]","%ASA-6-302020: Built outbound ICMP connection for faddr dest_ip_address/dest_portoutside_idfw_user gaddr src_ip/src_port laddr src_ip/src_portinside_idfw_user[(user)] type type code code Internal-Data0/id_port_num:RX[rx_ring_num]","This message is generated when an ICMP session was established in the fast-path. The following list describes the message values: • faddr —Specifies the IP address of the foreign host • gaddr —Specifies the IP address of the global host • laddr —Specifies the IP address of the local host • idfw_user —The name of the identity firewall user • user —The username associated with the host from where the connection was initiated • type —Specifies the ICMP type • code —Specifies the ICMP code • Rx —Specifies the received data circular-buffer size, where the buffer is overwritten, starting from the beginning, when the buffer is full.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302021","302021","Teardown ICMP connection for faddr src_ip_address/src_portoutside_idfw_user gaddr dest_ip_address/dest_port laddr dest_ip_address/dest_portinside_idfw_user [(user)] type type code code Internal-Data0/id_port_num:RX[rx_ring_num]","%ASA-6-302021: Teardown ICMP connection for faddr src_ip_address/src_portoutside_idfw_user gaddr dest_ip_address/dest_port laddr dest_ip_address/dest_portinside_idfw_user [(user)] type type code code Internal-Data0/id_port_num:RX[rx_ring_num]","This message is generated when an ICMP session is removed in the fast-path. The following list describes the message values: • faddr —Specifies the IP address of the foreign host • gaddr —Specifies the IP address of the global host • laddr —Specifies the IP address of the local host • idfw_user —The name of the identity firewall user • user —The username associated with the host from where the connection was initiated • type —Specifies the ICMP type • code—Specifies the ICMP code • Rx—Specifies the received data circular-buffer size, where the buffer is overwritten, starting from the beginning, when the buffer is full.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302022","302022","Built role stub TCP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port))","%ASA-6-302022: Built role stub TCP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port))","A TCP director/backup/forwarder flow has been created.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302023","302023","Teardown stub TCP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason","%ASA-6-302023: Teardown stub TCP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason","A TCP director/backup/forwarder flow has been torn down.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302024","302024","Built role stub UDP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port)","%ASA-6-302024: Built role stub UDP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port)","A UDP director/backup/forwarder flow has been created.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302025","302025","Teardown stub UDP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason","%ASA-6-302025: Teardown stub UDP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason","A UDP director/backup/forwarder flow has been torn down.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302026","302026","Built role stub ICMP connection for interface:real-address/real-port (mapped-address) to interface:real-address/real-port (mapped-address)","%ASA-6-302026: Built role stub ICMP connection for interface:real-address/real-port (mapped-address) to interface:real-address/real-port (mapped-address)","An ICMP director/backup/forwarder flow has been created.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302027","302027","Teardown stub ICMP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason","%ASA-6-302027: Teardown stub ICMP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason","An ICMP director/backup/forwarder flow has been torn down.","None required.","6","Informational","5","network","connection"
+"%ASA-6-302033","302033","Pre-allocated H323 GUP Connection for faddr interface_name:foreign_ip_address/foreign_port to laddr interface_name:local_address","%ASA-6-302033: Pre-allocated H323 GUP Connection for faddr interface_name:foreign_ip_address/foreign_port to laddr interface_name:local_address","A GUP connection was started from the foreign address to the local address. The foreign port (outside port) only appears on connections from outside the security device. The local port value (inside port) only appears on connections started on an internal interface. • interface—The interface name • foreign-address —IP address of the foreign host • foreign-port —Port number of the foreign host • local-address —IP address of the local host • local-port —Port number of the local host","None required.","6","Informational","5","network","connection"
+"%ASA-4-302034","302034","Unable to Pre-allocate H323 GUP Connection for faddr interface_name:foreign_ip_address/foreign_port to laddr interface_name:local_ip_address","%ASA-4-302034: Unable to Pre-allocate H323 GUP Connection for faddr interface_name:foreign_ip_address/foreign_port to laddr interface_name:local_ip_address","The module failed to allocate RAM system memory while starting a connection or has no more address translation slots available. • interface—The interface name • foreign_ip_address —IP address of the foreign host • foreign_port —Port number of the foreign host • local_ip_address —IP address of the local host • local_port —Port number of the local host","If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC. You can check the size of the global pool compared to the number of inside network clients. Alternatively, shorten the timeout interval of translations and connections. This message may also be caused by insufficient memory; try reducing the amount of memory usage, or purchasing additional memory.","4","Warning","55","network","connection"
+"%ASA-6-302035","302035","Built {inbound | outbound} SCTP connection conn_id for outside_interface:outside_ip/outside_port (mapped_outside_ip/mapped_outside_port)outside_idfw_user to inside_interface:inside_ip/inside_port (mapped_inside_ip/mapped_inside_port)inside_idfw_user port_num rx_ring_num [(user)]","%ASA-6-302035: Built {inbound | outbound} SCTP connection conn_id for outside_interface:outside_ip/outside_port (mapped_outside_ip/mapped_outside_port)outside_idfw_user to inside_interface:inside_ip/inside_port (mapped_inside_ip/mapped_inside_port)inside_idfw_user port_num rx_ring_num [(user)]","SCTP flow creation is logged when SCTP-state-bypass is not configured. • conn_id —The unique connection ID • outside_interface —The interface with the lower security level • outside_ip —The IP address of the host on the lower security level side of the ASA • outside_port —The port number of the host on the lower security level side of the ASA • mapped_outside_ip —The mapped IP address of the host on the lower security level side of the ASA • mapped_outside_port —The mapped port number of the host on the lower security level side of the ASA • outside_idfw_user —The IDFW username associated with the host on the lower security level side of the ASA • outside_sg_info —The SGT and SG name associated with the host on the lower security level side of the ASA • inside_interface —The interface with the higher security level • inside_ip —The IP address of the host on the higher security level side of the ASA • inside_port —The port number of the host on the higher security level side of the ASA • mapped_inside_ip —The mapped IP address of the host on the higher security level side of the ASA • mapped_inside_port —The mapped port number of the host on the higher security level side of the ASA • inside_idfw_user —The IDFW username associated with the host on the higher security level side of the ASA • inside_sg_info —The SGT and SG name associated with the host on the higher security level side of the ASA • user —The username associated with the host from where the connection was initiated","None required.","6","Informational","5","network","connection"
+"%ASA-6-302036","302036","Teardown SCTP connection conn_id for inside_interface:inside_ip_address/inside_portoutside_idfw_user to outside_interface:outside_ip_address/outside_portinside_idfw_user duration time_value bytes bytes reason_string id_port_num rx_ring_num [(user)]","%ASA-6-302036: Teardown SCTP connection conn_id for inside_interface:inside_ip_address/inside_portoutside_idfw_user to outside_interface:outside_ip_address/outside_portinside_idfw_user duration time_value bytes bytes reason_string id_port_num rx_ring_num [(user)]","SCTP flow deletion is logged when SCTP-state-bypass is not configured. • conn_id —The unique connection ID • outside_interface —The interface with the lower security level • outside_ip_address —The IP address of the host on the lower security level side of the ASA • outside_port —The port number of the host on the lower security level side of the ASA • outside_idfw_user —The IDFW username associated with the host on the lower security level side of the ASA","None required.","6","Informational","5","network","connection"
+"%ASA-6-302037","302037","Built {inbound|outbound} IPINIP connection conn_id from outside_interface:outside_ip/{outside_mapped_ip|outside_port} outside_idfw_user to inside_interface_name:inside_ip/{inside_mapped_ip|inside_port} inside_idfw_user [(user)]","%ASA-6-302037: Built {inbound|outbound} IPINIP connection conn_id from outside_interface:outside_ip/{outside_mapped_ip|outside_port} outside_idfw_user to inside_interface_name:inside_ip/{inside_mapped_ip|inside_port} inside_idfw_user [(user)]","IPINIP flow has been created. • conn_id —The unique connection ID • outside_interface —The interface with the lower security level • outside_ip —The IP address of the host on the lower security level side of the ASA • outside_port —The port number of the host on the lower security level side of the ASA • mapped_outside_ip —The mapped IP address of the host on the lower security level side of the ASA • mapped_outside_port —The mapped port number of the host on the lower security level side of the ASA • outside_idfw_user —The IDFW username associated with the host on the lower security level side of the ASA • outside_sg_info —The SGT and SG name associated with the host on the lower security level side of the ASA • inside_interface —The interface with the higher security level • inside_ip —The IP address of the host on the higher security level side of the ASA • inside_port —The port number of the host on the higher security level side of the ASA • mapped_inside_ip —The mapped IP address of the host on the higher security level side of the ASA • mapped_inside_port —The mapped port number of the host on the higher security level side of the ASA • inside_idfw_user —The IDFW username associated with the host on the higher security level side of the ASA • inside_sg_info —The SGT and SG name associated with the host on the higher security level side of the ASA • user —The username associated with the host from where the connection was initiated","None required. 302038 (Inbound flow)Error Message 1","6","Informational","5","network","connection"
+"%ASA-6-302038","302038","Teardown IPINIP connection conn_id for outside_interface:outside_ip/outside_portoutside_idfw_user to inside_interface:inside_ip/inside_portinside_idfw_user duration time_value bytes bytes [(user)]","%ASA-6-302038: Teardown IPINIP connection conn_id for outside_interface:outside_ip/outside_portoutside_idfw_user to inside_interface:inside_ip/inside_portinside_idfw_user duration time_value bytes bytes [(user)]","An IPINIP flow has been torn down. • conn_id —The unique connection ID • outside_interface —The interface with the lower security level • outside_ip —The IP address of the host on the lower security level side of the ASA • outside_port —The port number of the host on the lower security level side of the ASA • outside_idfw_user —The IDFW username associated with the host on the lower security level side of the ASA • outside_sg_info —The SGT and SG name associated with the host on the lower security level side of the ASA • inside_interface —The interface with the higher security level • inside_ip —The IP address of the host on the higher security level side of the ASA • inside_port —The port number of the host on the higher security level side of the ASA • inside_idfw_user —The IDFW username associated with the host on the higher security level side of the ASA • inside_sg_info —The SGT and SG name associated with the host on the higher security level side of the ASA • user —The username associated with the host from where the connection was initiated • time —The amount of the flow stayed alive in hh:mm:ss • bytes —The number of bytes passed on the flow","None required.","6","Informational","5","network","connection"
+"%ASA-3-302302","302302","ACL=deny;no_sa_created","%ASA-3-302302: ACL=deny;no_sa_created","IPsec proxy mismatches have occurred. Proxy hosts for the negotiated SA correspond to a deny access-list command policy.","Check the access-list command statement in the configuration. Contact the administrator for the peer.","3","Error","95","network","general"
+"%ASA-6-302303","302303","Built TCP state-bypass connection conn_id from initiator_interface:real_ip/real_port (mapped_ip/mapped_port) to responder_interface:real_ip/real_port (mapped_ip/mapped_port)","%ASA-6-302303: Built TCP state-bypass connection conn_id from initiator_interface:real_ip/real_port (mapped_ip/mapped_port) to responder_interface:real_ip/real_port (mapped_ip/mapped_port)","A new TCP connection has been created, and this connection is a TCP-state-bypass connection. This type of connection bypasses all the TCP state checks and additional security checks and inspections.","If you need to secure TCP traffic with all the normal TCP state checks as well as all other security checks and inspections, you can use the no set connection advanced-options tcp-state-bypass command to disable this feature for TCP traffic.","6","Informational","15","network","general"
+"%ASA-6-302304","302304","Teardown TCP state-bypass connection conn_id from initiator_interface:ip/portuser to responder_interface:ip/portuser duration duration bytes bytesteardown reason","%ASA-6-302304: Teardown TCP state-bypass connection conn_id from initiator_interface:ip/portuser to responder_interface:ip/portuser duration duration bytes bytesteardown reason","A new TCP connection has been torn down, and this connection is a TCP-state-bypass connection. This type of connection bypasses all the TCP state checks and additional security checks and inspections. • duration —The duration of the TCP connection • bytes —The total number of bytes transmitted over the TCP connection • teardown reason —The reason for the teardown of the TCP connection","If you need to secure TCP traffic with all the normal TCP state checks as well as all other security checks and inspections, you can use the no set connection advanced-options tcp-state-bypass command to disable this feature for TCP traffic.","6","Informational","15","network","general"
+"%ASA-6-302305","302305","Built SCTP state-bypass connection conn_id from outside_interface:outside_ip/outside_port (mapped_outside_ip/mapped_outside_port)outside_idfw_user to outside_sg_info:inside_interface/inside_ip (inside_port /mapped_inside_ip)mapped_inside_port inside_idfw_user inside_sg_info","%ASA-6-302305: Built SCTP state-bypass connection conn_id from outside_interface:outside_ip/outside_port (mapped_outside_ip/mapped_outside_port)outside_idfw_user to outside_sg_info:inside_interface/inside_ip (inside_port /mapped_inside_ip)mapped_inside_port inside_idfw_user inside_sg_info","SCTP flow creation is logged when SCTP-state-bypass is configured. • conn_id —The unique connection ID • outside_interface —The interface with the lower security level • outside_ip —The IP address of the host on the lower security level side of the ASA • outside_port —The port number of the host on the lower security level side of the ASA • mapped_outside_ip —The mapped IP address of the host on the lower security level side of the ASA • mapped_outside_port —The mapped port number of the host on the lower security level side of the ASA • outside_idfw_user —The IDFW username associated with the host on the lower security level side of the ASA • outside_sg_info —The SGT and SG name associated with the host on the lower security level side of the ASA • inside_interface —The interface with the higher security level • inside_ip —The IP address of the host on the higher security level side of the ASA • inside_port —The port number of the host on the higher security level side of the ASA • mapped_inside_ip —The mapped IP address of the host on the higher security level side of the ASA • mapped_inside_port —The mapped port number of the host on the higher security level side of the ASA • inside_idfw_user —The IDFW username associated with the host on the higher security level side of the ASA • inside_sg_info —The SGT and SG name associated with the host on the higher security level side of the ASA","None required.","6","Informational","5","network","general"
+"%ASA-6-302306","302306","Teardown SCTP state-bypass connection conn_id from outside_interface:outside_ip/outside_portoutside_idfw_user to outside_sg_info:inside_interface/inside_ipinside_port duration inside_idfw_user bytes inside_sg_info time bytes reason","%ASA-6-302306: Teardown SCTP state-bypass connection conn_id from outside_interface:outside_ip/outside_portoutside_idfw_user to outside_sg_info:inside_interface/inside_ipinside_port duration inside_idfw_user bytes inside_sg_info time bytes reason","SCTP flow deletion is logged when SCTP-state-bypass is configured. • conn_id —The unique connection ID • outside_interface —The interface with the lower security level • outside_ip —The IP address of the host on the lower security level side of the ASA • outside_port —The port number of the host on the lower security level side of the ASA • outside_idfw_user —The IDFW username associated with the host on the lower security level side of the ASA • outside_sg_info —The SGT and SG name associated with the host on the lower security level side of the ASA • inside_interface —The interface with the higher security level • inside_ip —The IP address of the host on the higher security level side of the ASA • inside_port —The port number of the host on the higher security level side of the ASA • inside_outside_ip —The mapped IP address of the host on the higher security level side of the ASA • inside_idfw_user —The IDFW username associated with the host on the higher security level side of the ASA • inside_sg_info —The SGT and SG name associated with the host on the higher security level side of the ASA • time —The amount of time that the flow stayed alive in hh:mm:ss • bytes —The number of bytes passed on the flow • reason —The reason the connection was torn down","None required.","6","Informational","5","network","general"
+"%ASA-4-302310","302310","SCTP packet received from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port contains unsupported Hostname Parameter.","%ASA-4-302310: SCTP packet received from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port contains unsupported Hostname Parameter.","A init/init-ack packet is received with the hostname parameter. • packet init/init-ack—The message carrying the hostname parameter • src-ifc— Indicates the ingress interface • src-ip/src-port— Indicates the Source IP and Port in the packet • dst-ifc—Indicates the egress interface • dst_ip/dst_port—Indicates the Source IP and Port in the packet","Use the real IP addresses of endpoints rather than the hostname. Disable the hostname parameter.","4","Warning","45","network","general"
+"%ASA-4-302311","302311","Failed to create a new protocol connection from ingress_interface:source_ip/source_port to egress_interface:destination_ip/destination_port due to application cache memory allocation failure. The app-cache memory threshold level is threshold% and threshold check is enabled/disabled","%ASA-4-302311: Failed to create a new protocol connection from ingress_interface:source_ip/source_port to egress_interface:destination_ip/destination_port due to application cache memory allocation failure. The app-cache memory threshold level is threshold% and threshold check is enabled/disabled","A new connection could not be created due to app-cache memory allocation failure. The failure could be due to system running out of memory or exceeding app-cache memory threshold. • protocol—The name of the protocol used to create the connection • ingress interface—The interface name • source IP—The source IP address • source port—The source port number • egress interface—The interface name • destination IP— The destination address • destination port—The destination port number • threshold%—The percentage value of memory threshold • enabled/disabled—app-cache memory threshold feature enabled/disabled","Disable memory intensive features on the device or reduce the number of through-the-box connections.","4","Warning","55","network","general"
+"%ASA-6-303002","303002","FTP connection from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port, userusername action file filename","%ASA-6-303002: FTP connection from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port, userusername action file filename","A client has uploaded or downloaded a file from the FTP server. • src_ifc—The interface where the client resides. • src_ip—The IP address of the client. • src_port—The client port. • dst_ifc—The interface where the server resides. • dst_ip—The IP address of the FTP server. • dst_port—The server port. • username—The FTP username. • action—The stored or retrieved actions. • filename—The file stored or retrieved.","None required.","6","Informational","5","network","general"
+"%ASA-5-303004","303004","FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_interface","%ASA-5-303004: FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_interface","Strict FTP inspection on FTP traffic has been used, and an FTP request message contains a command that is not recognized by the device.","None required.","5","Notification","5","network","general"
+"%ASA-5-303005","303005","Strict FTP inspection matched match_string in policy-map policy-name, action_string from src_ifc:sip/sport to dest_ifc:dip/dport","%ASA-5-303005: Strict FTP inspection matched match_string in policy-map policy-name, action_string from src_ifc:sip/sport to dest_ifc:dip/dport","When FTP inspection matches any of the following configured values: filename, file type, request command, server, or username, then the action specified by the action_string in this message occurs. • match_string —The match clause in the policy map • policy-name—The policy map that matched • action_string—The action to take; for example, Reset Connection • src_ifc—The source interface name • sip—The source IP address • sport—The source port • dest_ifc—The destination interface name • dip—The destination IP address • dport—The destination port","None required.","5","Notification","5","network","general"
+"%ASA-5-304001","304001","URLuser@source_addressidfw_user Accessed URL dest_address:url","%ASA-5-304001: URLuser@source_addressidfw_user Accessed URL dest_address:url","The specified host tried to access the specified URL If you enable the HTTP inspection with custom HTTP policy map, the following possibilities are seen.When the packet of GET request does not have the hostname parameter, instead of printing the URI, it prints the following message:%ASA-5-304001: client IP Accessed URL server ip:Hostname not present URI: URIIf a large URI which cannot be printed in a single syslog, you can print partial wherever it is being chopped down.For instance, when the URL is to be divided into multiple chunks and logged, the following message is printed:%ASA-5-304001: client IP Accessed URL server ip: http(/ftp)://hostname/URI_CHUNK1 partial%ASA-5-304001: client IP Accessed URL server ip: partial URI_CHUNK1 partial............%ASA-5-304001: client IP Accessed URL server ip: partial URI_CHUNKnThe limit for URI is 1024 bytes.If the current packet contains partial URI at the beginning or end, use the same logic as explained above.","None required.","5","Notification","5","network","general"
+"%ASA-5-304002","304002","Access denied URL url SRC (user)(sip)(user) DEST dip on interface int_name","%ASA-5-304002: Access denied URL url SRC (user)(sip)(user) DEST dip on interface int_name","Access from the source address to the specified URL or FTP site was denied.","None required.","5","Notification","45","network","general"
+"%ASA-3-304003","304003","URL Server IP_address timed out URL url","%ASA-3-304003: URL Server IP_address timed out URL url","A URL server timed out.","None required.","3","Error","5","network","general"
+"%ASA-6-304004","304004","URL Server IP_address request failed URL url","%ASA-6-304004: URL Server IP_address request failed URL url","A Websense server request failed.","None required.","6","Informational","5","network","general"
+"%ASA-7-304005","304005","URL Server IP_address request pending URL url","%ASA-7-304005: URL Server IP_address request pending URL url","A Websense server request is pending.","None required.","7","Debugging","5","network","general"
+"%ASA-3-304006","304006","URL Server IP_address not responding","%ASA-3-304006: URL Server IP_address not responding","The Websense server is unavailable for access, and the ASA attempts to either try to access the same server if it is the only server installed, or another server if there is more than one.","None required.","3","Error","5","network","general"
+"%ASA-2-304007","304007","URL Server not responding, ENTERING ALLOW mode","%ASA-2-304007: URL Server not responding, ENTERING ALLOW mode","You used the allow option of the filter command, and the Websense servers are not responding. The ASA allows all web requests to continue without filtering while the servers are not available.","None required.","2","Critical","5","network","general"
+"%ASA-2-304008","304008","LEAVING ALLOW mode, URL Server is up","%ASA-2-304008: LEAVING ALLOW mode, URL Server is up","You used the allow option of the filter command, and the ASA receives a response message from a Websense server that previously was not responding. With this response message, the ASA exits the allow mode, which enables the URL filtering feature again.","None required.","2","Critical","5","network","general"
+"%ASA-7-304009","304009","Ran out of buffer blocks specified by url-block command","%ASA-7-304009: Ran out of buffer blocks specified by url-block command","The URL pending buffer block is running out of space.","Change the buffer block size by entering the url-block block block_size command.","7","Debugging","5","network","general"
+"%ASA-3-305005","305005","No translation group found for protocol src interface_name: source_address/source_port [(idfw_user )] dst interface_name: dest_address /dest_port [(idfw_user )]","%ASA-3-305005: No translation group found for protocol src interface_name: source_address/source_port [(idfw_user )] dst interface_name: dest_address /dest_port [(idfw_user )]","A packet does not match any of the outbound nat command rules. If NAT is not configured for the specified source and destination systems, the message will be generated frequently.","This message indicates a configuration error. If dynamic NAT is desired for the source host, ensure that the nat command matches the source IP address. If static NAT is desired for the source host, ensure that the local IP address of the static command matches. If no NAT is desired for the source host, check the ACL bound to the NAT 0 ACL.","3","Error","65","network","nat"
+"%ASA-3-305006","305006","{outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port [(idfw_user )] dst interface_name:dest_address/dest_port [(idfw_user )]","%ASA-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port [(idfw_user )] dst interface_name:dest_address/dest_port [(idfw_user )]","The ICMP error inspection was enabled and the following conditions were met: • There was a connection established through the device with forward and reverse flows having different protocols. For example, forward flow is UDP or TCP, reverse flow is ICMP. The switch in protocols occurs when either the receiver or any intermediary device in the path returns ICMP error messages, for example type 3 code 3. • There was a dynamic NAT/PAT statement that matched the packets of the reverse flow and failed to translate the outer header IP addresses because the device does not apply PAT to all ICMP message types; it only applies PAT ICMP echo and echo-reply packets (types 8 and 0).","None required.","3","Error","5","network","nat"
+"%ASA-6-305007","305007","addrpool_free(): Orphan IP IP_address on interface interface_number","%ASA-6-305007: addrpool_free(): Orphan IP IP_address on interface interface_number","The ASA has attempted to translate an address that it cannot find in any of its global pools. The ASA assumes that the address was deleted and drops the request.","None required.","6","Informational","35","network","nat"
+"%ASA-3-305008","305008","Detecting free unallocated global IP IP__address on interface interface_name","%ASA-3-305008: Detecting free unallocated global IP IP__address on interface interface_name","The ASA kernel detected an inconsistency condition when trying to free an unallocated global IP address back to the address pool. This abnormal condition may occur if the ASA is running a Stateful Failover setup, and some of the internal states are momentarily out of sync between the active unit and the standby unit. This condition is not catastrophic, and the synchronization recovers automatically.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","nat"
+"%ASA-6-305009","305009","Built {dynamic|static} translation from interface_name[(acl-name)]:real_addressidfw_user to interfacename:mapped_address","%ASA-6-305009: Built {dynamic|static} translation from interface_name[(acl-name)]:real_addressidfw_user to interfacename:mapped_address","An address translation slot was created. The slot translates the source address from the local side to the global side. In reverse, the slot translates the destination address from the global side to the local side.","None required.","6","Informational","5","network","nat"
+"%ASA-6-305010","305010","Teardown {dynamic|static} translation from interface_name:real_address idfw_user to interfacename:mapped_address duration time","%ASA-6-305010: Teardown {dynamic|static} translation from interface_name:real_address idfw_user to interfacename:mapped_address duration time","The address translation slot was deleted.","None required.","6","Informational","5","network","nat"
+"%ASA-6-305011","305011","Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name:real_address/real_portidfw_user to interfacename:mapped_address/mapped_port","%ASA-6-305011: Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name:real_address/real_portidfw_user to interfacename:mapped_address/mapped_port","A TCP, UDP, or ICMP address translation slot was created. The slot translates the source socket from the local side to the global side. In reverse, the slot translates the destination socket from the global side to the local side.","None required.","6","Informational","5","network","nat"
+"%ASA-6-305012","305012","Teardown interface_name acl-name translation from real_address:real_port/real_ICMP_IDidfw_user to interface_namemapped_address:mapped_port/mapped_ICMP_ID duration time","%ASA-6-305012: Teardown interface_name acl-name translation from real_address:real_port/real_ICMP_IDidfw_user to interface_namemapped_address:mapped_port/mapped_ICMP_ID duration time","The address translation slot was deleted.","None required. 305013 (ICMP) Error Message","6","Informational","5","network","nat"
+"%ASA-5-305013","305013","Asymmetric NAT rules matched for forward and reverse flows; Connection for protocol protocol_name src interface_name:source_ip_addresssource_user dst interface_name:destination_ip_addressdestination_user denied due to NAT reverse path failure","%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for protocol protocol_name src interface_name:source_ip_addresssource_user dst interface_name:destination_ip_addressdestination_user denied due to NAT reverse path failure","An attempt to connect to a mapped host using its actual address was rejected.","When not on the same interface as the host using NAT, use the mapped address instead of the actual address to connect to the host. In addition, enable the inspect command if the application embeds the IP address.","5","Notification","25","network","nat"
+"%ASA-6-305014","305014","Allocated num_of_blocks block of ports for translation from real_interface:real_host_ip to real_dest_interface:real_dest_ip/real_dest_port_start-real_dest_port_end","%ASA-6-305014: Allocated num_of_blocks block of ports for translation from real_interface:real_host_ip to real_dest_interface:real_dest_ip/real_dest_port_start-real_dest_port_end","When CGNAT “block-allocation” is configured, this syslog will be generated on allocation of a new port block.","None.","6","Informational","15","network","nat"
+"%ASA-6-305015","305015","Released block_size block of ports for translation from real_interface:real_host_ip to real_destination_interface:real_dest_ip/port_start-port_end","%ASA-6-305015: Released block_size block of ports for translation from real_interface:real_host_ip to real_destination_interface:real_dest_ip/port_start-port_end","When CGNAT “block-allocation” is configured, this syslog will be generated on release of an allocated port block.","None.","6","Informational","15","network","nat"
+"%ASA-3-305016","305016","Port blocks exhausted in PAT pool 'pool_name' IP pool_address. Unable to create connection.","%ASA-3-305016: Port blocks exhausted in PAT pool 'pool_name' IP pool_address. Unable to create connection.","The maximum port blocks per host limit has been reached for a host or the port blocks have been exhausted.","For reaching the per-host PAT port block limit, review the maximum blocks per host limit by entering the following command: xlate block-allocation maximum-per-host 4 For the port block exhaustion in the PAT pool, we recommend increasing the pool size. Also, review the block size by entering the following command: xlate block-allocation size 512","3","Error","65","network","nat"
+"%ASA-3-305017","305017","Pba-interim-logging: Active Active_ICMP block of ports for translation from source:device_IP to destination:device_IP/Active_Port-Block","%ASA-3-305017: Pba-interim-logging: Active Active_ICMP block of ports for translation from source:device_IP to destination:device_IP/Active_Port-Block","When CGNAT interim logging feature is turned on. This syslog specifies the Active Port Block from a particular source IP address to a destination IP address at that time. Recommended ActionNone.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","nat"
+"%ASA-6-305018","305018","MAP translation from inside:2001:DB8:0000:0000:0000:0000:0000:0002/57964-outside:2001:DB8:FFFF:0000:0000:0000:0000:0001/22 to inside:192.168.101.210/57964-outside:192.168.100.203/22","%ASA-6-305018: MAP translation from inside:2001:DB8:0000:0000:0000:0000:0000:0002/57964-outside:2001:DB8:FFFF:0000:0000:0000:0000:0001/22 to inside:192.168.101.210/57964-outside:192.168.100.203/22","MAP style address translation has been applied to a connection being established, their source and destination have been translated Example:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","network","nat"
+"%ASA-3-305019","305019","MAP node address 2001:DB8:0000:FFFF:0000:0000:0000:0002/57964 has inconsistent Port Set ID encoding","%ASA-3-305019: MAP node address 2001:DB8:0000:FFFF:0000:0000:0000:0002/57964 has inconsistent Port Set ID encoding","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","nat"
+"%ASA-3-305020","305020","MAP node with address 2001:DB8:0000:0000:0000:0000:0000:0002 is not allowed to use port 37964\n","%ASA-3-305020: MAP node with address 2001:DB8:0000:0000:0000:0000:0000:0002 is not allowed to use port 37964\n","A packet has an address that matches MAP basic mapping rules (meaning it is meant to be translated) but the associated port does not fall within the range allocated to that address. This likely means there is misconfiguration on the MAP node where this packet originates. Example:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","nat"
+"%ASA-4-305021","305021","Ports exhausted in pre-allocated PAT pool IP 174.0.1.1 for host 192.168.1.20. Allocating from new PAT pool IP 174.0.1.2.","%ASA-4-305021: Ports exhausted in pre-allocated PAT pool IP 174.0.1.1 for host 192.168.1.20. Allocating from new PAT pool IP 174.0.1.2.","This message is generated when all ports are exhausted in the sticky IP on a cluster node and allocation moves to the next available IP with free ports. Example:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","nat"
+"%ASA-4-305022","305022","Cluster unit ASA-4 has been allocated 12 port blocks for PAT usage. All units should have at least 32 port blocks.","%ASA-4-305022: Cluster unit ASA-4 has been allocated 12 port blocks for PAT usage. All units should have at least 32 port blocks.","This message is generated on a node when it joins cluster and does not get any or unequal share of port blocks. Examples","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","nat"
+"%ASA-3-305023","305023","Unable to create TCP connection from inside:&lt;ip/port&gt; to outside:&lt;ip/port&gt; due to IP port block exhaustion in PAT pool pool_name IP port_address.","%ASA-3-305023: Unable to create TCP connection from inside:&lt;ip/port&gt; to outside:&lt;ip/port&gt; due to IP port block exhaustion in PAT pool pool_name IP port_address.","This message is generated when the device could not create a new connection because the PAT pool was exhausted.","None.","3","Error","75","network","nat"
+"%ASA-6-308001","308001","Console enable password incorrect for number tries (from IP_address)","%ASA-6-308001: Console enable password incorrect for number tries (from IP_address)","This is a Secure Firewall ASA management message. This message appears after the specified number of times a user incorrectly types the password to enter privileged mode. The maximum is three attempts.","Verify the password and try again.","6","Informational","25","network","general"
+"%ASA-4-308002","308002","static global_address inside_address netmask netmask overlapped with global_address inside_address netmask netmask","%ASA-4-308002: static global_address inside_address netmask netmask overlapped with global_address inside_address netmask netmask","The IP addresses in one or more static command statements overlap. global_address is the global address, which is the address on the lower security interface, and inside_address is the local address, which is the address on the higher security-level interface.","Use the show static command to view the static command statements in your configuration and fix the commands that overlap. The most common overlap occurs if you specify a network address such as 10.1.1.0, and in another static command you specify a host within that range, such as 10.1.1.5.","4","Warning","45","network","general"
+"%ASA-4-308003","308003","WARNING: The enable password is not configured","%ASA-4-308003: WARNING: The enable password is not configured","When entering enable mode (privilege level 2 or greater), you are forced to configure the enable password for privilege level 15 when the enable password is not already set.","Set the enable password. The permitted length of password is between 3 and 15.","4","Warning","45","network","general"
+"%ASA-4-308004","308004","The enable password has been configured by user admin","%ASA-4-308004: The enable password has been configured by user admin","You have configured the enable password for the first time. This message will not be displayed when you are modifying an existing enable password.","None.","4","Warning","45","network","general"
+"%ASA-6-311001","311001","LU loading standby start","%ASA-6-311001: LU loading standby start","Stateful Failover update information was sent to the standby Secure Firewall ASA when the standby Secure Firewall ASA is first to be online.","None required.","6","Informational","5","network","general"
+"%ASA-6-311002","311002","LU loading standby end","%ASA-6-311002: LU loading standby end","Stateful Failover update information stopped sending to the standby Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-6-311003","311003","LU recv thread up","%ASA-6-311003: LU recv thread up","An update acknowledgment was received from the standby Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-6-311004","311004","LU xmit thread up","%ASA-6-311004: LU xmit thread up","A Stateful Failover update was transmitted to the standby Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-6-312001","312001","RIP hdr failed from IP_address: cmd=string, version=number, domain=string on interface interface_name","%ASA-6-312001: RIP hdr failed from IP_address: cmd=string, version=number, domain=string on interface interface_name","The Secure Firewall ASA received a RIP message with an operation code other than reply, the message has a version number different from what is expected on this interface, and the routing domain entry was nonzero. Another RIP device may not be configured correctly to communicate with the Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-3-313001","313001","Denied ICMP type=number, code=code from IP_address on interface interface_name","%ASA-3-313001: Denied ICMP type=number, code=code from IP_address on interface interface_name","When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMP packet continues processing. If the first matched entry is a deny entry, or an entry is not matched, the Secure Firewall ASA discards the ICMP packet and generates this message. The icmp command enables or disables pinging to an interface. With pinging disabled, the Secure Firewall ASA cannot be detected on the network. This feature is also referred to as configurable proxy pinging.","Contact the administrator of the peer device.","3","Error","85","network","flow"
+"%ASA-4-313004","313004","Denied ICMP type=icmp_type, from laddr source_ip_address on interface shared physical_interface_name to destination_ip_address: no matching session","%ASA-4-313004: Denied ICMP type=icmp_type, from laddr source_ip_address on interface shared physical_interface_name to destination_ip_address: no matching session","ICMP packets were dropped by the Secure Firewall ASA because of security checks added by the stateful ICMP feature that are usually either ICMP echo replies without a valid echo request already passed across the Secure Firewall ASA or ICMP error messages not related to any TCP, UDP, or ICMP session already established in the Secure Firewall ASA.","None required.","4","Warning","65","network","flow"
+"%ASA-4-313005","313005","No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info_icmp_msg_info=.","%ASA-4-313005: No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info_icmp_msg_info=.","ICMP error packets were dropped by the Secure Firewall ASA because the ICMP error messages are not related to any session already established in the Secure Firewall ASA.","Review the Original IP Payload information embedded in the message. Inspect the original source and destination and verify if it is a valid packet in your network. If the packet is valid and as expected, you can ignore the message. If the cause is an attack, you can deny the host by using ACLs.","4","Warning","75","network","flow"
+"%ASA-3-313008","313008","Denied IPv6-ICMP type=number, code=code from IP_address on interface interface_name","%ASA-3-313008: Denied IPv6-ICMP type=number, code=code from IP_address on interface interface_name","When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMPv6 packet continues processing. If the first matched entry is a deny entry, or an entry is not matched, the Secure Firewall ASA discards the ICMPv6 packet and generates this message. The icmp command enables or disables pinging to an interface. When pinging is disabled, the Secure Firewall ASA is undetectable on the network. This feature is also referred to as “configurable proxy pinging.”","Contact the administrator of the peer device.","3","Error","85","network","flow"
+"%ASA-4-313009","313009","Denied invalid ICMP code icmp_code, for src_ifc:src_address/src_port (mapped_src_address/mapped_src_port) to dest_ifc:dest_address/dest_port (mapped_dest_address/mapped_dest_port) [(user)], ICMP id icmp_id, ICMP type icmp_type","%ASA-4-313009: Denied invalid ICMP code icmp_code, for src_ifc:src_address/src_port (mapped_src_address/mapped_src_port) to dest_ifc:dest_address/dest_port (mapped_dest_address/mapped_dest_port) [(user)], ICMP id icmp_id, ICMP type icmp_type","An ICMP echo request/reply packet was received with a malformed code(non-zero).","If it is an intermittent event, no action is required. If the cause is an attack, you can deny the host using the ACLs.","4","Warning","75","network","flow"
+"%ASA-6-314001","314001","Pre-allocate RTSP UDP backconnection for src_intf:src_IP to dst_intf:dst_IP/dst_port.","%ASA-6-314001: Pre-allocate RTSP UDP backconnection for src_intf:src_IP to dst_intf:dst_IP/dst_port.","The Secure Firewall ASA opened a UDP media channel for the RTSP client that was receiving data from the server. • src_intf —Source interface name • src_IP —Source interface IP address • dst_intf —Destination interface name • dst_IP —Destination IP address • dst_port —Destination port","None required.","6","Informational","5","network","general"
+"%ASA-6-314002","314002","RTSP failed to allocate UDP media connection from src_intf:src_IP to dst_intf:dst_IP/dst_port reason: reason_string.","%ASA-6-314002: RTSP failed to allocate UDP media connection from src_intf:src_IP to dst_intf:dst_IP/dst_port reason: reason_string.","The Secure Firewall ASA cannot open a new pinhole for the media channel. • src_intf —Source interface name • src_IP —Source interface IP address • dst_intf —Destination interface name • dst_IP —Destination IP address • dst_port —Destination port • reason_string —Pinhole already exists/Unknown","If the reason is unknown, check the free memory available by running the show memory command, or the number of connections used by running the show conn command, because the Secure Firewall ASA is low on memory.","6","Informational","25","network","general"
+"%ASA-6-314003","314003","Dropped RTSP traffic from src_intf:src_ip, reason: reason","%ASA-6-314003: Dropped RTSP traffic from src_intf:src_ip, reason: reason","The RTSP message violated the user-configured RTSP security policy, either because it contains a port from the reserve port range, or it contains a URL with a length greater than the maximum limit allowed. • src_intf —Source interface name • src_IP —Source interface IP address • reason —The reasons may be one of the following: - Endpoint negotiating media ports in the reserved port range from 0 to 1024 - URL length of url length bytes exceeds the maximum url length limit bytes","Investigate why the RTSP client sends messages that violate the security policy. If the requested URL is legitimate, you can relax the policy by specifying a longer URL length limit in the RTSP policy map.","6","Informational","45","network","general"
+"%ASA-6-314004","314004","RTSP client src_intf:src_IP accessed RTSP URL RTSP_URL","%ASA-6-314004: RTSP client src_intf:src_IP accessed RTSP URL RTSP_URL","An RTSP client tried to access an RTSP server.","None required.","6","Informational","5","network","general"
+"%ASA-6-314005","314005","RTSP client src_intf:src_IP denied access to RTSP URL RTSP_URL.","%ASA-6-314005: RTSP client src_intf:src_IP denied access to RTSP URL RTSP_URL.","An RTSP client tried to access a prohibited site. • src_intf —Source interface name • src_IP —Source interface IP address • RTSP_URL —RTSP server URL","None required.","6","Informational","35","network","general"
+"%ASA-6-314006","314006","RTSP client src_intf:src_IP exceeds configured rate limit of rate for request_method message","%ASA-6-314006: RTSP client src_intf:src_IP exceeds configured rate limit of rate for request_method message","A specific RTSP request message exceeded the configured rate limit of RTSP policy. • src_intf —Source interface name • src_IP —Source interface IP address • rate —Configured rate limit • request_method —Type of request message","Investigate why the specific RTSP request message from the client exceeded the rate limit.","6","Informational","35","network","general"
+"%ASA-3-315004","315004","Fail to establish SSH session because RSA host key retrieval failed.","%ASA-3-315004: Fail to establish SSH session because RSA host key retrieval failed.","The ASA cannot find the RSA host key, which is required for establishing an SSH session. The ASA host key may be absent because it was not generated or because the license for this ASA does not allow DES or 3DES encryption.","From the ASA console, enter the show crypto key mypubkey rsa command to verify that the RSA host key is present. If the host key is not present, enter the show version command to verify that DES or 3DES is allowed. If an RSA host key is present, restart the SSH session. To generate the RSA host key, enter the crypto key mypubkey rsa command.","3","Error","75","network","general"
+"%ASA-4-315009","315009","SSH: connection timed out: username <username> , IP <ip>","%ASA-4-315009: SSH: connection timed out: username <username> , IP <ip>","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-6-315011","315011","SSH session from remote_ip_address on interface interface_name for user \'user_name\' disconnected by SSH server, reason: \'reason_string\' (reason_state)","%ASA-6-315011: SSH session from remote_ip_address on interface interface_name for user \'user_name\' disconnected by SSH server, reason: \'reason_string\' (reason_state)","An SSH session has ended. If a user enters quit or exit, the terminated normally message appears. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured. If the session disconnected for another reason, the text describes the reason. The following table lists the possible reasons why a session is disconnected. Table 48: SSH Disconnect Reasons Action Explanation Text String Restart the SSH session. A mismatch was detected in the check bytes during an SSH key exchange. Bad checkbytes None required. If this message persists, call Cisco TAC. The CRC value computed for a particular packet does not match the CRC value embedded in the packet; the packet is bad. CRC check failed Check the RSA host key and try again. Decryption of an SSH session key failed during an SSH key exchange. Decryption failure Check the SSH client, to ensure it is a supported version. A nonprotocol version message was received during an SSH version exchange. Format error From the ASA console, enter the show crypto key mypubkey rsa command to verify that the RSA host key is present. If the host key is not present, enter the show version command to verify that DES or 3DES is allowed. If an RSA host key is present, restart the SSH session. To generate the RSA host key, enter the crypto key mypubkey rsa command. This message indicates either an error internal to SSH on the ASA or an RSA key may not have been entered on the ASA or cannot be retrieved. Internal error Enter the show version command to determine which features your license supports, then reconfigure the SSH client to use the supported cipher. The SSH client requested an unsupported cipher. Invalid cipher type None required. The length of SSH message arriving at the ASA exceeds 262,144 bytes or is shorter than 4096 bytes. The data may be corrupted. Invalid message length Check whether the peer is an SSH client. If it is a client supporting SSHv1, and this message persists, from the ASA serial console enter the debug ssh command and capture the debugging messages. Then contact the Cisco TAC. The ASA received a non-SSH message, or an unsupported or unwanted SSH message. Invalid message type","None required.","6","Informational","55","network","general"
+"%ASA-3-315012","315012","Weak SSH type (alg) provided from client 'IP_address' on interface Int. Connection failed. Not FIPS 140-2 compliant","%ASA-3-315012: Weak SSH type (alg) provided from client 'IP_address' on interface Int. Connection failed. Not FIPS 140-2 compliant","As part of the FIPS 140-2 certification, when FIPS is enabled, SSH connections can only be brought up using aes128-cbc or aes256-cbc as the cipher and SHA1 as the MAC. This syslog is generated when an unacceptable cipher or MAC is used. This syslog will not be seen if FIPS mode is disabled. • type —cipher or MAC • alg —The name of the unacceptable cipher or MAC • IP_address —The IP address of the client • int —The interface that the client is attempting to connect to","Provide an acceptable cipher or MAC","3","Error","65","network","general"
+"%ASA-6-315013","315013","SSH session from SSH_client_address on interface interface_name for user ""user_name"" rekeyed successfully","%ASA-6-315013: SSH session from SSH_client_address on interface interface_name for user ""user_name"" rekeyed successfully","This syslog is needed to indicate that an SSH rekey has successfully completed. This is a Common Criteria certification requirement.","","6","Informational","15","network","general"
+"%ASA-3-316001","316001","Denied new tunnel to IP_address . VPN peer limit (platform_vpn_peer_limit) exceeded","%ASA-3-316001: Denied new tunnel to IP_address . VPN peer limit (platform_vpn_peer_limit) exceeded","If more VPN tunnels (ISAKMP/IPsec) are concurrently trying to be established than are supported by the platform VPN peer limit, then the excess tunnels are aborted.","None required.","3","Error","85","network","general"
+"%ASA-3-316002","316002","VPN Handle error: protocol=protocol, src in_if_num:src_addr, dst out_if_num:dst_addr.","%ASA-3-316002: VPN Handle error: protocol=protocol, src in_if_num:src_addr, dst out_if_num:dst_addr.","The Secure Firewall ASA cannot create a VPN handle, because the VPN handle already exists. • protocol —The protocol of the VPN flow • in_if_num —The ingress interface number of the VPN flow • src_addr —The source IP address of the VPN flow • out_if_num —The egress interface number of the VPN flow • dst_addr —The destination IP address of the VPN flow","This message may occur during normal operation; however, if the message occurs repeatedly and a major malfunction of VPN-based applications occurs, a software defect may be the cause. Enter the following commands to collect more information and contact the Cisco TAC to investigate the issue further: capture name type asp-drop vpn-handle-error show asp table classify crypto detail show asp table vpn-context","3","Error","95","network","general"
+"%ASA-3-317001","317001","No memory available for limit_slow","%ASA-3-317001: No memory available for limit_slow","The requested operation failed because of a low-memory condition.","Reduce other system activity to ease memory demands. If conditions warrant, upgrade to a larger memory configuration.","3","Error","85","network","general"
+"%ASA-3-317002","317002","Bad path pointer of number for IP_address, number max","%ASA-3-317002: Bad path pointer of number for IP_address, number max","A software error occurred.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-317003","317003","IP routing table creation failure - reason","%ASA-3-317003: IP routing table creation failure - reason","An internal software error occurred, which prevented the creation of a new IP routing table.","Copy the message exactly as it appears, and report it to Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-317004","317004","IP routing table limit warning - limit_context","%ASA-3-317004: IP routing table limit warning - limit_context","The number of routes in the named IP routing table has reached the configured warning limit.","Reduce the number of routes in the table, or reconfigure the limit.","3","Error","75","network","general"
+"%ASA-3-317005","317005","IP routing table limit exceeded - reason","%ASA-3-317005: IP routing table limit exceeded - reason","Additional routes will be added to the table.","Reduce the number of routes in the table, or reconfigure the limit.","3","Error","85","network","general"
+"%ASA-3-317006","317006","Pdb index error %08x, %04x, pdb","%ASA-3-317006: Pdb index error %08x, %04x, pdb","The index into the PDB is out of range. • pdb—Protocol Descriptor Block, the descriptor of the PDB index error • pdb_index—The PDB index identifier • pdb_type—The type of the PDB index error","If the problem persists, copy the error message exactly as it appears on the console or in the system log, contact the Cisco TAC, and provide the representative with the collected information.","3","Error","65","network","general"
+"%ASA-6-317007","317007","Added route_type route dest_address netmask via gateway_address [distance /metric ] on interface_name route_type","%ASA-6-317007: Added route_type route dest_address netmask via gateway_address [distance /metric ] on interface_name route_type","A new route has been added to the routing table. Routing protocol type: C – connected, S – static, I – IGRP, R – RIP, M – mobile B – BGP, D – EIGRP, EX - EIGRP external, O - OSPF IA - OSPF inter area, N1 - OSPF NSSA external type 1","None required.","6","Informational","5","network","general"
+"%ASA-6-317008","317008","Community list check with bad list list_number","%ASA-6-317008: Community list check with bad list list_number","When an out of range community list is identified, this message is generated along with the list number.","None required.","6","Informational","5","network","general"
+"%ASA-3-317012","317012","Interface IP route counter negative - nameif-string-value","%ASA-3-317012: Interface IP route counter negative - nameif-string-value","Indicates that the interface route count is negative. • nameif-string-value—The interface name as specified by the nameif command","None required.","3","Error","5","network","general"
+"%ASA-6-317077","317077","Added protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id]","%ASA-6-317077: Added protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id]","This message is generated when a route is added successfully on the Secure Firewall Threat Defense device.","None required.","6","Informational","5","network","general"
+"%ASA-6-317078","317078","Deleted protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id]","%ASA-6-317078: Deleted protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id]","This message is generated when a route is deleted from the Secure Firewall Threat Defense device.","None required.","6","Informational","5","network","general"
+"%ASA-3-318001","318001","Internal error: reason","%ASA-3-318001: Internal error: reason","An internal software error occurred. This message occurs at five-second intervals.","Copy the message exactly as it appears, and report it to the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-318002","318002","Flagged as being an ABR without a backbone area","%ASA-3-318002: Flagged as being an ABR without a backbone area","The router was flagged as an area border router without a backbone area configured in the router. This message occurs at five-second intervals.","Restart the OSPF process.","3","Error","65","network","general"
+"%ASA-3-318003","318003","Reached unknown state in neighbor state machine","%ASA-3-318003: Reached unknown state in neighbor state machine","An internal software error occurred. This message occurs at five-second intervals.","Copy the message exactly as it appears, and report it to the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-318004","318004","DB already exist : area string lsid IP_address adv netmask type 0xnumber","%ASA-3-318004: DB already exist : area string lsid IP_address adv netmask type 0xnumber","The OSPF process had a problem locating the link state advertisement, which might lead to a memory leak.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-318005","318005","No corresponding LSA in retransmission database for ip_address","%ASA-3-318005: No corresponding LSA in retransmission database for ip_address","OSPF found an inconsistency between its database and the IP routing table.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-318006","318006","if interface_name if_state number","%ASA-3-318006: if interface_name if_state number","An internal error occurred.","Copy the message exactly as it appears, and report it to the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-318008","318008","Reconfigure virtual link","%ASA-3-318008: Reconfigure virtual link","The OSPF process is being reset, and it is going to select a new router ID. This action will bring down all virtual links.","Change the virtual link configuration on all of the virtual link neighbors to reflect the new router ID.","3","Error","75","network","general"
+"%ASA-3-318101","318101","Internal error: REASON","%ASA-3-318101: Internal error: REASON","An internal software error has occurred. • REASON —The detailed cause of the event","None required.","3","Error","5","network","general"
+"%ASA-3-318102","318102","Flagged as being an ABR without a backbone area","%ASA-3-318102: Flagged as being an ABR without a backbone area","The router was flagged as an Area Border Router (ABR) without a backbone area in the router.","Restart the OSPF process.","3","Error","65","network","general"
+"%ASA-3-318103","318103","Reached unknown state in neighbor state machine","%ASA-3-318103: Reached unknown state in neighbor state machine","An internal software error has occurred.","None required.","3","Error","5","network","general"
+"%ASA-3-318104","318104","DB already exist : area AREA_ID_STR lsid i adv i type 0xx","%ASA-3-318104: DB already exist : area AREA_ID_STR lsid i adv i type 0xx","OSPF has a problem locating the LSA, which could lead to a memory leak. • AREA_ID_STR —A string representing the area • i —An integer value • x —A hexadecimal representation of an integer value","None required.","3","Error","5","network","general"
+"%ASA-3-318105","318105","No corresponding LSA in retransmission database for i","%ASA-3-318105: No corresponding LSA in retransmission database for i","OSPF found an inconsistency between its database and the IP routing table. • i —An integer value • x —A hexadecimal representation of an integer value • d —A number","None required.","3","Error","5","network","general"
+"%ASA-3-318106","318106","if IF_NAME if_state d","%ASA-3-318106: if IF_NAME if_state d","An internal error has occurred. • IF_NAME— The name of the affected interface • d —A number","None required.","3","Error","5","network","general"
+"%ASA-3-318108","318108","OSPF process d is changing router-id. Reconfigure virtual link neighbors with our new router-id","%ASA-3-318108: OSPF process d is changing router-id. Reconfigure virtual link neighbors with our new router-id","The OSPF process is being reset, and it is going to select a new router ID, which brings down all virtual links. To make them work again, you need to change the virtual link configuration on all virtual link neighbors. • d —A number representing the process ID","Change the virtual link configuration on all the virtual link neighbors to include the new router ID.","3","Error","75","network","general"
+"%ASA-3-318109","318109","Received packet with wrong state x","%ASA-3-318109: Received packet with wrong state x","OSPFv3 has received an unexpected interprocess message. • x —A hexadecimal representation of an integer value","None required.","3","Error","5","network","general"
+"%ASA-3-318110","318110","Invalid encrypted key key_string.","%ASA-3-318110: Invalid encrypted key key_string.","The specified encrypted key is not valid. • key_string —A string representing the encrypted key","Either specify a clear text key and enter the service password-encryption command for encryption, or ensure that the specified encrypted key is valid. If the specified encrypted key is not valid, an error message appears during system configuration.","3","Error","75","network","general"
+"%ASA-3-318111","318111","IPSEC policy for area u already exists","%ASA-3-318111: IPSEC policy for area u already exists","An attempt was made to use a SPI that has already been used. • u —A number representing the SPI • d —A number representing the process ID","Choose a different SPI.","3","Error","65","network","general"
+"%ASA-3-318112","318112","IPSEC SPI u already in use for area d","%ASA-3-318112: IPSEC SPI u already in use for area d","An attempt was made to use a SPI that has already been used. • u —A number representing the SPI • d —A number representing the process ID","Choose a different SPI. Enter the show crypto ipv6 ipsec sa command to view a list of SPIs that are already being used.","3","Error","65","network","general"
+"%ASA-3-318113","318113","IPSEC SPI s s reused for different policy on area u","%ASA-3-318113: IPSEC SPI s s reused for different policy on area u","An attempt was made to use a SPI that has already been used. • s— A string representing an interface • u —A number representing the SPI","Unconfigure the SPI first, or choose a different one.","3","Error","65","network","general"
+"%ASA-3-318114","318114","IPSEC invalid key length spi_value","%ASA-3-318114: IPSEC invalid key length spi_value","The key length was incorrect. • u —A number representing the SPI","Choose a valid IPsec key. An IPsec authentication key must be 32 (MD5) or 40 (SHA-1) hexidecimal digits long.","3","Error","75","network","general"
+"%ASA-3-318115","318115","IPSEC create policy error s for area u","%ASA-3-318115: IPSEC create policy error s for area u","An IPsec API (internal) error has occurred.","None required.","3","Error","5","network","general"
+"%ASA-3-318116","318116","IPSEC policy does not exist for area u","%ASA-3-318116: IPSEC policy does not exist for area u","An attempt was made to unconfigure a SPI that is not being used with OSPFv3. • u —A number representing the SPI • d —A number representing the process ID","Enter a show command to see which SPIs are used by OSPFv3.","3","Error","65","network","general"
+"%ASA-3-318117","318117","IPSEC policy still in use for area u","%ASA-3-318117: IPSEC policy still in use for area u","An attempt was made to remove the policy for the indicated SPI, but the policy was still being used by a secure socket. • u —A number representing the SPI","None required.","3","Error","5","network","general"
+"%ASA-3-318118","318118","IPSEC remove policy error s for area u","%ASA-3-318118: IPSEC remove policy error s for area u","An IPsec API (internal) error has occurred. • s —A string representing the specified error • u —A number representing the SPI","None required.","3","Error","5","network","general"
+"%ASA-3-318119","318119","IPSEC close session error u for area s","%ASA-3-318119: IPSEC close session error u for area s","An IPsec API (internal) error has occurred. • u —A number representing the SPI • s —A string representing the specified interface","None required.","3","Error","5","network","general"
+"%ASA-3-318120","318120","OSPFv3 was unable to register with Ipsec","%ASA-3-318120: OSPFv3 was unable to register with Ipsec","An internal error has occurred.","None required.","3","Error","5","network","general"
+"%ASA-3-318121","318121","IPSEC general error s for area d","%ASA-3-318121: IPSEC general error s for area d","An internal error has occurred. • s —A string representing the specified message • d —A number representing the total number of generated messages","None required.","3","Error","5","network","general"
+"%ASA-3-318122","318122","IPSEC error message retry for area s","%ASA-3-318122: IPSEC error message retry for area s","An internal error has occurred. The system is trying to reopen the secure socket and to recover. • s —A string representing the specified message and specified interface • d —A number representing the total number of recovery attempts","None required.","3","Error","5","network","general"
+"%ASA-3-318123","318123","IPSEC error message abort for area s","%ASA-3-318123: IPSEC error message abort for area s","An internal error has occurred. The maximum number of recovery attempts has been exceeded. • s —A string representing the specified message • IF_NAME —The specified interface","None required.","3","Error","5","network","general"
+"%ASA-3-318125","318125","Interface IF_NAME initialization failed","%ASA-3-318125: Interface IF_NAME initialization failed","The interface initialization failed. Possible reasons include the following: • The area to which the interface is being attached is being deleted. • It was not possible to create the link scope database. • It was not possible to create a neighbor datablock for the local router.","Remove the configuration command that initializes the interface and then try it again.","3","Error","75","network","general"
+"%ASA-3-318126","318126","Interface IF_NAME attached to multiple areas","%ASA-3-318126: Interface IF_NAME attached to multiple areas","The interface is on the interface list for an area other than the one to which the interface links. • IF_NAME —The specified interface","None required.","3","Error","5","network","general"
+"%ASA-3-318127","318127","Could not allocate or find the neighbor","%ASA-3-318127: Could not allocate or find the neighbor","An internal error has occurred.","None required.","3","Error","5","network","general"
+"%ASA-3-319001","319001","Acknowledge for arp update for IP address dest_address to NPnumber not received.","%ASA-3-319001: Acknowledge for arp update for IP address dest_address to NPnumber not received.","The ARP process in the ASA lost internal synchronization because the ASA was overloaded.","None required. The failure is only temporary. Check the average load of the ASA and make sure that it is not used beyond its capabilities.","3","Error","5","network","general"
+"%ASA-3-319002","319002","Acknowledge for route update for IP address dest_address to NPnumber not received.","%ASA-3-319002: Acknowledge for route update for IP address dest_address to NPnumber not received.","The routing module in the ASA lost internal synchronization because the ASA was overloaded.","None required. The failure is only temporary. Check the average load of the ASA and make sure that it is not used beyond its capabilities.","3","Error","5","network","general"
+"%ASA-3-319003","319003","Arp update for IP address address to NPn failed.","%ASA-3-319003: Arp update for IP address address to NPn failed.","When an ARP entry has to be updated, a message is sent to the network processor (NP) in order to update the internal ARP table. If the module is experiencing high utilization of memory or if the internal table is full, the message to the NP may be rejected and this message generated.","Verify if the ARP table is full. If it is not full, check the load of the module by reviewing the CPU utilization and connections per second. If CPU utilization is high and/or there is a large number of connections per second, normal operations will resume when the load returns to normal.","3","Error","85","network","general"
+"%ASA-3-319004","319004","Route update for IP address dest_address to NPnumber failed.","%ASA-3-319004: Route update for IP address dest_address to NPnumber failed.","The routing module in the ASA lost internal synchronization because the system was overloaded.","None required. The failure is only temporary. Check the average load of the system and make sure that it is not used beyond its capabilities.","3","Error","5","network","general"
+"%ASA-3-320001","320001","The subject name of the peer cert is not allowed for connection","%ASA-3-320001: The subject name of the peer cert is not allowed for connection","When the Secure Firewall ASA is an easy VPN remote device or server, the peer certificate includes asubject name that does not match the output of the ca verifycertdn command. A man-in-the-middle attack might be occurring, where a device spoofs the peer IP address and tries to intercept a VPN connection from the Secure Firewall ASA.","None required.","3","Error","95","network","general"
+"%ASA-5-321001","321001","Resource var1 limit of var2 reached.","%ASA-5-321001: Resource var1 limit of var2 reached.","A configured resource usage or rate limit for the indicated resource was reached.","If the platform maximum connections were reached, it takes some time to reallocate memory to free system memory, resulting in traffic failure. After memory space is released, you must reload the device. For further assistance, contact TAC team.","5","Notification","65","network","general"
+"%ASA-5-321002","321002","Resource var1 rate limit of var2 reached.","%ASA-5-321002: Resource var1 rate limit of var2 reached.","A configured resource usage or rate limit for the indicated resource was reached.","If the platform maximum connections were reached, it takes some time to reallocate memory to free system memory, resulting in traffic failure. After memory space is released, you must reload the device. For further assistance, contact TAC team.","5","Notification","65","network","general"
+"%ASA-6-321003","321003","Resource var1 log level of var2 reached.","%ASA-6-321003: Resource var1 log level of var2 reached.","A configured resource usage or rate logging level for the indicated resource was reached.","None required.","6","Informational","5","network","general"
+"%ASA-6-321004","321004","Resource var1 rate log level of var2 reached","%ASA-6-321004: Resource var1 rate log level of var2 reached","A configured resource usage or rate logging level for the indicated resource was reached.","None required.","6","Informational","5","network","general"
+"%ASA-2-321005","321005","System CPU utilization reached utilization%%%","%ASA-2-321005: System CPU utilization reached utilization%%%","The system CPU utilization has reached 95 percent or more and remains at this level for five minutes. • utilization % —The percentage of CPU being used","If this message occurs periodically, you can ignore it. If it repeats frequently, check the output of the show cpu command and verify the CPU usage. If it is high, contact the Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-321006","321006","System Memory usage reached utilization%%%","%ASA-2-321006: System Memory usage reached utilization%%%","The system memory usage has reached 80 percent or more and remains at this level for five minutes. • utilization % —The percentage of memory being used","If this message occurs periodically, you can ignore it. If it repeats frequently, check the output of the show memory command and verify the memory usage. If it is high, contact the Cisco TAC.","2","Critical","95","network","general"
+"%ASA-3-321007","321007","System is low on free memory blocks of size block_size (free_blocks CNT out of max_blocks MAX)","%ASA-3-321007: System is low on free memory blocks of size block_size (free_blocks CNT out of max_blocks MAX)","The system is low on free blocks of memory. Running out of blocks may result in traffic disruption. • block_size —The block size of memory (for example, 4, 1550, 8192) • free_blocks —The number of free blocks, as shown in the CNT column after using the show blocks command • max_blocks —The maximum number of blocks that the system can allocate, as shown in the MAX column after using the show blocks command","Use the show blocks command to monitor the amount of free blocks in the CNT column of the output for the indicated block size. If the CNT column remains zero, or very close to it for an extended period of time, then the Secure Firewall ASA may be overloaded or running into another issue that needs additional investigation.","3","Error","65","network","general"
+"%ASA-3-322001","322001","Deny MAC address MAC_address, possible spoof attempt on interface interface","%ASA-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface","The Secure Firewall ASA received a packet from the offending MAC address on the specified interface, but the source MAC address in the packet is statically bound to another interface in the configuration. Either a MAC-spoofing attack or a misconfiguration may be the cause.","Check the configuration and take appropriate action by either finding the offending host or correcting the configuration.","3","Error","85","network","general"
+"%ASA-3-322002","322002","ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2","%ASA-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2","If the ARP inspection module is enabled, it checks whether a new ARP entry advertised in the packet conforms to the statically configured or dynamically learned IP-MAC address binding before forwarding ARP packets across the Secure Firewall ASA. If this check fails, the ARP inspection module drops the ARP packet and generates this message. This situation may be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).","If the cause is an attack, you can deny the host using the ACLs. If the cause is an invalid configuration, correct the binding.","3","Error","95","network","general"
+"%ASA-3-322003","322003","ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address","%ASA-3-322003: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address","If the ARP inspection module is enabled, it checks whether a new ARP entry advertised in the packet conforms to the statically configured IP-MAC address binding before forwarding ARP packets across the Secure Firewall ASA. If this check fails, the ARP inspection module drops the ARP packet and generates this message. This situation may be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).","If the cause is an attack, you can deny the host using the ACLs. If the cause is an invalid configuration, correct the binding.","3","Error","95","network","general"
+"%ASA-6-322004","322004","No management IP address configured for transparent firewall. Dropping protocol protocol packet from interface_in:source_address/source_port to interface_out:dest_address/dest_port","%ASA-6-322004: No management IP address configured for transparent firewall. Dropping protocol protocol packet from interface_in:source_address/source_port to interface_out:dest_address/dest_port","The Secure Firewall ASA dropped a packet because no management IP address was configured in the transparent mode. • protocol—Protocol string or value • interface_in—Input interface name • source_address—Source IP address of the packet • source_port—Source port of the packet • interface_out—Output interface name • dest_address—Destination IP address of the packet • dest_port—Destination port of the packet","Configure the device with the management IP address and mask values.","6","Informational","35","network","general"
+"%ASA-3-323001","323001","Module in slot slot_num experienced a control channel communications failure.","%ASA-3-323001: Module in slot slot_num experienced a control channel communications failure.","The Secure Firewall ASA is unable to communicate via control channel with the module installed (in the specified slot). • module_id—For a software services module, specifies the services module name. • slot_num—For a hardware services module, specifies the slot in which the failure occurred. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-323002","323002","Module in slot slot_num is not able to shut down, shut down request not answered.","%ASA-3-323002: Module in slot slot_num is not able to shut down, shut down request not answered.","The module installed did not respond to a shutdown request. • module_id—For a software services module, specifies the service module name. • slot_num—For a hardware services module, specifies the slot in which the failure occurred. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-323003","323003","Module in slot slotnum is not able to reload, reload request not answered.","%ASA-3-323003: Module in slot slotnum is not able to reload, reload request not answered.","The module installed did not respond to a reload request. • module_id—For a software services module, specifies the service module name. • slot_num—For a hardware services module, specifies the slot in which the failure occurred. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot.","If the problem persists, contact the Cisco TAC.","3","Error","95","network","general"
+"%ASA-3-323004","323004","Module in slot string_one failed to write software vnewver (currently vver), reason. hw-module reset is required before further use.","%ASA-3-323004: Module in slot string_one failed to write software vnewver (currently vver), reason. hw-module reset is required before further use.","The module failed to accept a software version, and will be transitioned to an UNRESPONSIVE state. The module is not usable until the software is updated. • string one—The text string that specifies the module • >newver —The new version number of software that was not successfully written to the module (for example, 1.0(1)0) • >ver —The current version number of the software on the module (for example, 1.0(1)0) • >reason —The reason the new version cannot be written to the module. The possible values for >reason include the following: - write failure - failed to create a thread to write the image","If the module software cannot be updated, it will not be usable. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-323005","323005","Module syslog_string powerfail recovery is in progress.","%ASA-3-323005: Module syslog_string powerfail recovery is in progress.","This message indicates that the module cannot be started completely. The module will remain in the UNRESPONSIVE state until this condition is corrected. A module that is not fully seated in the slot is the most likely cause.","Verify that the module is fully seated and check to see if any status LEDs on the module are on. It may take a minute after fully reseating the module for the Secure Firewall ASA to recognize that it is powered up. If this message appears after verifying that the module is seated and after resetting the module using either the sw-module module service-module-name reset command or the hw-module module slotnum reset command, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-1-323006","323006","Module ips experienced a data channel communication failure, data channel is DOWN.","%ASA-1-323006: Module ips experienced a data channel communication failure, data channel is DOWN.","A data channel communication failure occurred and the Secure Firewall ASA was unable to forward traffic to the services module. This failure triggers a failover when the failure occurs on the active Secure Firewall ASA in an HA configuration. The failure also results in the configured fail open or fail closed policy being enforced on traffic that would normally be sent to the services module. This message is generated whenever a communication problem over the Secure Firewall ASA dataplane occurs between the system module and the services module, which can be caused when the services module stops, resets, is removed or disabled.","For software services modules such as IPS, recover the module using the sw-module module ips recover command. For hardware services modules, if this message is not the result of the SSM reloading or resetting and the corresponding syslog message 505010 is not seen after the SSM returns to an UP state, reset the module using the hw-module module 1 reset command.","1","Alert","100","network","general"
+"%ASA-3-323007","323007","Module in slot slot experienced a firmware failure and the recovery is in progress.","%ASA-3-323007: Module in slot slot experienced a firmware failure and the recovery is in progress.","An Secure Firewall ASA with a 4GE-SSM installed experienced a short power surge, then rebooted. As a result, the 4GE-SSM may come online in an unresponsive state. The Secure Firewall ASA has detected that the 4GE-SSM is unresponsive, and automatically restarts the 4GE-SSM.","None required.","3","Error","5","network","general"
+"%ASA-3-324000","324000","Drop GTP message msg_type Flow:(source_interface:source_address/source_port to dest_interface:dest_address/dest_port) Reason: reason","%ASA-3-324000: Drop GTP message msg_type Flow:(source_interface:source_address/source_port to dest_interface:dest_address/dest_port) Reason: reason","The packet being processed did not meet the filtering requirements as described in the reason variable and is being dropped.","None required.","3","Error","85","network","general"
+"%ASA-3-324001","324001","GTPv2 PKT Parse INFO:MsgType:34 (Modify Bearer Request) - TEID:0xaaaaaaaa MCB INFO - Local-GSN:192.168.1.224, Remote-GSN:192.168.2.20. - Flow:(outside:192.168.2.20/12035 to gn:192.168.1.224/2123)","%ASA-3-324001: GTPv2 PKT Parse INFO:MsgType:34 (Modify Bearer Request) - TEID:0xaaaaaaaa MCB INFO - Local-GSN:192.168.1.224, Remote-GSN:192.168.2.20. - Flow:(outside:192.168.2.20/12035 to gn:192.168.1.224/2123)","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","If the parser error message is seen periodically, it can be ignored. If it is seen frequently, then the endpoint may be sending out bad packets as part of an attack. Error Message 2","3","Error","85","network","general"
+"%ASA-3-324002","324002","No PDP[MCB] exists to process GTPv0 msg_type from source_interface :source_address /source_port to dest_interface :dest_address /dest_port , TID: tid_value","%ASA-3-324002: No PDP[MCB] exists to process GTPv0 msg_type from source_interface :source_address /source_port to dest_interface :dest_address /dest_port , TID: tid_value","If this message was preceded by message 321100, memory allocation error, the message indicates that there were not enough resources to create the PDP context. If not, it was not preceded by message 321100. For version 0, it indicates that the corresponding PDP context cannot be found. For version 1, if this message was preceded by message 324001, then a packet processing error occurred, and the operation stopped.","If the problem persists, determine why the source is sending packets without a valid PDP context.","3","Error","65","network","general"
+"%ASA-3-324003","324003","msg_type - Flow:(source_interface:source_address/source_port to dest_interface:dest_address/dest_port)","%ASA-3-324003: msg_type - Flow:(source_interface:source_address/source_port to dest_interface:dest_address/dest_port)","The response received does not have a matching request in the request queue and should not be processed further.","If this message is seen periodically, it can be ignored. But if it is seen frequently, then the endpoint may be sending out bad packets as part of an attack.","3","Error","85","network","general"
+"%ASA-3-324004","324004","GTP packet with version Ver_number from source_interface:source_address/source_port to dest_interface:dest_address/dest_port not supported","%ASA-3-324004: GTP packet with version Ver_number from source_interface:source_address/source_port to dest_interface:dest_address/dest_port not supported","The packet being processed has a version other than the currently supported version, which is 0 or 1. If the version number printed out is an incorrect number and is seen frequently, then the endpoint may be sending out bad packets as part of an attack.","None required.","3","Error","85","network","general"
+"%ASA-3-324005","324005","Unable to create tunnel from source_interface:source_address/source_port to dest_interface:dest_address/dest_port","%ASA-3-324005: Unable to create tunnel from source_interface:source_address/source_port to dest_interface:dest_address/dest_port","An error occurred while trying to create the tunnel for the transport protocol data units.","If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-324006","324006","GSN IP_address tunnel limit tunnel_limit exceeded, PDP Context TID tid creation failed","%ASA-3-324006: GSN IP_address tunnel limit tunnel_limit exceeded, PDP Context TID tid creation failed","The GPRS support node sending the request has exceeded the maximum allowed tunnels created, so no tunnel will be created.","Check to see whether the tunnel limit should be increased or if there is a possible attack on the network.","3","Error","95","network","general"
+"%ASA-3-324007","324007","Unable to create GTP connection for response from source_address/0 to 0/dest_address","%ASA-3-324007: Unable to create GTP connection for response from source_address/0 to 0/dest_address","An error occurred while trying to create the tunnel for the transport protocol data units for a differentsServicing GPRS support node or gateway GPRS support node.","Check debugging messages to see why the connection was not created correctly. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-324008","324008","No PDP exists to update the data sgsn[ggsn] PDPMCB Info,PDPMCB Info TEID: teid_value, PDP TID: teid_value, Local GSN: IPaddress (VPIfNum), Remote GSN: IPaddress (VPIfNum)","%ASA-3-324008: No PDP exists to update the data sgsn[ggsn] PDPMCB Info,PDPMCB Info TEID: teid_value, PDP TID: teid_value, Local GSN: IPaddress (VPIfNum), Remote GSN: IPaddress (VPIfNum)","When a GTP HA message is received on the standby unit to update the PDP with data sgsn/ggsn PDPMCB information, the PDP is not found because of a previous PDP update message that was not successfully delivered or successfully processed on the standby unit.","If this message occurs periodically, you can ignore it. If it occurs frequently, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-324009","324009","Drop GTP message G-PDU from inside_interface :inside_ip /inside_port to","%ASA-3-324009: Drop GTP message G-PDU from inside_interface :inside_ip /inside_port to","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","85","network","general"
+"%ASA-5-324010","324010","Subscriber ID PDP Context activated on network Unknown","%ASA-5-324010: Subscriber ID PDP Context activated on network Unknown","This message appears when the PDP Context is activated. MCC is always 3 digits and MNC is 2 or 3 digits. The MCC, MNC, IE type, or Cell ID could be ""Unknown"" if the packet does not contain the location information IEs. Note Example:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-5-324011","324011","Subscriber ID location changed during v1 handoff from Unknown to MCC/MNC 11122 (v1 RAI) CellID 1","%ASA-5-324011: Subscriber ID location changed during v1 handoff from Unknown to MCC/MNC 11122 (v1 RAI) CellID 1","A message appears when the location has changed. MCC is always 3 digits and MNC is 2 or 3 digits. This change could be triggered by handoff or a subsequent create request after the PDP is created and that the previous create request on ASA expired. The MCC, MNC, IE type, or Cell ID could be ""Unknown"" if the packet does not contain the location information IEs. Note Example:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-5-324012","324012","GTP_PARSE: GTPV2_PARSE: Presence Reporting Area Action[177]: Invalid Length Received Length: 4, Minimum Expected Length: 11","%ASA-5-324012: GTP_PARSE: GTPV2_PARSE: Presence Reporting Area Action[177]: Invalid Length Received Length: 4, Minimum Expected Length: 11","When GTP IE length received is less than the minimum length, an error message appears with the following data: • GTP IE TYPE: Name Of GTP IE. • GTP IE TYPE NUMBER: Number Defined for GTP IE Type • Invalid Length Received: Invalid Length Received in the Packet. • Minimum Expected Length: Minimum Expected length for IE. Example:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","35","network","general"
+"%ASA-3-324300","324300","Radius Accounting Request from from_addr has an incorrect request authenticator","%ASA-3-324300: Radius Accounting Request from from_addr has an incorrect request authenticator","When a shared secret is configured for a host, the request authenticator is verified with that secret. If it fails, it is logged and packet processing stops. • from_addr —The IP address of the host sending the RADIUS accounting request","Check to see that the correct shared secret was configured. If it is, double-check the source of the packet to make sure that it was not spoofed.","3","Error","85","network","general"
+"%ASA-3-324301","324301","Radius Accounting Request has a bad header length hdr_len, packet length pkt_len","%ASA-3-324301: Radius Accounting Request has a bad header length hdr_len, packet length pkt_len","The accounting request message has a header length that is not the same as the actual packet length, so packet processing stops. • hdr_len —The length indicated in the request header • pkt_len —The actual packet length","Make sure the packet was not spoofed. If the packet is legitimate, then capture the packet and make sure the header length is incorrect, as indicated by the message. If the header length is correct, and if the problem persists, contact the Cisco TAC.","3","Error","85","network","general"
+"%ASA-4-324302","324302","Server=IPaddr:port, ID=id: Rejecting the RADIUS response: Reason.","%ASA-4-324302: Server=IPaddr:port, ID=id: Rejecting the RADIUS response: Reason.","This message is generated when RADIUS response is rejected either because the required message-authenticator payload is missing in the response or if the Message-Authenticator payload failed validation check. • IPaddr:port—RADIUS server IP address and port • id—RADIUS request ID • Reason—Reason why the RADIUS response is rejected: • Required Message-Authenticator Payload Missing • Message-Authenticator payload failed validation check","None.","4","Warning","55","network","general"
+"%ASA-6-324303","324303","Server=IPaddr:port ID=id The RADIUS server supports and included the Message-Authenticator payload in its response. To prevent Man-In-The-Middle attacks, consider enabling ‘ message-authenticator’ on the aaa-server-group configuration for this server as a security best practice.","%ASA-6-324303: Server=IPaddr:port ID=id The RADIUS server supports and included the Message-Authenticator payload in its response. To prevent Man-In-The-Middle attacks, consider enabling ‘ message-authenticator’ on the aaa-server-group configuration for this server as a security best practice.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Configure message-authenticator-required CLI under AAA server configuration.","6","Informational","15","network","general"
+"%ASA-3-325001","325001","Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings","%ASA-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings","Another router on the link sent router advertisements with conflicting parameters. • ipv6_address—IPv6 address of the other router • interface—Interface name of the link with the other router","Verify that all IPv6 routers on the link have the same parameters in the router advertisement for hop_limit, managed_config_flag, other_config_flag, reachable_time and ns_interval, and that preferred and valid lifetimes for the same prefix, advertised by several routers, are the same. To list the parameters per interface, enter the show ipv6 interface command.","3","Error","75","network","general"
+"%ASA-4-325002","325002","Duplicate address ipv6_address/MAC_address on interface","%ASA-4-325002: Duplicate address ipv6_address/MAC_address on interface","Another system is using your IPv6 address. • ipv6_address—The IPv6 address of the other router • MAC_address—The MAC address of the other system, if known; otherwise, it is considered unknown. • interface—The interface name of the link with the other system","Change the IPv6 address of one of the two systems.","4","Warning","45","network","general"
+"%ASA-4-325004","325004","IPv6 Extension Header hdr_type action by configuration. protocol from src_int:src_ipv6_addr/src_port to dst_interface:dst_ipv6_addr/dst_port","%ASA-4-325004: IPv6 Extension Header hdr_type action by configuration. protocol from src_int:src_ipv6_addr/src_port to dst_interface:dst_ipv6_addr/dst_port","A user has configured one or multiple actions over the specified IPv6 header extension.","If the configured action is not expected, under the policy-map command, check the action in the match header extension_header_type command and the parameters command, and make the correct changes. For example: ciscoasa (config)# policy-map type inspect ipv6 pname ciscoasa (config-pmap)# parameters ciscoasa (config-pmap-p)# no match header extension_header_type ! to remove the configuration ciscoasa (config-pmap-p)# no drop ! so packets with the specified extension_header_type are not dropped ciscoasa (config-pmap-p)# no log ! so packets with the specified extension_header_type are not logged ciscoasa (config-pmap-p)# no drop log ! so packets with the specified extension_header_type are not dropped or logged","4","Warning","65","network","general"
+"%ASA-4-325005","325005","Invalid IPv6 Extension Header Content:string. detail_regarding_protocol from ingress_interface:IP/port to egress_interface:IP/port","%ASA-4-325005: Invalid IPv6 Extension Header Content:string. detail_regarding_protocol from ingress_interface:IP/port to egress_interface:IP/port","An IPv6 packet with a bad extension header has been detected. • string —Can be one of the following values: - wrong extension header order - duplicate extension header - routing extension header","Configure the capture command to record the dropped packet, then analyze the cause of the dropped packet. If the validity check of the IPv6 extension header can be ignored, disable the validity check in the IPv6 policy map by entering the following commands: ciscoasa (config)# policy-map type inspect ipv6 policy_name","4","Warning","75","network","general"
+"%ASA-4-325006","325006","IPv6 Extension Header not in order: Type hdr_type occurs after Type hdr_type. prot from src_int:src_ipv6_addr/src_port to dst_interface:dst_ipv6_addr/dst_port","%ASA-4-325006: IPv6 Extension Header not in order: Type hdr_type occurs after Type hdr_type. prot from src_int:src_ipv6_addr/src_port to dst_interface:dst_ipv6_addr/dst_port","An IPv6 packet with out-of-order extension headers has been detected.","Configure the capture command to record the dropped packet, then analyze the extension header order of the dropped packet. If out-of-order header extensions are allowed, disable the out-of-order check in the IPv6 type policy map by entering the following commands: ciscoasa (config)# policy-map type inspect ipv6 policy_name ciscoasa (config-pmap)# parameters ciscoasa (config-pmap-p)# no verify-header order","4","Warning","75","network","general"
+"%ASA-7-325007","325007","IPv6 security check failed. Dropped packet from interface:address/port to address/port with source MAC address MAC_address and hop limit limit_value","%ASA-7-325007: IPv6 security check failed. Dropped packet from interface:address/port to address/port with source MAC address MAC_address and hop limit limit_value","Security check failed.","None.","7","Debugging","35","network","general"
+"%ASA-3-326001","326001","Unexpected error in the timer library: error_message","%ASA-3-326001: Unexpected error in the timer library: error_message","A managed timer event was received without a context or a correct type, or no handler exists. Alternatively, if the number of events queued exceeds a system limit, an attempt to process them will occur at a later time.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326002","326002","Error in error_message : error_message","%ASA-3-326002: Error in error_message : error_message","The IGMP process failed to shut down upon request. Events that are performed in preparation for this shutdown may be out-of-sync.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326004","326004","An internal error occurred while processing a packet queue","%ASA-3-326004: An internal error occurred while processing a packet queue","The IGMP packet queue received a signal without a packet.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326005","326005","Mrib notification failed for (IP_address, IP_address )","%ASA-3-326005: Mrib notification failed for (IP_address, IP_address )","A packet triggering a data-driven event was received, and the attempt to notify the MRIB failed.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326006","326006","Entry-creation failed for (IP_address, IP_address )","%ASA-3-326006: Entry-creation failed for (IP_address, IP_address )","The MFIB received an entry update from the MRIB, but failed to create the entry related to the addresses displayed. The probable cause is insufficient memory.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326007","326007","Entry-update failed for (IP_address, IP_address )","%ASA-3-326007: Entry-update failed for (IP_address, IP_address )","The MFIB received an interface update from the MRIB, but failed to create the interface related to the addresses displayed. The probable cause is insufficient memory.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326008","326008","MRIB registration failed","%ASA-3-326008: MRIB registration failed","The MFIB failed to register with the MRIB.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326009","326009","MRIB connection-open failed","%ASA-3-326009: MRIB connection-open failed","The MFIB failed to open a connection to the MRIB.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326010","326010","EIGRP-ddb_name tableid as_id: Neighbor address (%interface) is event_msg: msg","%ASA-3-326010: EIGRP-ddb_name tableid as_id: Neighbor address (%interface) is event_msg: msg","The MFIB failed to unbind from the MRIB.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326011","326011","MRIB table deletion failed","%ASA-3-326011: MRIB table deletion failed","The MFIB failed to retrieve the table that was supposed to be deleted.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326012","326012","Initialization of string functionality failed","%ASA-3-326012: Initialization of string functionality failed","The initialization of a specified functionality failed. This component might still operate without the functionality.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326013","326013","Internal error: string in string line %d (%s )","%ASA-3-326013: Internal error: string in string line %d (%s )","A fundamental error occurred in the MRIB.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326014","326014","Initialization failed: error_message error_message","%ASA-3-326014: Initialization failed: error_message error_message","The MRIB failed to initialize.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326015","326015","Communication error: error_message error_message","%ASA-3-326015: Communication error: error_message error_message","The MRIB received a malformed update.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326016","326016","Failed to set un-numbered interface for interface_name (string )","%ASA-3-326016: Failed to set un-numbered interface for interface_name (string )","The PIM tunnel is not usable without a source address. This situation occurs because a numbered interface cannot be found, or because of an internal error.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326017","326017","Interface Manager error - string in string : string","%ASA-3-326017: Interface Manager error - string in string : string","An error occurred while creating a PIM tunnel interface.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326019","326019","string in string : string","%ASA-3-326019: string in string : string","An error occurred while creating a PIM RP tunnel interface.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326020","326020","List error in string : string","%ASA-3-326020: List error in string : string","An error occurred while processing a PIM interface list.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326021","326021","Error in string : string","%ASA-3-326021: Error in string : string","An error occurred while setting the SRC of a PIM tunnel interface.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326022","326022","Error in string : string","%ASA-3-326022: Error in string : string","The PIM process failed to shut down upon request. Events that are performed in preparation for this shutdown may be out-of-sync.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-326023","326023","string - IP_address : string","%ASA-3-326023: string - IP_address : string","An error occurred while processing a PIM group range.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326024","326024","An internal error occurred while processing a packet queue.","%ASA-3-326024: An internal error occurred while processing a packet queue.","The PIM packet queue received a signal without a packet.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326025","326025","string","%ASA-3-326025: string","An internal error occurred while trying to send a message. Events scheduled to occur on the receipt of a message, such as deletion of the PIM tunnel IDB, may not occur.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326026","326026","Server unexpected error: error_message","%ASA-3-326026: Server unexpected error: error_message","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-326027","326027","Corrupted update: error_message","%ASA-3-326027: Corrupted update: error_message","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","If the problem persists, contact the Cisco TAC.","3","Error","85","network","general"
+"%ASA-3-326028","326028","Asynchronous error: error_message","%ASA-3-326028: Asynchronous error: error_message","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-327001","327001","IP SLA Monitor: Cannot create a new process","%ASA-3-327001: IP SLA Monitor: Cannot create a new process","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Check the system memory. If memory is low, then this is probably the cause. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-327002","327002","IP SLA Monitor: Failed to initialize, IP SLA Monitor functionality will not work","%ASA-3-327002: IP SLA Monitor: Failed to initialize, IP SLA Monitor functionality will not work","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Check the system memory. If memory is low, then this is probably the cause. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-327003","327003","IP SLA Monitor: Generic Timer wheel timer functionality failed to initialize","%ASA-3-327003: IP SLA Monitor: Generic Timer wheel timer functionality failed to initialize","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Check the system memory. If memory is low, then the timer wheel function did not initialize. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-328001","328001","Attempt made to overwrite a set stub function in string .","%ASA-3-328001: Attempt made to overwrite a set stub function in string .","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-328002","328002","Attempt made in string to register with out of bounds key","%ASA-3-328002: Attempt made in string to register with out of bounds key","In the FASTCASE registry, the key has to be smaller than the size specified when the registry was created. An attempt was made to register with a key out-of-bounds.","Copy the error message exactly as it appears, and report it to the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-329001","329001","The string0 subblock named string1 was not removed","%ASA-3-329001: The string0 subblock named string1 was not removed","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-331001","331001","Dynamic DNS Update for 'fqdn_name' &lt;=&gt; ip_address failed","%ASA-3-331001: Dynamic DNS Update for 'fqdn_name' &lt;=&gt; ip_address failed","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Make sure that a DNS server is configured and reachable by the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-5-331002","331002","Dynamic DNS type RR for 'fqdn_name' -&gt; 'ip_address ' successfully updated in DNS server ip_address","%ASA-5-331002: Dynamic DNS type RR for 'fqdn_name' -&gt; 'ip_address ' successfully updated in DNS server ip_address","A dynamic DNS update succeeded in the DNS server. • type —The type of resource record, which may be A or PTR • fqdn_name —The fully qualified domain name for which the DNS update was attempted • ip_address —The IP address of the DNS update • dns_server_ip —The IP address of the DNS server","None required.","5","Notification","5","network","general"
+"%ASA-3-332001","332001","Unable to open cache discovery socket, WCCP V2 closing down","%ASA-3-332001: Unable to open cache discovery socket, WCCP V2 closing down","An internal error that indicates the WCCP process was unable to open the UDP socket used to listen for protocol messages from caches.","Ensure that the IP configuration is correct and that at least one IP address has been configured.","3","Error","75","network","general"
+"%ASA-3-332002","332002","Unable to allocate message buffer, WCCP V2 closing down","%ASA-3-332002: Unable to allocate message buffer, WCCP V2 closing down","An internal error that indicates the WCCP process was unable to allocate memory to hold incoming protocol messages.","Ensure that enough memory is available for all processes.","3","Error","75","network","general"
+"%ASA-5-332003","332003","Web Cache IP_address/service_ID acquired","%ASA-5-332003: Web Cache IP_address/service_ID acquired","A service from the web cache of the Secure Firewall ASA was acquired. • IP_address—The IP address of the web cache • service_ID—The WCCP service identifier","None required.","5","Notification","5","network","general"
+"%ASA-1-332004","332004","Web Cache IP_address/service_ID lost","%ASA-1-332004: Web Cache IP_address/service_ID lost","A service from the web cache of the Secure Firewall ASA was lost.","Verify operation of the specified web cache.","1","Alert","85","network","general"
+"%ASA-6-333001","333001","EAP association initiated - context: EAP-context","%ASA-6-333001: EAP association initiated - context: EAP-context","An EAP association has been initiated with a remote host. • EAP-context —A unique identifier for the EAP session, displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","None required.","6","Informational","5","network","general"
+"%ASA-5-333002","333002","Timeout waiting for EAP response - context:EAP-context","%ASA-5-333002: Timeout waiting for EAP response - context:EAP-context","A timeout occurred while waiting for an EAP response. • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","None required.","5","Notification","5","network","general"
+"%ASA-6-333003","333003","EAP association terminated - context:EAP-context","%ASA-6-333003: EAP association terminated - context:EAP-context","The EAP association has been terminated with the remote host. • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","None required.","6","Informational","5","network","general"
+"%ASA-7-333004","333004","EAP-SQ response invalid - context:EAP-context","%ASA-7-333004: EAP-SQ response invalid - context:EAP-context","The EAP-Status Query response failed basic packet validation. • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-333005","333005","EAP-SQ response contains invalid TLV(s) - context:EAP-context","%ASA-7-333005: EAP-SQ response contains invalid TLV(s) - context:EAP-context","The EAP-Status Query response has one or more invalid TLVs.","If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-333006","333006","EAP-SQ response with missing TLV(s) - context:EAP-context","%ASA-7-333006: EAP-SQ response with missing TLV(s) - context:EAP-context","The EAP-Status Query response is missing one or more mandatory TLVs. • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-333007","333007","EAP-SQ response TLV has invalid length - context:EAP-context","%ASA-7-333007: EAP-SQ response TLV has invalid length - context:EAP-context","The EAP-Status Query response includes a TLV with an invalid length. • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-333008","333008","EAP-SQ response has invalid nonce TLV - context:EAP-context","%ASA-7-333008: EAP-SQ response has invalid nonce TLV - context:EAP-context","The EAP-Status Query response includes an invalid nonce TLV. • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-6-333009","333009","EAP-SQ response MAC TLV is invalid - context:EAP-context","%ASA-6-333009: EAP-SQ response MAC TLV is invalid - context:EAP-context","The EAP-Status Query response includes a MAC that does not match the calculated MAC. • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.","6","Informational","25","network","general"
+"%ASA-5-333010","333010","EAP-SQ response Validation Flags TLV indicates PV request - context:EAP-context","%ASA-5-333010: EAP-SQ response Validation Flags TLV indicates PV request - context:EAP-context","The EAP-Status Query response includes a validation flags TLV, which indicates that the peer requested a full posture validation.","None required.","5","Notification","5","network","general"
+"%ASA-6-334001","334001","EAPoUDP association initiated - host-address","%ASA-6-334001: EAPoUDP association initiated - host-address","An EAPoUDP association has been initiated with a remote host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","None required.","6","Informational","5","network","general"
+"%ASA-5-334002","334002","EAPoUDP association successfully established - host-address","%ASA-5-334002: EAPoUDP association successfully established - host-address","An EAPoUDP association has been successfully established with the host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","None required.","5","Notification","5","network","general"
+"%ASA-5-334003","334003","EAPoUDP association failed to establish - host-address","%ASA-5-334003: EAPoUDP association failed to establish - host-address","An EAPoUDP association has failed to establish with the host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","Verify the configuration of the Cisco Secure Access Control Server.","5","Notification","45","network","general"
+"%ASA-6-334004","334004","Authentication request for NAC Clientless host - host-address","%ASA-6-334004: Authentication request for NAC Clientless host - host-address","An authentication request was made for a NAC clientless host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","None required.","6","Informational","5","network","general"
+"%ASA-5-334005","334005","Host put into NAC Hold state - host-address","%ASA-5-334005: Host put into NAC Hold state - host-address","The NAC session for the host was put into the Hold state. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","None required.","5","Notification","5","network","general"
+"%ASA-5-334006","334006","EAPoUDP failed to get a response from host - host-address","%ASA-5-334006: EAPoUDP failed to get a response from host - host-address","An EAPoUDP response was not received from the host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","None required.","5","Notification","5","network","general"
+"%ASA-6-334007","334007","EAPoUDP association terminated - host-address","%ASA-6-334007: EAPoUDP association terminated - host-address","An EAPoUDP association has terminated with the host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","None required.","6","Informational","5","network","general"
+"%ASA-6-334008","334008","NAC EAP association initiated - host-address , EAP context: EAP-context","%ASA-6-334008: NAC EAP association initiated - host-address , EAP context: EAP-context","EAPoUDP has initiated EAP with the host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101) • EAP-context —A unique identifier for the EAP session displayed as an eight-digit, hexadecimal number (for example, 0x2D890AE0)","None required.","6","Informational","5","network","general"
+"%ASA-6-334009","334009","Audit request for NAC Clientless host - Assigned_IP.","%ASA-6-334009: Audit request for NAC Clientless host - Assigned_IP.","An audit request is being sent for the specified assigned IP address. • Assigned_IP —The IP address assigned to the client","None required.","6","Informational","5","network","general"
+"%ASA-6-335001","335001","NAC session initialized - host-address","%ASA-6-335001: NAC session initialized - host-address","A NAC session has started for a remote host. • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)","None required.","6","Informational","5","network","general"
+"%ASA-5-335002","335002","Host is on the NAC Exception List - host-address , OS: oper-sys","%ASA-5-335002: Host is on the NAC Exception List - host-address , OS: oper-sys","The client is on the NAC Exception List and is therefore not subject to posture validation. • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1) • oper-sys —The operating system (for example, Windows XP) of the host","None required.","5","Notification","5","network","general"
+"%ASA-5-335003","335003","NAC Default ACL applied, ACL:ACL-name - host-address","%ASA-5-335003: NAC Default ACL applied, ACL:ACL-name - host-address","The NAC default ACL has been applied for the client. • ACL-name —The name of the ACL being applied • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","None required.","5","Notification","5","network","general"
+"%ASA-6-335004","335004","NAC is disabled for host - host-address","%ASA-6-335004: NAC is disabled for host - host-address","NAC is disabled for the remote host. • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","None required.","6","Informational","5","network","general"
+"%ASA-4-335005","335005","NAC Downloaded ACL parse failure - host-address","%ASA-4-335005: NAC Downloaded ACL parse failure - host-address","Parsing of a downloaded ACL failed. • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","Verify the configuration of the Cisco Secure Access Control Server.","4","Warning","65","network","general"
+"%ASA-6-335006","335006","NAC Applying ACL: ACL-name - host-address","%ASA-6-335006: NAC Applying ACL: ACL-name - host-address","The name of the ACL that is being applied as a result of NAC posture validation. • ACL-name —The name of the ACL being applied • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","None required.","6","Informational","5","network","general"
+"%ASA-7-335007","335007","NAC Default ACL not configured - host-address","%ASA-7-335007: NAC Default ACL not configured - host-address","A NAC default ACL has not been configured. • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","None required.","7","Debugging","5","network","general"
+"%ASA-5-335008","335008","NAC IPsec terminate from dynamic ACL: ACL-name - host-address","%ASA-5-335008: NAC IPsec terminate from dynamic ACL: ACL-name - host-address","A dynamic ACL obtained as a result of PV requires IPsec termination. • ACL-name —The name of the ACL being applied • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","None required.","5","Notification","5","network","general"
+"%ASA-6-335009","335009","NAC Revalidate request by administrative action - host-address","%ASA-6-335009: NAC Revalidate request by administrative action - host-address","A NAC Revalidate action was requested by the administrator. • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","None required.","6","Informational","5","network","general"
+"%ASA-6-335010","335010","NAC Revalidate All request by administrative action - num sessions","%ASA-6-335010: NAC Revalidate All request by administrative action - num sessions","A NAC Revalidate All action was requested by the administrator. • num —A decimal integer that indicates the number of sessions to be revalidated","None required.","6","Informational","5","network","general"
+"%ASA-6-335011","335011","NAC Revalidate Group request by administrative action for group-name group - num sessions","%ASA-6-335011: NAC Revalidate Group request by administrative action for group-name group - num sessions","A NAC Revalidate Group action was requested by the administrator. • group-name —The VPN group name • num —A decimal integer that indicates the number of sessions to be revalidated","None required.","6","Informational","5","network","general"
+"%ASA-6-335012","335012","NAC Initialize request by administrative action - host-address","%ASA-6-335012: NAC Initialize request by administrative action - host-address","A NAC Initialize action was requested by the administrator. • host-address —The IP address of the host in dotted decimal format (for example, 10.1.1.1)","None required.","6","Informational","5","network","general"
+"%ASA-6-335013","335013","NAC Initialize All request by administrative action - num sessions","%ASA-6-335013: NAC Initialize All request by administrative action - num sessions","A NAC Initialize All action was requested by the administrator. • num —A decimal integer that indicates the number of sessions to be revalidated","None required.","6","Informational","5","network","general"
+"%ASA-6-335014","335014","NAC Initialize Group request by administrative action for group-name group - num sessions","%ASA-6-335014: NAC Initialize Group request by administrative action for group-name group - num sessions","A NAC Initialize Group action was requested by the administrator. • group-name —The VPN group name • num —A decimal integer that indicates the number of sessions to be revalidated","None required.","6","Informational","5","network","general"
+"%ASA-3-336001","336001","IP-EIGRP(AS desination_network): ddb_name as_num stuck in active state","%ASA-3-336001: IP-EIGRP(AS desination_network): ddb_name as_num stuck in active state","The SIA state means that an EIGRP router has not received a reply to a query from one or more neighbors within the time allotted (approximately three minutes). When this happens, EIGRP clears the neighbors that did not send a reply and logs an error message for the route that became active. • destination_network —The route that became active • ddb_name —IPv4 • as_num —The EIGRP router","Check to see why the router did not get a response from all of its neighbors and why the route disappeared.","3","Error","65","network","general"
+"%ASA-3-336002","336002","Handle not allocated in pool","%ASA-3-336002: Handle not allocated in pool","The EIGRP router is unable to find the handle for the next hop.","If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-336003","336003","Unable to alloc pkt buffer","%ASA-3-336003: Unable to alloc pkt buffer","The DUAL software was unable to allocate a packet buffer. The Secure Firewall ASA may be out of memory. • bytes —Number of bytes in the packet","Check to see if the Secure Firewall ASA is out of memory by entering the show mem or show tech command. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-336004","336004","Negative refcount in pakdesc","%ASA-3-336004: Negative refcount in pakdesc","The reference count packet count became negative. • pakdesc —Packet identifier","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-336005","336005","Flow control error","%ASA-3-336005: Flow control error","The interface is flow blocked for multicast. Qelm is the queue element, and in this case, the last multicast packet on the queue for this particular interface. • error —Error statement: Qelm on flow ready • interface_name —Name of the interface on which the error occurred","If the problem persists, contact the Cisco TAC.","3","Error","85","network","general"
+"%ASA-3-336006","336006","Peers exist on IIDB","%ASA-3-336006: Peers exist on IIDB","Peers still exist on a particular interface during or after cleanup of the IDB of the EIGRP. • num —The number of peers • interface_name —The interface name","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-336007","336007","Anchor Count negative","%ASA-3-336007: Anchor Count negative","An error occurred and the count of the anchor became negative when it was released.","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-336008","336008","Lingering DRDB deleting IIDB","%ASA-3-336008: Lingering DRDB deleting IIDB","An interface is being deleted and some lingering DRDB exists. • network—The destination network • address—The nexthop address • interface—The nexthop interface • origin_str—String defining the origin","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-336009","336009","ddb_name as_id: Internal error","%ASA-3-336009: ddb_name as_id: Internal error","An internal error occurred. • ddb_name —PDM name (for example, IPv4 PDM) • as_id —Autonomous system ID","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-5-336010","336010","IP-EIGRP(AS ddb_name): Neighbor neighbor_address(interface_name) is event_state: event_reason","%ASA-5-336010: IP-EIGRP(AS ddb_name): Neighbor neighbor_address(interface_name) is event_state: event_reason","A neighbor went up or down. • ddb_name —IPv4 • tableid — Internal ID for the RIB • as_id —Autonomous system ID • address —IP address of the neighbor • interface —Name of the interface • event_msg — Event that is occurring for the neighbor (that is, up or down) • msg —Reason for the event. Possible event_msg and msg value pairs include: - resync: peer graceful-restart - down: holding timer expired - up: new adjacency - down: Auth failure - down: Stuck in Active - down: Interface PEER-TERMINATION received - down: K-value mismatch - down: Peer Termination received","Check to see why the link on the neighbor is going down or is flapping. This may be a sign of a problem, or a problem may occur because of this.","5","Notification","35","network","general"
+"%ASA-6-336011","336011","hw or sw error occurred","%ASA-6-336011: hw or sw error occurred","A dual event occurred. The events can be one of the following: • Redist rt change • SIA Query while Active","If the problem persists, contact the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-3-336018","336018","process_name as_number: prefix_source threshold prefix level (prefix_threshold)","%ASA-3-336018: process_name as_number: prefix_source threshold prefix level (prefix_threshold)","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","general"
+"%ASA-6-337000","337000","Session created, NeighAddr: Created BFD session with local discriminator id, SrcAddr: real_interface","%ASA-6-337000: Session created, NeighAddr: Created BFD session with local discriminator id, SrcAddr: real_interface","This syslog message indicates that a BFD active session has been created. • id— A numerical field that denotes the local discriminator value for a particular BFD session • real_interface— The interface nameif on which the BFD session is running • real_host_ip— The IP address of the neighbor with which the BFD session has come up","None.","6","Informational","15","network","general"
+"%ASA-6-337001","337001","Session destroyed, NeighAddr: Terminated BFD session with local discriminator id, SrcAddr: real_interface","%ASA-6-337001: Session destroyed, NeighAddr: Terminated BFD session with local discriminator id, SrcAddr: real_interface","This syslog message indicates that an active BFD session has been terminated. • id— A numerical field that denotes the local discriminator value for a particular BFD session • real_interface— The interface nameif on which the BFD session is running • real_host_ip— The IP address of the neighbor with which the BFD session has come up • failure_reason— One of the following failure reasons: BFD going down on peer’s side, BFD configuration removal on peer’s side, Detection timer expiration, Echo function failure, Path to peer going down, Local BFD configuration removal, BFD client configuration removal","None.","6","Informational","25","network","general"
+"%ASA-4-337005","337005","Phone Proxy SRTP: Media session not found for media_term_ip/media_term_port for packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port","%ASA-4-337005: Phone Proxy SRTP: Media session not found for media_term_ip/media_term_port for packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port","The adaptive security appliance received an SRTP or RTP packet that was destined to go to the media termination IP address and port, but the corresponding media session to process this packet was not found. • in_ifc—The input interface • src_ip—The source IP address of the packet • src_port—The source port of the packet • out_ifc—The output interface • dest_ip—The destination IP address of the packet • dest_port—The destination port of the packet.","If this message occurs at the end of the call, it is considered normal because the signaling messages may have released the media session, but the endpoint is continuing to send a few SRTP or RTP packets. If this message occurs for an odd-numbered media termination port, the endpoint is sending RTCP, which must be disabled from the CUCM. If this message happens continuously for a call, debug the signaling message transaction either using phone proxy debug commands or capture commands to determine if the signaling messages are being modified with the media termination IP address and port..","4","Warning","45","network","general"
+"%ASA-4-338001","338001","Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port),), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338001: Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port),), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic from a domain, which is on an block list in the dynamic filter database, has appeared. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site has been logged. Use the internal IP address to trace the infected machine, or enter the dynamic-filter drop blacklist command to automatically drop such traffic.","4","Warning","65","network","general"
+"%ASA-4-338002","338002","Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338002: Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic to a domain, which is on an block list in the dynamic filter database, has appeared. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site has been logged. Use the internal IP address to trace the infected machine, or enter the dynamic-filter drop blacklist command to automatically drop such traffic.","4","Warning","65","network","general"
+"%ASA-4-338003","338003","Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port)), source malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","%ASA-4-338003: Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port)), source malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","Traffic from an IP address, which is on an block list in the dynamic filter database, has appeared. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site has been logged. Use the internal IP address to trace the infected machine, or enter the dynamic-filter drop blacklist command to automatically drop such traffic.","4","Warning","65","network","general"
+"%ASA-4-338004","338004","Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","%ASA-4-338004: Dynamic Filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","Traffic to an IP address, which is on an block list in the dynamic filter database, has appeared. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site has been logged. Use the internal IP address to trace the infected machine, or enter the dynamic-filter drop command to automatically drop such traffic.","4","Warning","65","network","general"
+"%ASA-4-338005","338005","Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338005: Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic from a domain name, which is on an block list in the dynamic filter database, was denied. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","None required.","4","Warning","65","network","general"
+"%ASA-4-338006","338006","Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338006: Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic to a domain, which is on an block list in the dynamic filter database, was denied. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","None required.","4","Warning","65","network","general"
+"%ASA-4-338007","338007","Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","%ASA-4-338007: Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","Traffic from an IP address, which is on an block list in the dynamic filter database, was denied. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","None required.","4","Warning","65","network","general"
+"%ASA-4-338008","338008","Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","%ASA-4-338008: Dynamic Filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: ip_address/netmask, threat-level: level_value, category: category_name","Traffic to an IP address, which is on an block list in the dynamic filter database, was denied. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","None required.","4","Warning","65","network","general"
+"%ASA-4-338101","338101","Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: domain_name","%ASA-4-338101: Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: domain_name","Traffic from a domain, which is on an allow list in the dynamic filter database, has appeared.","None required.","4","Warning","5","network","general"
+"%ASA-4-338102","338102","Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name","%ASA-4-338102: Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name","Traffic to a domain name, which is on an allow list in the dynamic filter database, has appeared.","None required.","4","Warning","5","network","general"
+"%ASA-4-338103","338103","Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: ip_address/netmask","%ASA-4-338103: Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: ip_address/netmask","Traffic from an IP address, which is on an allow list in the dynamic filter database, has appeared.","None required.","4","Warning","5","network","general"
+"%ASA-4-338104","338104","Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: ip_address/netmask","%ASA-4-338104: Dynamic Filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: ip_address/netmask","Traffic to an IP address, which is on an allow list in the dynamic filter database, has appeared.","None required.","4","Warning","5","network","general"
+"%ASA-4-338201","338201","Dynamic Filter monitored greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port)), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338201: Dynamic Filter monitored greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port)), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic from a domain, which is on a greylist in the dynamic filter database, has appeared. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site has been logged. Use the internal IP address to trace the infected machine, or enter the dynamic-filter drop blacklist command and the dynamic-filter ambiguous-is-black command to automatically drop such traffic.","4","Warning","65","network","general"
+"%ASA-4-338202","338202","Dynamic Filter monitored greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338202: Dynamic Filter monitored greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic to a domain name, which is on a gerylist in the dynamic filter database, has appeared. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site has been logged. Use the internal IP address to trace the infected machine, or enter the dynamic-filter drop blacklist command and the dynamic-filter ambiguous-is-black command to automatically drop such traffic.","4","Warning","65","network","general"
+"%ASA-4-338203","338203","Dynamic Filter dropped greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338203: Dynamic Filter dropped greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic from a greylisted domain name in the dynamic filter database was denied; however, the malicious IP address was also resolved to domain names that are unknown to the dynamic filter database. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site was dropped. If you do not want to automatically drop greylisted traffic whose IP address matches both unknown domain names, and domain names, which are on a block list, disable the dynamic-filter ambiguous-is-black command.","4","Warning","65","network","general"
+"%ASA-4-338204","338204","Dynamic Filter dropped greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","%ASA-4-338204: Dynamic Filter dropped greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port) to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious_address resolved from local_or_dynamic list: domain_name, threat-level: level_value, category: category_name","Traffic to a greylisted domain name in the dynamic filter database was denied; however, the malicious IP address was also resolved to domain names that are unknown to the dynamic filter database. The threat level is a string that shows one of the following values: none, very-low, low, moderate, high, and very-high. The category is a string that shows the reason why a domain name is on a block list (for example, botnet, Trojan, and spyware).","Access to a malicious site was dropped. If you do not want to automatically drop greylisted traffic whose IP address matches both unknown domain names, and domain names, which are on a block list, disable the dynamic-filter ambiguous-is-black command.","4","Warning","65","network","general"
+"%ASA-4-338301","338301","Intercepted DNS reply for name name from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port, matched list","%ASA-4-338301: Intercepted DNS reply for name name from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port, matched list","A DNS reply that was present in an administrator's allow list, block list, or IronPort list was intercepted. • name— The domain name • list —The list that includes the domain name, administrator allow list, block list, or IronPort list","None required.","4","Warning","5","network","general"
+"%ASA-5-338302","338302","Address ipaddr discovered for domain name from list. Adding rule","%ASA-5-338302: Address ipaddr discovered for domain name from list. Adding rule","An IP address that was discovered from a DNS reply to the dynamic filter rule table was added. • ipaddr— The IP address from the DNS reply • name— The domain name • list —The list that includes the domain name, administrator block list, or IronPort list","None required.","5","Notification","5","network","general"
+"%ASA-5-338303","338303","Address ipaddr (name)) timed out. Removing rule","%ASA-5-338303: Address ipaddr (name)) timed out. Removing rule","An IP address that was discovered from the dynamic filter rule table was removed. • ipaddr— The IP address from the DNS reply • name— The domain name","None required.","5","Notification","5","network","general"
+"%ASA-6-338304","338304","Successfully downloaded dynamic filter data file from updater server url","%ASA-6-338304: Successfully downloaded dynamic filter data file from updater server url","A new version of the data file has been downloaded. • url —The URL of the updater server","None required.","6","Informational","5","network","general"
+"%ASA-3-338305","338305","Failed to download dynamic filter data file from updater server url","%ASA-3-338305: Failed to download dynamic filter data file from updater server url","The dynamic filter database has failed to download.","Make sure that you have a DNS configuration on the ASA so that the updater server URL can be resolved. If you cannot ping the server from the ASA, check with your network administrator for the correct network connection and routing configuration. If you are still having problems, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-338306","338306","Failed to authenticate with dynamic filter updater server url","%ASA-3-338306: Failed to authenticate with dynamic filter updater server url","The ASA failed to authenticate with the dynamic filter updater server. • url —The URL of the updater server","Contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-338307","338307","Failed to decrypt downloaded dynamic filter data file","%ASA-3-338307: Failed to decrypt downloaded dynamic filter data file","The downloaded dynamic filter database file failed to decrypt.","Contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-5-338308","338308","Dynamic Filter updater server dynamically changed from old_server_host:old_server_port to new_server_host:new_server_port","%ASA-5-338308: Dynamic Filter updater server dynamically changed from old_server_host:old_server_port to new_server_host:new_server_port","The ASA was directed to a new updater server host or port. • old_server_host :old_server_port —The previous updater server host and port • new_server_host :new_server_port —The new updater server host and port","None required.","5","Notification","5","network","general"
+"%ASA-3-338309","338309","The license on this device does not support dynamic filter updater feature","%ASA-3-338309: The license on this device does not support dynamic filter updater feature","The dynamic filter updater is a licensed feature; however, the license on the ASA does not support this feature.","None required.","3","Error","5","network","general"
+"%ASA-3-338310","338310","Failed to update from dynamic filter updater server url,, reason: reason_string","%ASA-3-338310: Failed to update from dynamic filter updater server url,, reason: reason_string","The ASA failed to receive an update from the dynamic filter updater server. • url— The URL of the updater server","Check the network connection to the server. Try to ping the server URL, which is shown in the output of the show dynamic-filter updater-client command. Make sure that the port is allowed through your network. If the network connection is not the problem, contact your network administrator.","3","Error","75","network","general"
+"%ASA-3-339001","339001","DNSCRYPT certificate update failed for &lt;num_tries&gt; tries.","%ASA-3-339001: DNSCRYPT certificate update failed for &lt;num_tries&gt; tries.","The DNSCrypt failed to receive a certificate update. • num_tries— The number of times DNSCrypt failed to get a certificate update","Check for the following: • If the route is setup for the Umbrella server. • If the Umbrella server egress interface is up. • If the correct Provider public key is used.","3","Error","75","network","general"
+"%ASA-3-339002","339002","Umbrella device registration failed with error code &lt;err_code&gt;","%ASA-3-339002: Umbrella device registration failed with error code &lt;err_code&gt;","The umbrella device registration failed. • err_code— The error code returned from the Umbrella Server.","If the error code is: • 400 – There is a problem with the request format or content. The token is probably too short or corrupted. Verify if the token matches what is on the Umbrella Dashboard. • 401 – The token is not authorized. If the token was refreshed on the Umbrella Dashboard, then the new token should be updated on ASA. • 409 – The device id is conflicting with another organization. Contact the Umbrella Server Administrator. • 500 – There is an internal server error. Contact the Umbrella Server Administrator.","3","Error","100","network","general"
+"%ASA-3-339003","339003","Umbrella device registration was successful.","%ASA-3-339003: Umbrella device registration was successful.","Successful message for the umbrella device registration.","None.","3","Error","65","network","general"
+"%ASA-3-339004","339004","Umbrella device registration failed due to missing token","%ASA-3-339004: Umbrella device registration failed due to missing token","Umbrella device registration failed due to missing token.","Make sure the token is configured under the global “umbrella” submode.","3","Error","75","network","general"
+"%ASA-3-339005","339005","Umbrella device registration failed after &lt;num_tries&gt; retries","%ASA-3-339005: Umbrella device registration failed after &lt;num_tries&gt; retries","Umbrella device registration failed. • num_tries— The number of times the device failed to register with the Umbrella Server.","Locate the error code in the syslog 339002 message. Refer the workaround for the 339002 syslog message and fix.","3","Error","75","network","general"
+"%ASA-3-339006","339006","Umbrella resolver current_resolver_ipv46 is reachable. Resuming redirect","%ASA-3-339006: Umbrella resolver current_resolver_ipv46 is reachable. Resuming redirect","Umbrella had failed to open, and the resolver was unreachable. The resolver is now reacheable and service is resumed. Recommended ActionNone.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","75","network","general"
+"%ASA-3-339007","339007","Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-open. Starting probe to resolver","%ASA-3-339007: Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-open. Starting probe to resolver","Umbrella fail-open has been configured and a resolver unreachabilty has been detected. Recommended ActionCheck the network settings for reachability to the Umbrella resolvers.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","general"
+"%ASA-3-339008","339008","Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-close","%ASA-3-339008: Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-close","Umbrella fail-open has NOT been configured and a resolver unreachabilty has been detected. Recommended ActionCheck the network settings for reachability to the Umbrella resolvers.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","general"
+"%ASA-6-339010","339010","Umbrella API token request was successful.","%ASA-6-339010: Umbrella API token request was successful.","This message appears when the request for umbrella API token was successful.","None.","6","Informational","15","network","general"
+"%ASA-3-339011","339011","Umbrella API token request received no responses.","%ASA-3-339011: Umbrella API token request received no responses.","This message appears when the request for umbrella API token has not received any response from the server.","None.","3","Error","65","network","general"
+"%ASA-3-339012","339012","Umbrella API token request failed with error code error_code.","%ASA-3-339012: Umbrella API token request failed with error code error_code.","This message appears when the request for umbrella API token has failed.","None.","3","Error","75","network","general"
+"%ASA-3-339013","339013","Umbrella API token request failed in response processing.","%ASA-3-339013: Umbrella API token request failed in response processing.","This message appears when the request for umbrella API token has failed while processing the response.","None.","3","Error","75","network","general"
+"%ASA-3-339014","339014","Umbrella API token request failed after retry_number retries.","%ASA-3-339014: Umbrella API token request failed after retry_number retries.","This message appears when the request for umbrella API token has failed after retries.","None.","3","Error","75","network","general"
+"%ASA-3-340001","340001","Vnet-proxy handshake error error_string - context_id (version)","%ASA-3-340001: Vnet-proxy handshake error error_string - context_id (version)","Loopback proxy allows third-party applications running on the Secure Firewall ASA to access the network. The loopback proxy encountered an error. • context_id— A unique, 32-bit context ID that is generated for each loopback client proxy request • version —The protocol version • request_type —The type of request, which can be one of the following: TC (TCP connection), TB (TCP bind), or UA (UDP association)","Copy the syslog message and contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-6-340002","340002","Vnet-proxy data relay error error_string from context_id/version to request_type/address_type - client_address_internal (client_port_internal)","%ASA-6-340002: Vnet-proxy data relay error error_string from context_id/version to request_type/address_type - client_address_internal (client_port_internal)","Loopback proxy allows third-party applications running on the Secure Firewall ASA to access the network. The loopback proxy generated debugging information for use in troubleshooting. • context_id— A unique, 32-bit context ID that is generated for each loopback client proxy request • version —The protocol version • request_type —The type of request, which can be one of the following: TC (TCP connection), TB (TCP bind), or UA (UDP association) • address_type —The types of addresses, which can be one of the following: IP4 (IPv4), IP6 (IPv6), or DNS (domain name service) • client_address_internal/server_address_internal— The addresses that the loopback client and the loopback server used for communication • client_port_internal /server_port_internal— The ports that the loopback client and the loopback server used for communication • server_address_external /remote_address_external —The addresses that the loopback server and the remote host used for communication • server_port_external /remote_port_external —The ports that the loopback server and the remote host used for communication • error_string —The error string that may help troubleshoot the problem","Copy the syslog message and contact the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-6-341001","341001","Policy Agent started successfully for VNMC vnmc_ip_addr","%ASA-6-341001: Policy Agent started successfully for VNMC vnmc_ip_addr","The policy agent processes (DME, ducatiAG, and commonAG) started successfully. • vnmc_ip_addr —-The IP address of the VNMC server","None.","6","Informational","15","network","general"
+"%ASA-6-341002","341002","Policy Agent stopped successfully for VNMC vnmc_ip_addr","%ASA-6-341002: Policy Agent stopped successfully for VNMC vnmc_ip_addr","The policy agent processes (DME, ducatiAG, and commonAG) were stopped. • vnmc_ip_addr —-The IP address of the VNMC server","None.","6","Informational","15","network","general"
+"%ASA-3-341003","341003","Policy Agent failed to start for VNMC vnmc_ip_addr","%ASA-3-341003: Policy Agent failed to start for VNMC vnmc_ip_addr","The policy agent failed to start. • vnmc_ip_addr —-The IP address of the VNMC server","Check for console history and the disk0:/pa/log/vnm_pa_error_status for error messages. To retry starting the policy agent, issue the registration host command again.","3","Error","75","network","general"
+"%ASA-3-341004","341004","Storage device not available. Attempt to shutdown module module_name failed.","%ASA-3-341004: Storage device not available. Attempt to shutdown module module_name failed.","All SSDs have failed or been removed with the system in Up state. The system has attempted to shut down the software module, but that attempt has failed. • %s —The software module (for example, cxsc)","Replace the remved or failed drive and reload the Secure Firewall ASA.","3","Error","100","network","general"
+"%ASA-3-341005","341005","Storage device not available. Shutdown issued for module module_name.","%ASA-3-341005: Storage device not available. Shutdown issued for module module_name.","All SSDs have failed or been removed with the system in Up state. The system is shutting down the software module. • %s —The software module (for example, cxsc)","Replace the removed or failed drive and reload the software module.","3","Error","100","network","general"
+"%ASA-3-341006","341006","Storage device not available. Failed to stop recovery of module module_name.","%ASA-3-341006: Storage device not available. Failed to stop recovery of module module_name.","All SSDs have failed or been removed with the system in recorvery state. The system attempted to stop the recover, but that attempt failed. • %s —The software module (for example, cxsc)","Replace the removed or failed drive and reload the Secure Firewall ASA.","3","Error","100","network","general"
+"%ASA-3-341007","341007","Storage device not available. Further recovery of module module_name was stopped. This may take several minutes to complete.","%ASA-3-341007: Storage device not available. Further recovery of module module_name was stopped. This may take several minutes to complete.","All SSDs have failed or been removed with the system in recovery state. The system is stopping the recovery of the softwaremodule. • %s —The software module (for example, cxsc)","Replace the removed or failed drive and reload the software module.","3","Error","100","network","general"
+"%ASA-3-341008","341008","Storage device not found. Auto-boot of module module_name cancelled. Install drive and reload to try again.","%ASA-3-341008: Storage device not found. Auto-boot of module module_name cancelled. Install drive and reload to try again.","After getting the system into Up state, all SSDs have failed or been removed before reloading the system. Because the default action during boot is to auto-boot the software module, that action is blocked because there is no storage device available.","Replace the removed or failed drive and reload the software module.","3","Error","100","network","general"
+"%ASA-6-341010","341010","Storage device with serial number ser_no [inserted_into|removed_from] bay bay_no","%ASA-6-341010: Storage device with serial number ser_no [inserted_into|removed_from] bay bay_no","The Secure Firewall ASA has detected insertion or removal events and generates this syslog message immediately.","None required.","6","Informational","5","network","general"
+"%ASA-3-341011","341011","Storage device with serial number ser_no in bay bay_no faulty","%ASA-3-341011: Storage device with serial number ser_no in bay bay_no faulty","The Secure Firewall ASA polls the hard disk drive (HDD) health status every 10 minutes and generates this syslog message if the HDD is in a failed state.","None required.","3","Error","5","network","general"
+"%ASA-7-342001","342001","The REST API Agent was successfully started.","%ASA-7-342001: The REST API Agent was successfully started.","The REST API Agent must be successfully started before a REST API Client can configure the ASA.","None.","7","Debugging","5","network","general"
+"%ASA-3-342002","342002","REST API Agent failed, reason: reason.","%ASA-3-342002: REST API Agent failed, reason: reason.","The REST API Agent could fail to start or crash for various reasons, and the reason is specified. • reason —The cause for the REST API failure","The actions taken to resolve the issue vary depending on the reason logged. For example, the REST API Agent crashes when the Java process runs out of memory. If this occurs, you need to restart the REST API Agent. If the restart is not successful, contact the Cisco TAC to identify the root cause fix.","3","Error","75","network","general"
+"%ASA-3-342003","342003","REST API Agent failure notification received. Agent will be restarted automatically.","%ASA-3-342003: REST API Agent failure notification received. Agent will be restarted automatically.","A failure notification from the REST API Agent has been received and a restart of the Agent is being attempted.","None.","3","Error","75","network","general"
+"%ASA-3-342004","342004","Failed to automatically restart the REST API Agent after num unsuccessful attempts. Use the 'no rest-api agent' and 'rest-api agent' commands to manually restart the Agent.","%ASA-3-342004: Failed to automatically restart the REST API Agent after num unsuccessful attempts. Use the 'no rest-api agent' and 'rest-api agent' commands to manually restart the Agent.","The REST API Agent has failed to start after many attempts.","See syslog","3","Error","75","network","general"
+"%ASA-7-342005","342005","REST API image has been successfully installed.","%ASA-7-342005: REST API image has been successfully installed.","The REST API image must be successfully installed before starting the REST API Agent.","None.","7","Debugging","5","network","general"
+"%ASA-3-342006","342006","Failed to install REST API image, reason: reason.","%ASA-3-342006: Failed to install REST API image, reason: reason.","The REST API image installation may fail, for one of the following reasons: version check failed, image verification failed, image file not found, out of space on flash or mount failed.","The administrator should fix the failure and try to install the image again using ‘rest-api image <image>’.","3","Error","75","network","general"
+"%ASA-7-342007","342007","REST API image has been successfully uninstalled.","%ASA-7-342007: REST API image has been successfully uninstalled.","The old REST API image must be successfully uninstalled before a new one can be installed.","None.","7","Debugging","5","network","general"
+"%ASA-3-342008","342008","Failed to uninstall REST API image, reason: reason.","%ASA-3-342008: Failed to uninstall REST API image, reason: reason.","The REST API image could not be uninstalled for the following reasons- unmount failed or REST Agent is enabled.","The administrator should disable the REST Agent, before trying to uninstall the REST API image.","3","Error","75","network","general"
+"%ASA-4-401001","401001","Shuns cleared","%ASA-4-401001: Shuns cleared","The clear shun command was entered to remove existing shuns from memory. An institution to keep a record of shunning activity was allowed.","None required.","4","Warning","5","network","general"
+"%ASA-4-401002","401002","Shun added: IP_address IP_address port port","%ASA-4-401002: Shun added: IP_address IP_address port port","A shun command was entered, where the first IP address is the shunned host. The other addresses and ports are optional and are used to terminate the connection if available. An institution to keep a record of shunning activity was allowed.","None required.","4","Warning","5","network","general"
+"%ASA-4-401003","401003","Shun deleted: IP_address","%ASA-4-401003: Shun deleted: IP_address","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","None required.","4","Warning","5","network","general"
+"%ASA-4-401004","401004","Shunned packet: IP_address ==&gt; IP_address on interface interface_name","%ASA-4-401004: Shunned packet: IP_address ==&gt; IP_address on interface interface_name","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-4-401005","401005","Shun add failed: unable to allocate resources for IP_address IP_address port port","%ASA-4-401005: Shun add failed: unable to allocate resources for IP_address IP_address port port","The Secure Firewall ASA is out of memory; a shun cannot be applied.","The Cisco IPS should continue to attempt to apply this rule. Try to reclaim memory and reapply a shun manually, or wait for the Cisco IPS to do this.","4","Warning","55","network","general"
+"%ASA-4-402114","402114","IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP to local_IP with an invalid SPI.","%ASA-4-402114: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP to local_IP with an invalid SPI.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-4-402115","402115","IPSEC: Received a packet from remote_IP to local_IP containing act_prot data instead of exp_prot data.","%ASA-4-402115: IPSEC: Received a packet from remote_IP to local_IP containing act_prot data instead of exp_prot data.","An IPsec packet was received that is missing the expected ESP header. The peer is sending packets that do not match the negotiated security policy, which may indicate an attack. This message is rate limited to no more than one message every five seconds. • remote_IP>— IP address of the remote endpoint of the tunnel • local_IP>— IP address of the local endpoint of the tunnel • >act_prot— Received IPsec protocol • >exp_prot— Expected IPsec protocol","Contact the administrator of the peer.","4","Warning","65","network","general"
+"%ASA-4-402116","402116","IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_ip (user= username) to local_ip. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as pkt_daddr, its source as pkt_saddr, and its protocol as pkt_prot. The SA specifies its local proxy as id_daddr/id_dmask/id_dprot/id_dport and its remote_proxy as id_saddr/id_smask/id_sprot/id_sport.","%ASA-4-402116: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_ip (user= username) to local_ip. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as pkt_daddr, its source as pkt_saddr, and its protocol as pkt_prot. The SA specifies its local proxy as id_daddr/id_dmask/id_dprot/id_dport and its remote_proxy as id_saddr/id_smask/id_sprot/id_sport.",": A decapsulated IPsec packet does not match the negotiated identity. The peer is sending other traffic through this security association, which may be caused by a security association selection error by the peer, or it may be part of an attack. This message is rate limited to no more than one message every five seconds. • >protocol— IPsec protocol • >spi— IPsec Security Parameter Index • seq_num>— IPsec sequence number • remote_ip>— IP address of the remote endpoint of the tunnel • >username— Username associated with the IPsec tunnel • local_ip>— IP address of the local endpoint of the tunnel • pkt_daddr>— Destination address from the decapsulated packet","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","65","network","general"
+"%ASA-4-402117","402117","IPSEC: Received a non-IPSec packet (protocol= protocol) from remote_IP to local_IP.","%ASA-4-402117: IPSEC: Received a non-IPSec packet (protocol= protocol) from remote_IP to local_IP.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-4-402118","402118","IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP containing an illegal IP fragment of length frag_len with offset frag_offset.","%ASA-4-402118: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP containing an illegal IP fragment of length frag_len with offset frag_offset.","A decapsulatd IPsec packet included an IP fragment with an offset less than or equal to 128 bytes. The latest version of the security architecture for IP RFC recommends 128 bytes as the minimum IP fragment offset to prevent reassembly attacks. This may be part of an attack. This message is rate limited to no more than one message every five seconds. • >protocol— IPsec protocol • >spi— IPsec Security Parameter Index • seq_num>— IPsec sequence number • remote_IP>— IP address of the remote endpoint of the tunnel • >username— Username associated with the IPsec tunnel • local_IP>— IP address of the local endpoint of the tunnel","Contact the administrator of the remote peer to compare policy settings.","4","Warning","65","network","general"
+"%ASA-4-402119","402119","IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed anti-replay checking.","%ASA-4-402119: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed anti-replay checking.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-4-402120","402120","IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed authentication.","%ASA-4-402120: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed authentication.","An IPsec packet was received and failed authentication. The packet is dropped. The packet may have been corrupted in transit, or the peer may be sending invalid IPsec packets, which may indicate an attack if many of these packets were received from the same peer. This message is rate limited to no more than one message every five seconds. • >protocol— IPsec protocol • >spi— IPsec Security Parameter Index • seq_num>— IPsec sequence number • remote_IP>— IP address of the remote endpoint of the tunnel • >username— Username associated with the IPsec tunnel • local_IP>— IP address of the local endpoint of the tunnel","Contact the administrator of the remote peer if many failed packets were received.","4","Warning","75","network","general"
+"%ASA-4-402121","402121","IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from peer_addr (user= username) to lcl_addr that was dropped by IPSec (drop_reason).","%ASA-4-402121: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from peer_addr (user= username) to lcl_addr that was dropped by IPSec (drop_reason).","An IPsec packet to be decapsulated was received and subsequently dropped by the IPsec subsystem. This may indicate a problem with the Secure Firewall ASA configuration or with the Secure Firewall ASA itself.","If the problem persists, contact the Cisco TAC.","4","Warning","65","network","general"
+"%ASA-4-402122","402122","IPSEC: Received a cleartext packet from src_addr to dest_addr that was to be encapsulated in IPSec that was dropped by IPSec (drop_reason).","%ASA-4-402122: IPSEC: Received a cleartext packet from src_addr to dest_addr that was to be encapsulated in IPSec that was dropped by IPSec (drop_reason).","A packet to be encapsulated in IPsec was received and subsequently dropped by the IPsec subsystem. This may indicate a problem with the Secure Firewall ASA configuration or with the Secure Firewall ASA itself. • src_addr >— Source IP address • dest_addr >— Destination> IP address • drop_reason>— Reason that the packet was dropped","If the problem persists, contact the Cisco TAC.","4","Warning","65","network","general"
+"%ASA-4-402123","402123","CRYPTO: The accel_type hardware accelerator encountered an error (eror_type, code= error_string) while executing the command command_name (command).","%ASA-4-402123: CRYPTO: The accel_type hardware accelerator encountered an error (eror_type, code= error_string) while executing the command command_name (command).","An error was detected while running a crypto command with a hardware accelerator, which may indicate a problem with the accelerator. This type of error may occur for a variety of reasons, and this message supplements the crypto accelerator counters to help determine the cause. • accel_type—Hardware accelerator type • >error_string— Code indicating the type of error • command—Crypto command that generated the error","If the problem persists, contact the Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-402124","402124","CRYPTO: The platform hardware accelerator encountered an error (HWErrAddr= 0xerror_address, Core= error_core, HwErrCode= error_code, Queue= queue_string (0), IstatReg= 0xIstat, Station= core_station, CoreRptr= 0xcore_pointer, CoreConfig= 0xcore_config_pointer, SWReset= Reset_code)","%ASA-4-402124: CRYPTO: The platform hardware accelerator encountered an error (HWErrAddr= 0xerror_address, Core= error_core, HwErrCode= error_code, Queue= queue_string (0), IstatReg= 0xIstat, Station= core_station, CoreRptr= 0xcore_pointer, CoreConfig= 0xcore_config_pointer, SWReset= Reset_code)","The crypto hardware chip has reported a fatal error, indicating that the chip is inoperable. The information from this message captures the details to allow further analysis of the problem. The crypto chip is reset when this condition is detected to unobtrusively allow the Secure Firewall ASA to continue functioning. Also, the crypto environment at the time this issue is detected is written to a crypto archive directory on flash to provide further debugging information. Various parameters related to the crypto hardware are included in this message, as follows: • HWErrAddr>— Hardware address (set by crypto chip) • Core>— Crypto core experiencing the error • HwErrCode>— Hardware error code (set by crypto chip) • IstatReg>— Interrupt status register (set by crypto chip) • PciErrReg>— PCI error register (set by crypto chip) • CoreErrStat>— Core error status (set by crypto chip) • CoreErrAddr>— Core error address (set by crypto chip) • Doorbell Size>— Maximum crypto commands allowed • DoorBell Outstanding>— Crypto commands outstanding • SWReset>— Number of crypto chip resets since boot The","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-4-402125","402125","CRYPTO: The platform hardware accelerator ring_string ring timed out (Desc= 0xdescriptor_address, CtrlStat= 0xcontrol_or_status value, ResultP= 0xsuccess_pointer, ResultVal= success_value, Cmd= 0xcrypto_command, CmdSize= command_size, Param= 0xcommand_parameters, Dlen= Data_length, DataP= 0xData_pointer, CtxtP= 0xVPN_context_pointer, SWReset= reset_number)","%ASA-4-402125: CRYPTO: The platform hardware accelerator ring_string ring timed out (Desc= 0xdescriptor_address, CtrlStat= 0xcontrol_or_status value, ResultP= 0xsuccess_pointer, ResultVal= success_value, Cmd= 0xcrypto_command, CmdSize= command_size, Param= 0xcommand_parameters, Dlen= Data_length, DataP= 0xData_pointer, CtxtP= 0xVPN_context_pointer, SWReset= reset_number)","The crypto driver has detected that either the IPSEC descriptor ring or SSL/Admin descriptor ring is no longer progressing, meaning the crypto chip no longer appears to be functioning. The crypto chip is reset when this condition is detected to unobtrusively allow the Secure Firewall ASA to continue functioning. Also, the crypto environment at the time this issue was detected was written to a crypto archive directory on flash to provide further debugging information. • >ring— IPSEC or Admin ring • parameters >— Include the following: - Desc>— Descriptor address - CtrlStat>— Control/status value - ResultP>— Success pointer - ResultVal>— Success value","Forward the message information to the Cisco TAC for further analysis.","4","Warning","45","network","general"
+"%ASA-4-402126","402126","CRYPTO: The platform created Crypto Archive File &lt;Archive_Filename&gt; as a Soft Reset was necessary. Please forward this archived information to Cisco","%ASA-4-402126: CRYPTO: The platform created Crypto Archive File &lt;Archive_Filename&gt; as a Soft Reset was necessary. Please forward this archived information to Cisco","A functional problem with the hardware crypto chip was detected (see syslog messages 402124 and 402125). To further debug the crypto problem, a crypto archive file was generated that included the current crypto hardware environment (hardware registers and crypto description entries). At boot time, a crypto_archive directory was automatically created on the flash file system (if it did not exist previously). A maximum of two crypto archive files are allowed to exist in this directory. • >Archive Filename— The name of the crypto archive file name. The crypto archive file names are of the form, crypto_arch_x.bin, where x = (1 or 2).","Forward the crypto archive files to the Cisco TAC for further analysis.","4","Warning","45","network","general"
+"%ASA-4-402127","402127","CRYPTO: The platform is skipping the writing of latest Crypto Archive File as the maximum # of files ( max_number ) allowed have been written to &lt;archive_directory&gt;. Please archive remove files from &lt; Archive Directory &gt; if you want more Crypto Archive Files saved","%ASA-4-402127: CRYPTO: The platform is skipping the writing of latest Crypto Archive File as the maximum # of files ( max_number ) allowed have been written to &lt;archive_directory&gt;. Please archive remove files from &lt; Archive Directory &gt; if you want more Crypto Archive Files saved","A functional problem with the hardware crypto chip was detected (see messages 4402124 and 4402125). This message indicates a crypto archive file was not written, because the maximum number of crypto archive files already existed. • max_number >— Maximum number of files allowed in the archive directory; currently set to two • >archive_directory— Name of the archive directory","Forward previously generated crypto archive files to the Cisco TAC. Remove the previously generated archive file(s) so that more can be written (if deemed necessary).","4","Warning","45","network","general"
+"%ASA-5-402128","402128","CRYPTO: An attempt to allocate a large memory block failed, size: size, limit: limit.","%ASA-5-402128: CRYPTO: An attempt to allocate a large memory block failed, size: size, limit: limit.","An SSL connection is attempting to use more memory than allowed. The request has been denied. • size —The size of the memory block being allocated • limit —The maximum size of allocated memory permitted","If this message persists, an SSL denial of service attack may be in progress. Contact the remote peer administrator or upstream provider.","5","Notification","55","network","general"
+"%ASA-6-402129","402129","CRYPTO: An attempt to release a DMA memory block failed, location: address.","%ASA-6-402129: CRYPTO: An attempt to release a DMA memory block failed, location: address.","An internal software error has occurred. • address —The address being freed","Contact the Cisco TAC for assistance.","6","Informational","25","network","general"
+"%ASA-6-402130","402130","CRYPTO: Received an ESP packet (SPI = xxxxxxxxxx, sequence number=xxxx) from 172.16.0.1 (user=user) to 192.168.0.2 with incorrect IPsec padding.","%ASA-6-402130: CRYPTO: Received an ESP packet (SPI = xxxxxxxxxx, sequence number=xxxx) from 172.16.0.1 (user=user) to 192.168.0.2 with incorrect IPsec padding.","The Secure Firewall ASA crypto hardware accelerator detected an IPsec packet with invalid padding. The ATT VPN client sometimes pads IPsec packets incorrectly. • SPI —The SPI associated with the packet • sequence number —The sequence number associated with the packet • user —Username string • padding —Padding data from the packet","While this message is None required and does not indicate a problem with the Secure Firewall ASA, customers using the ATT VPN client may wish to upgrade their VPN client software.","6","Informational","5","network","general"
+"%ASA-4-402131","402131","CRYPTO: status changing the accel_instance hardware accelerator's configuration bias from old_config_bias to new_config_bias.","%ASA-4-402131: CRYPTO: status changing the accel_instance hardware accelerator's configuration bias from old_config_bias to new_config_bias.","The hardware accelerator configuration has been changed on the Secure Firewall ASA. Some Secure Firewall ASA platforms have multiple hardware accelerators. One syslog message is generated for each hardware accelerator change. • status —Indicates success or failure • accel_instance —The instance of the hardware accelerator • old_config_bias —The old configuration • new_config_bias —The new configuration","If any of the accelerators fails when attempting to change its configuration, collect logging information and contact the Cisco TAC. If a failure occurs, the software will retry the configuration","4","Warning","55","network","general"
+"%ASA-3-402140","402140","CRYPTO: RSA key generation error: modulus len len","%ASA-3-402140: CRYPTO: RSA key generation error: modulus len len","An error occurred during an RSA public key pair generation. • len —The prime modulus length in bits","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402141","402141","CRYPTO: Key zeroization error: key set 'type', reason 'reason'","%ASA-3-402141: CRYPTO: Key zeroization error: key set 'type', reason 'reason'","An error occurred during an RSA public key pair generation. • type —The key set type, which can be any of the following: DH, RSA, DSA, or unknown • reason —The unexpected crypto session type","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402142","402142","CRYPTO: Bulk data op error: algorithm 'alg', mode 'mode'","%ASA-3-402142: CRYPTO: Bulk data op error: algorithm 'alg', mode 'mode'","An error occurred during a symmetric key operation. • op —The operation, which can be either encryption or decryption • alg —The encryption algorithm, which can be any of the following: DES, 3DES, AES, or RC4 • mode —The mode, which can be any of the following: CBC, CTR, CFB, ECB, stateful-RC4, or stateless-RC4","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402143","402143","CRYPTO: alg type key op error","%ASA-3-402143: CRYPTO: alg type key op error","An error occurred during an asymmetric key operation. • alg —The encryption algorithm, which can be either RSA or DSA • type —The key type, which can be either public or private • op —The operation, which can be either encryption or decryption","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402144","402144","CRYPTO: Digital signature error: signature algorithm 'sig', hash algorithm 'hash'","%ASA-3-402144: CRYPTO: Digital signature error: signature algorithm 'sig', hash algorithm 'hash'","An error occurred during digital signature generation. • sig —The signature algorithm, which can be either RSA or DSA • hash —The hash algorithm, which can be any of the following: MD5, SHA1, SHA256, SHA384, or SHA512","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402145","402145","CRYPTO: Hash generation error: algorithm 'hash'","%ASA-3-402145: CRYPTO: Hash generation error: algorithm 'hash'","A hash generation error occurred. • hash —The hash algorithm, which can be any of the following: MD5, SHA1, SHA256, SHA384, or SHA512","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402146","402146","CRYPTO: Keyed hash generation error: algorithm 'hash', key len len","%ASA-3-402146: CRYPTO: Keyed hash generation error: algorithm 'hash', key len len","A keyed hash generation error occurred. • hash —The hash algorithm, which can be any of the following: MD5, SHA1, SHA256, SHA384, or SHA512 • len —The key length in bits","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402147","402147","CRYPTO: HMAC generation error: algorithm 'alg'","%ASA-3-402147: CRYPTO: HMAC generation error: algorithm 'alg'","An HMAC generation error occurred. • alg —The HMAC algorithm, which can be any of the following: HMAC-MD5, HMAC-SHA1, HMAC-SHA2, or AES-XCBC","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402148","402148","CRYPTO: Random Number Generator error","%ASA-3-402148: CRYPTO: Random Number Generator error","A random number generator error occurred.","Contact the Cisco TAC for assistance.","3","Error","65","network","general"
+"%ASA-3-402149","402149","CRYPTO: Weak encryption_type (length) provided. Operation disallowed. Not FIPS 140-2 compliant","%ASA-3-402149: CRYPTO: Weak encryption_type (length) provided. Operation disallowed. Not FIPS 140-2 compliant","The Secure Firewall ASA tried to use an RSA key that is less than 2048 bits or DH groups 1, 2, or 5. • encryption type —The encryption type • length —The RSA key length or DH group number","Configure the Secure Firewall ASA or external application to use an RSA key that is at least 2048 bits, or to configure a DH group that is not 1, 2, or 5.","3","Error","65","network","general"
+"%ASA-3-402150","402150","CRYPTO: Deprecated hash algorithm used for RSA operation (hash_alg). Operation disallowed. Not FIPS 140-2 compliant","%ASA-3-402150: CRYPTO: Deprecated hash algorithm used for RSA operation (hash_alg). Operation disallowed. Not FIPS 140-2 compliant","An unacceptable hashing algorithm has been used for digital certificate signing or verification for FIPS 140-2 certification. • operation —Sign or verify • hash alg —The name of the unacceptable hashing algorithm","Make sure that you use the minimum acceptable hashing algorithm for digital certificate signing or verification for FIPS 140-2 certification. These include SHA-256, SHA-384, and SHA-512.","3","Error","75","network","general"
+"%ASA-4-403101","403101","PPTP session state not established, but received an XGRE packet, tunnel_id=number, session_id=number","%ASA-4-403101: PPTP session state not established, but received an XGRE packet, tunnel_id=number, session_id=number","The ASA received a PPTP XGRE packet without a corresponding control connection session.","If the problem persists, contact the Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-403102","403102","PPP virtual interface interface_name rcvd pkt with invalid protocol: protocol, reason: reason","%ASA-4-403102: PPP virtual interface interface_name rcvd pkt with invalid protocol: protocol, reason: reason","The module received an XGRE encapsulated PPP packet with an invalid protocol field.","If the problem persists, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-4-403103","403103","PPP virtual interface max connections reached","%ASA-4-403103: PPP virtual interface max connections reached","The module cannot accept additional PPTP connections.Connections are allocated as soon as they are available.","None required.","4","Warning","5","network","general"
+"%ASA-4-403104","403104","PPP virtual interface interface_name requires mschap for MPPE","%ASA-4-403104: PPP virtual interface interface_name requires mschap for MPPE","The MPPE was configured, but MS-CHAP authentication was not.","Add MS-CHAP authentication with the vpdn group group_name ppp authentication command.","4","Warning","45","network","general"
+"%ASA-4-403106","403106","PPP virtual interface interface_name requires RADIUS aaa server for MPPE","%ASA-4-403106: PPP virtual interface interface_name requires RADIUS aaa server for MPPE","The MPPE was configured, but RADIUS authentication was not.","Add RADIUS authentication with the vpdn group group_name ppp authentication command.","4","Warning","45","network","general"
+"%ASA-4-403107","403107","PPP virtual interface interface_name missing aaa server group info","%ASA-4-403107: PPP virtual interface interface_name missing aaa server group info","The AAA server configuration information cannot be found.","Add the AAA server information with the vpdn group group_name client authentication aaa aaa_server_group command.","4","Warning","45","network","general"
+"%ASA-4-403108","403108","PPP virtual interface interface_name missing client ip address option","%ASA-4-403108: PPP virtual interface interface_name missing client ip address option","The client IP address pool information is missing.","Add IP address pool information with the vpdn group group_name client configuration address local address_pool_name command.","4","Warning","45","network","general"
+"%ASA-4-403109","403109","Rec'd packet not a PPTP packet. (ip) dest_addr= ip, src_addr= dest_address, data: source_address","%ASA-4-403109: Rec'd packet not a PPTP packet. (ip) dest_addr= ip, src_addr= dest_address, data: source_address","The module received a spoofed PPTP packet, which may indicate a hostile event.","Contact the administrator of the peer to check the PPTP configuration settings.","4","Warning","65","network","general"
+"%ASA-4-403110","403110","PPP virtual interface interface_name, user: user missing MPPE key from aaa server","%ASA-4-403110: PPP virtual interface interface_name, user: user missing MPPE key from aaa server","The AAA server was not returning the MPPE key attributes required to set up the MPPE encryption policy.","Check the AAA server configuration. If the AAA server cannot return MPPE key attributes, use local authentication instead by entering the vpdn group group_name client authentication local command.","4","Warning","45","network","general"
+"%ASA-6-403500","403500","PPPoE - Service name 'any' not received in interface_name. AC:ac_name.","%ASA-6-403500: PPPoE - Service name 'any' not received in interface_name. AC:ac_name.","The Secure Firewall ASA requested the PPPoE service any from the access controller at the Internet service provider. The response from the service provider includes other services, but does not include the service any . This is a discrepancy in the implementation of the protocol. The PADO packet is processed normally, and connection negotiations continue.","None required.","6","Informational","5","network","general"
+"%ASA-3-403501","403501","PPPoE - Bad host-unique in PADO - packet dropped. AC:interface_name.","%ASA-3-403501: PPPoE - Bad host-unique in PADO - packet dropped. AC:interface_name.","The Secure Firewall ASA sent an identifier called the host-unique value to the access controller. The access controller responded with a different host-unique value. The Secure Firewall ASA was unable to identify the corresponding connection request for this response. The packet was dropped, and connection negotiations were discontinued.","Contact the Internet service provider. Either the access controller at the service provider is mishandling the host-unique value, or the PADO packet is being forged.","3","Error","95","network","general"
+"%ASA-3-403502","403502","PPPoE - Bad host-unique in PADS - packet dropped. AC:interface_name.","%ASA-3-403502: PPPoE - Bad host-unique in PADS - packet dropped. AC:interface_name.","The Secure Firewall ASA sent an identifier called the host-unique value to the access controller. The access controller responded with a different host-unique value. The Secure Firewall ASA was unable to identify the corresponding connection request for this response. The packet was dropped, and connection negotiations were discontinued.","Contact the Internet service provider. Either the access controller at the service provider is mishandling the host-unique value, or the PADO packet is being forged.","3","Error","95","network","general"
+"%ASA-3-403503","403503","Header_string:PPP link down[:reason string]","%ASA-3-403503: Header_string:PPP link down[:reason string]","The PPP link has gone down. There are many reasons why this can happen. The first format will display a reason if PPP provides one.","Check the network link to ensure that the link is connected. The access concentrator may be down. Make sure that your authentication protocol matches the access concentrator and that your name and password are correct. Verify this information with your ISP or network support person.","3","Error","75","network","general"
+"%ASA-3-403504","403504","group_name:No 'vpdn group' for PPPoE has been created!","%ASA-3-403504: group_name:No 'vpdn group' for PPPoE has been created!","PPPoE requires a dial-out configuration before starting a PPPoE session. In general, the configuration should specify a dialing policy, the PPP authentication, the username, and a password. The following example configures the Secure Firewall ASA for PPPoE dialout. The my-username and my-password commands are used to authenticate the access concentrator, using PAP if necessary. For example: ciscoasa# vpdn group my-pppoe request dialout pppoe ciscoasa# vpdn group my-pppoe ppp authentication pap ciscoasa# vpdn group my-pppoe localname my-username ciscoasa# vpdn username my-username password my-password ciscoasa# ip address outside pppoe setroute","Configure a VPDN group for PPPoE.","3","Error","65","network","general"
+"%ASA-4-403505","403505","PPPoE:PPP - Unable to set default route to IP_address at interface_name. interface","%ASA-4-403505: PPPoE:PPP - Unable to set default route to IP_address at interface_name. interface","This message is usually followed by the message, default route already exists.","Remove the current default route or remove the setroute parameter so that there is no conflict between PPPoE and the manually configured route.","4","Warning","55","network","general"
+"%ASA-4-403506","403506","PPPoE: failed to assign PPP address IP_address netmask netmask at interface interface_name","%ASA-4-403506: PPPoE: failed to assign PPP address IP_address netmask netmask at interface interface_name","This message is followed by one of the followings messages: subnet is the same as interface, or on failover channel.","In the first case, change the address causing the conflict. In the second case, configure the PPPoE on an interface other than the failover interface.","4","Warning","55","network","general"
+"%ASA-3-403507","403507","PPPoE:PPPoE client on interface interface failed to locate PPPoE vpdn group group_name","%ASA-3-403507: PPPoE:PPPoE client on interface interface failed to locate PPPoE vpdn group group_name","You can configure the PPPoE client on an interface to use a particular VPDN group by entering the pppoe client vpdn group group_name command. If a PPPoE VPDN group of the configured name was not located during system startup, this message is generated. • interface —The interface on which the PPPoE client failed","Perform the following steps: 1. Add the required VPDN group by entering the vpdn group group_name command. Request dialout PPPoE in global configuration mode, and add all the group properties. 2. Remove the pppoe client vpdn group group_name command from the interface indicated. In this case, the PPPoE client will attempt to use the first PPPoE VPDN group defined. All changes take effect only after the PPPoE client on the interface is restarted by entering the ip address pppoe command. Note","3","Error","75","network","general"
+"%ASA-4-405001","405001","Received ARP {request | response} collision from ip_address/MAC_address on interface interface_name with existing ARP entry ip_address/MAC_address","%ASA-4-405001: Received ARP {request | response} collision from ip_address/MAC_address on interface interface_name with existing ARP entry ip_address/MAC_address","The Secure Firewall ASA received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.","This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and to see if they belong to a valid host.","4","Warning","65","network","general"
+"%ASA-4-405002","405002","Received mac mismatch packet from IP_address/{MAC_bytes|MAC_address} for authenticated host","%ASA-4-405002: Received mac mismatch packet from IP_address/{MAC_bytes|MAC_address} for authenticated host","This packet appears for one of the following conditions: • The Secure Firewall ASA received a packet with the same IP address, but a different MAC address from one of its uauth entries. • You configured the vpnclient mac-exempt command on the Secure Firewall ASA, and the Secure Firewall ASA received a packet with an exempt MAC address, but a different IP address from the corresponding uauth entry.","This traffic might be legitimate, or it might indicate that a spoofing attack is in progress. Check the source MAC address and IP address to determine where the packets are coming from and if they belong to a valid host.","4","Warning","75","network","general"
+"%ASA-4-405003","405003","IP address collision detected between host ip_address at MAC_address and interface interface_name, MAC_address","%ASA-4-405003: IP address collision detected between host ip_address at MAC_address and interface interface_name, MAC_address","A client IP address in the network is the same as the Secure Firewall ASA interface IP address.","Change the IP address of the client.","4","Warning","45","network","general"
+"%ASA-4-405101","405101","Unable to Pre-allocate H225 Call Signalling Connection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","%ASA-4-405101: Unable to Pre-allocate H225 Call Signalling Connection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","The module failed to allocate RAM system memory while starting a connection or has no more address translation slots available.","If this message occurs periodically, it can be ignored. You can check the size of the global pool compared to the number of inside network clients. A PAT address may be necessary. Alternatively, shorten the timeout interval of translates and connections. This error message may also be caused by insufficient memory; try reducing the amount of memory usage, or purchasing additional memory. If the problem persists, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-4-405102","405102","Unable to Pre-allocate H245 Connection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","%ASA-4-405102: Unable to Pre-allocate H245 Connection for faddr foreign_ip_address/foreign_port to laddr local_ip_address","The Secure Firewall ASA failed to allocate RAM system memory while starting a connection or has no more address translation slots available.","Check the size of the global pool compared to the number of inside network clients. A PAT address may be necessary. Alternatively, shorten the timeout interval of translations and connections. In addition, reduce the amount of memory usage, or purchase additional memory. If this message occurs periodically, it can be ignored. If the problem persists, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-4-405103","405103","H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator hex","%ASA-4-405103: H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator hex","The Secure Firewall ASA is expecting the protocol discriminator, 0x08, but it received something other than 0x08. The endpoint may be sending a bad packet, or received a message segment other than the first segment. The packet is allowed through.","None required.","4","Warning","5","network","general"
+"%ASA-4-405104","405104","H225 message string received from outside_address/outside_port to inside_address/inside_port before SETUP","%ASA-4-405104: H225 message string received from outside_address/outside_port to inside_address/inside_port before SETUP","An H.225 message was received out of order, before the initial SETUP message, which is not allowed. The Secure Firewall ASA must receive an initial SETUP message for that H.225 call signalling channel before accepting any other H.225 messages.","None required.","4","Warning","5","network","general"
+"%ASA-4-405105","405105","H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without an AdmissionRequest","%ASA-4-405105: H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without an AdmissionRequest","A gatekeeper has sent an ACF, but the Secure Firewall ASA did not send an ARQ to the gatekeeper.","Check the gatekeeper with the specified source_address to determine why it sent an ACF without receiving an ARQ from the Secure Firewall ASA.","4","Warning","45","network","general"
+"%ASA-4-405106","405106","H323 num channel is not created from %I/%d to %I/%d %s","%ASA-4-405106: H323 num channel is not created from %I/%d to %I/%d %s","The ASA tried to create a match condition on the H.323 media-type channel. See the match media-type command for more information.","None required.","4","Warning","5","network","general"
+"%ASA-4-405107","405107","H245 Tunnel is detected and connection dropped from %I/%d to %I/%d %s","%ASA-4-405107: H245 Tunnel is detected and connection dropped from %I/%d to %I/%d %s","An H.323 connection has been dropped because of an attempted H.245 tunnel control during call setup. See the h245-tunnel-block command for more information.","None required.","4","Warning","65","network","general"
+"%ASA-4-405201","405201","ILS ILS_message_type from inside_interface:source_IP_address/port to outside_interface:destination_IP_address/port has wrong embedded address embedded_IP_address","%ASA-4-405201: ILS ILS_message_type from inside_interface:source_IP_address/port to outside_interface:destination_IP_address/port has wrong embedded address embedded_IP_address","The embedded address in the ILS packet payload was not the same as the source IP address of the IP packet header.","Check the host specified with the source_IP_address to determine why it sent an ILS packet with an incorrect embedded IP address.","4","Warning","45","network","general"
+"%ASA-4-405300","405300","Radius Accounting Request received from from_addr is not allowed","%ASA-4-405300: Radius Accounting Request received from from_addr is not allowed","The accounting request came from a host that was not configured in the policy map. The message is logged and processing stops. • from_addr —The IP address of the host sending the request","If the host was configured to send RADIUS accounting messages to the ASA, make sure that it was configured in the correct policy map that was applied to the service policy. If the host was not","4","Warning","45","network","general"
+"%ASA-4-405301","405301","Attribute attribute_number does not match for user user_ip","%ASA-4-405301: Attribute attribute_number does not match for user user_ip","When the validate-attribute command was entered, the attribute values stored in the accounting request start received do not match those stored in the entry, if it exists. • attribute_number —The RADIUS attribute to be validated with RADIUS accounting. Values range from 1 to 191. Vendor-specific attributes are not supported. • user_ip —The IP address (framed IP attribute) of the user.","None required.","4","Warning","5","network","general"
+"%ASA-4-406001","406001","FTP port command low port: IP_address/port to IP_address on interface interface_name","%ASA-4-406001: FTP port command low port: IP_address/port to IP_address on interface interface_name","A client entered an FTP port command and supplied a port less than 1024 (in the well-known port range usually devoted to server ports). This is indicative of an attempt to avert the site security policy. The Secure Firewall ASA drops the packet, terminates the connection, and logs the event.","None required.","4","Warning","65","network","general"
+"%ASA-4-406002","406002","FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name","%ASA-4-406002: FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name","A client entered an FTP port command and supplied an address other than the address used in the connection. An attempt to avert the site security policy occurred. For example, an attacker might attempt to hijack an FTP session by changing the packet on the way, and putting different source information instead of the correct source information. The Secure Firewall ASA drops the packet, terminates the connection, and logs the event. The address in parentheses is the address from the port command.","None required.","4","Warning","65","network","general"
+"%ASA-4-407001","407001","Deny traffic for local-host interface_name:inside_address, license limit of number exceeded","%ASA-4-407001: Deny traffic for local-host interface_name:inside_address, license limit of number exceeded","The host limit was exceeded. An inside host is counted toward the limit when one of the following conditions is true: • The inside host has forwarded traffic through the Secure Firewall ASA within the last five minutes. • The inside host has reserved an xlate connection or user authentication at the Secure Firewall ASA.","The host limit is enforced on the low-end platforms. Use the show version command to view the host limit. Use the show local-host command to view the current active hosts and the inside users that have sessions at the Secure Firewall ASA. To forcefully disconnect one or more users, use the clear","4","Warning","75","network","general"
+"%ASA-4-407002","407002","Embryonic limit for through connections exceeded nconns/elimit. outside_address/outside_port to global_address(inside_address)/inside_port on interface interface_name","%ASA-4-407002: Embryonic limit for through connections exceeded nconns/elimit. outside_address/outside_port to global_address(inside_address)/inside_port on interface interface_name","The number of connections from a specified foreign address over a specified global address to the specified local address exceeded the maximum embryonic limit for that static. The Secure Firewall ASA tries to accept the connection if it can allocate memory for that connection. It proxies on behalf of the local host and sends a SYN_ACK packet to the foreign host. The Secure Firewall ASA retains pertinent state information, drops the packet, and waits for the acknowledgment from the client. The message might indicate legitimate traffic or that a DoS attack is in progress.","Check the source address to determine where the packets are coming from and whether or not a valid host is sending them.","4","Warning","75","network","general"
+"%ASA-4-407003","407003","Established limit for RPC services exceeded","%ASA-4-407003: Established limit for RPC services exceeded","The Secure Firewall ASA tried to open a new hole for a pair of RPC servers or services that have already been configured after the maximum number of holes has been met.","Wait for other holes to be closed (through associated timeout expiration), or limit the number of active pairs of servers or services.","4","Warning","55","network","general"
+"%ASA-4-408001","408001","IP route counter negative","%ASA-4-408001: IP route counter negative","An attempt to decrement the IP route counter into a negative value failed.","Enter the clear ip route command to reset the route counter. If the problem persists, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-4-408101","408101","KEYMAN : Type encrption_type encryption unknown. Interpreting keystring as literal.","%ASA-4-408101: KEYMAN : Type encrption_type encryption unknown. Interpreting keystring as literal.","The format type was not recognized by the system. A keystring format type value of 0 (unencrypted keystring) or 7 (hidden keystring), followed by a space, can precede the actual keystring to indicate its format. An unknown type value will be accepted, but the system will consider the keystring as being unencrypted.","Use the correct format for the value type or remove the space following the value type.","4","Warning","45","network","general"
+"%ASA-4-408102","408102","KEYMAN : Bad encrypted keystring for key id key_id.","%ASA-4-408102: KEYMAN : Bad encrypted keystring for key id key_id.","The system could not successfully decrypt an encrypted keystring. The keystring may have been corrupted during system configuration.","Re-enter the key-string command, and reconfigure the key string.","4","Warning","75","network","general"
+"%ASA-4-409014","409014","No valid authentication send key is available on interface nameif.","%ASA-4-409014: No valid authentication send key is available on interface nameif.","The authentication key configured on the interface is not valid.","Configure a new key.","4","Warning","45","network","general"
+"%ASA-4-409015","409015","Key ID key-id received on interface nameif.","%ASA-4-409015: Key ID key-id received on interface nameif.","The ID is not found in the configured key chain.","Configure a new security association with the Key ID.","4","Warning","45","network","general"
+"%ASA-4-409016","409016","Key chain name key-chain-name on nameif is invalid.","%ASA-4-409016: Key chain name key-chain-name on nameif is invalid.","The key-chain name configured under OSPF interface does not match global key chain configuration. Recommended ActionFix configuration. Either remove OSPF authentication command or configure key chain in global configuration mode.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","55","network","general"
+"%ASA-4-409017","409017","Key ID key-id in key chain key-chain-name is invalid.","%ASA-4-409017: Key ID key-id in key chain key-chain-name is invalid.","The Key ID configured in the key chain is out of range for OSPF. This may happen because the key chain allows Key ID values of the range which is not acceptable for OSPF.","Configure a new security association with a Key ID that is in the range 1-255.","4","Warning","55","network","general"
+"%ASA-4-409023","409023","Attempting AAA Fallback method method_name for request_type request for user user : Auth-server group Auth-server unreachable","%ASA-4-409023: Attempting AAA Fallback method method_name for request_type request for user user : Auth-server group Auth-server unreachable","An authentication or authorization attempt to an external server has failed and will be performed using the local user database. • aaa_operation—Either authentication or authorization • username—The user associated with the connection • server_group—The name of the AAA server whose servers were unreachable","Investigate any connectivity problems with the AAA servers configured in the first method. Ping the authentication servers from the Secure Firewall ASA. Make sure that the daemons are running on the AAA server. Messages 410001 to 450002 This chapter includes messages from 410001 to 450002.","4","Warning","65","network","general"
+"%ASA-4-410001","410001","Dropped UDP DNS request from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; label|domain-name length number bytes exceeds remaining_packet_length limit of number bytes","%ASA-4-410001: Dropped UDP DNS request from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; label|domain-name length number bytes exceeds remaining_packet_length limit of number bytes","The label length exceeds bytes in a UDP DNS packet. See RFC 1035, section 2.3.4 for more information. .","Create the policy-map and add a custom DNS class-map to match traffic and exclude it from inspection to allow packets exceeding the label length.","4","Warning","65","network","general"
+"%ASA-2-410002","410002","Dropped num DNS responses with mis-matched id in the past sec second(s): from src_ifc:sip/sport to dest_ifc:dip/dport","%ASA-2-410002: Dropped num DNS responses with mis-matched id in the past sec second(s): from src_ifc:sip/sport to dest_ifc:dip/dport","The ASA detects an excess number of DNS responses with a mismatched DNS identifier. A high rate of mismatched DNS identifiers might indicate an attack on the cache. The threshold is set by the id-mismatch DNS policy-map parameter submode command. • num —The number of ID mismatch instances as configured by the id-mismatch command • sec —The duration in seconds as configured by the id-mismatch command • src_ifc —The source interface name at which the DNS message is received with a mismatched DNS identifier • sip —The source IP address • sport —The source port • dest_ifc —The destination interface name • dip —The destination IP address • dport —The destination port","Check the IP address and port in the message to trace the source of the attack. You can configure ACLs to block traffic permanently from the source.","2","Critical","100","network","general"
+"%ASA-4-410003","410003","action_class DNS action from query_response:src_ifc/sip to sport:dest_ifc/dip; dport","%ASA-4-410003: action_class DNS action from query_response:src_ifc/sip to sport:dest_ifc/dip; dport","A DNS classification was performed on a DNS message and the specified criteria were satisfied. As a result, the configured action occurs. • action_class —The DNS Classification action class • action —The action taken: Dropped, Dropped (no TSIG), or Masked header flags for • query_response —Either query or response • src_ifc —The source interface name • sip —The source IP address • sport —The source port • dest_ifc —The destination interface name • dip —The destination IP address • dport —The destination port • further_info —One of the following: matched Class id: class_name , matched Class id: match_command (for a standalone match command), or TSIG resource record not present (for messages generated by the tsig enforced command)","None required.","4","Warning","65","network","general"
+"%ASA-6-410004","410004","action_class DNS action from query_response:src_ifc/sip to sport:dest_ifc/dip; dport","%ASA-6-410004: action_class DNS action from query_response:src_ifc/sip to sport:dest_ifc/dip; dport","A DNS classification was performed on a DNS message and the specified criteria were satisfied. • action_class —The DNS Classification action class • action —The action taken: Received or Received (no TSIG) • query_response —Either query or response • src_ifc —The source interface name • sip —The source IP address • sport —The source port • dest_ifc —The destination interface name • dip —The destination IP address • dport —The destination port • further_info —One of the following: matched Class id: class_name , matched Class id: match_command (for a standalone match command), or TSIG resource record not present (for messages generated by the tsig enforced command)","None required.","6","Informational","5","network","general"
+"%ASA-4-411001","411001","Line protocol on Interface interface_name, changed state to up","%ASA-4-411001: Line protocol on Interface interface_name, changed state to up","The status of the line protocol has changed from down to up . If interface_name is a logical interface name such as inside and outside, this message indicates that the logical interface line protocol has changed from down to up . If interface_name is a physical interface name such as Ethernet0 and GigabitEthernet0/1, this message indicates that the physical interface line protocol has changed from down to up .","None required.","4","Warning","5","network","general"
+"%ASA-4-411002","411002","Line protocol on Interface interface_name, changed state to down","%ASA-4-411002: Line protocol on Interface interface_name, changed state to down","The status of the line protocol has changed from up to down. If interface_name is a logical interface name such as inside and outside, this message indicates that the logical interface line protocol has changed from up to down. In this case, the physical interface line protocol status is not affected. If interface_name is a physical interface name such as Ethernet0 and GigabitEthernet0/1, this message indicates that the physical interface line protocol has changed from up to down.","If this is an unexpected event on the interface, check the physical line.","4","Warning","45","network","general"
+"%ASA-4-411003","411003","Interface interface_name, changed state to administratively up","%ASA-4-411003: Interface interface_name, changed state to administratively up","The configuration status of the interface has changed from down to up.","If this is an unexpected event, check the physical line.","4","Warning","45","network","general"
+"%ASA-4-411004","411004","Interface interface_name, changed state to administratively down","%ASA-4-411004: Interface interface_name, changed state to administratively down","The configuration status of the interface has changed from down to up.","None required.","4","Warning","5","network","general"
+"%ASA-4-411005","411005","Interface variable_1 experienced a hardware transmit hang. A software reset has been performed.","%ASA-4-411005: Interface variable_1 experienced a hardware transmit hang. A software reset has been performed.","The interface experienced a hardware transmit freeze that required a reset of the Ethernet controller to restore the interface to full operation. • variable 1 —The interface name, such as GigabitEthernet0/0","None required.","4","Warning","5","network","general"
+"%ASA-4-412001","412001","MAC MAC_address moved from interface_1 to interface_2","%ASA-4-412001: MAC MAC_address moved from interface_1 to interface_2","A host move was detected from one module interface to another. In a transparent Secure Firewall ASA, mapping between the host (MAC) and Secure Firewall ASA port is maintained in a Layer 2 forwarding table. The table dynamically binds packet source MAC addresses to an Secure Firewall ASA port. In this process, whenever movement of a host from one interface to another interface is detected, this message is generated.","The host move might be valid or might be an attempt to spoof host MACs on other interfaces. If it is a MAC spoof attempt, you can either locate vulnerable hosts on your network and remove them or configure static MAC entries, which will not allow MAC address and port binding to change. If it is a genuine host move, no action is required.","4","Warning","65","network","general"
+"%ASA-4-412002","412002","Detected bridge table full while inserting MAC MAC_address on interface interface. Number of entries = num","%ASA-4-412002: Detected bridge table full while inserting MAC MAC_address on interface interface. Number of entries = num","The bridge table was full and an attempt was made to add one more entry. The Secure Firewall ASA maintains a separate Layer 2 forwarding table per context and the message is generated whenever a context exceeds its size limit. The MAC address will be added, but it will replace the oldest existing dynamic entry (if available) in the table. This might be an attempted attack.","Make sure that the new bridge table entries are valid. In case of attack, use EtherType ACLs to control access to vulnerable hosts.","4","Warning","75","network","general"
+"%ASA-4-413001","413001","Module module_id is not able to shut down. Module Error: errnum message","%ASA-4-413001: Module module_id is not able to shut down. Module Error: errnum message","The module identified by module_id was not able to comply with a request from the Secure Firewall ASA system module to shut down. It may be performing a task that cannot be interrupted, such as a software upgrade. The errnum and message text describes the reason why the module cannot shut down, and the recommended corrective action.","Wait for the task on the module to complete before shutting down the module, or use the session command to access the CLI on the module, and stop the task that is preventing the module from shutting down.","4","Warning","55","network","general"
+"%ASA-4-413002","413002","Module module_id is not able to reload. Module Error: errnum message","%ASA-4-413002: Module module_id is not able to reload. Module Error: errnum message","The module identified by module_id was not able to comply with a request from the Secure Firewall ASA module to reload. It may be performing a task that cannot be interrupted, such as a software upgrade. The errnum and message text describes the reason why the module cannot reload, and the recommended corrective action.","Wait for the task on the module to complete before reloading the module, or use the session command to access the CLI on the module and stop the task that is preventing the module from reloading.","4","Warning","75","network","general"
+"%ASA-4-413003","413003","Module string_one is not a recognized type.","%ASA-4-413003: Module string_one is not a recognized type.","A module was detected that is not recognized as a valid module type.","Upgrade to a version of Secure Firewall ASA software that supports the module type installed.","4","Warning","55","network","general"
+"%ASA-4-413004","413004","Module in slot string_one failed to write software vnewver (currently vver), reason. Trying again.","%ASA-4-413004: Module in slot string_one failed to write software vnewver (currently vver), reason. Trying again.","The module failed to accept a software version, and will be transitioned to an UNRESPONSIVE state. Another attempt will be made to update the module software. • >string one— The text string that specifies the module • >newver —The new version number of software that was not successfully written to the module (for example, 1.0(1)0) • >ver —The current version number of the software on the module (for example, 1.0(1)0) • >reason —The reason the new version cannot be written to the module. The possible values for >reason include the following: - write failure - failed to create a thread to write the image","None required. Subsequent attempts will either generate a message indicating a successful update or failure. You may verify the module transitions to UP after a subsequent update attempt by using the show module command.","4","Warning","5","network","general"
+"%ASA-4-413005","413005","Module prod_id in slot slot_num , application is not supported app_name version app_vers type app_type","%ASA-4-413005: Module prod_id in slot slot_num , application is not supported app_name version app_vers type app_type","The module installed in slot slot_num was running an unsupported application version or type. • module_id— The name of the software services module • prod_id —Product ID string • slot_num —The slot number in which the module is installed. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot. • app_name —Application name (string) • app_vers —Application version (string) • app_type —Application type (decimal)","If the problem persists, contact the Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-413006","413006","prod-id Module software version mismatch; slot slot is ""prod-id"" version ""running-vers"". Slot slot ""prod-id"" requires version ""required-vers""","%ASA-4-413006: prod-id Module software version mismatch; slot slot is ""prod-id"" version ""running-vers"". Slot slot ""prod-id"" requires version ""required-vers""","The version of software running on the module in slot slot was not the version required by another module. • slot —Slot 0 indicates the system main board. Slot 1 indicates the module installed in the expansion slot. • prod_id —Product ID string for the device installed in slot slot • running_vers —Version of software currently running on the module installed in slot slot • required_vers —Version of software required by the module in slot slot","If the problem persists, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-1-413007","413007","An unsupported configuration is detected. The combination of an mpc_description with ips_description is not supported.","%ASA-1-413007: An unsupported configuration is detected. The combination of an mpc_description with ips_description is not supported.","An unsupported Secure Firewall ASA and IPS configuration has been detected during IPS SSP setup for slot 1. The Secure Firewall ASA should continue to function normally with an unsupported configuration. • mpc_description —A description string for the ASA model, which can be one of the following: ASA5585-SSP-10, ASA5585-SSP-20, ASA5585-SSP-40, ASA5585-SSP-60, ASA5585-SSP-10-K7, ASA5585-SSP-20-K7, ASA5585-SSP-40-K7, ASA5585-SSP-60-K7. • ips_description —A description string for the IPS SSP model, which can be one of the following: ASA5585-SSP-IPS10, ASA5585-SSP-IPS20, ASA5585-SSP-IPS40, ASA5585-SSP-IPS60, ASA5585-SSP-P10K7, ASA5585-SSP-P20K7, ASA5585-SSP-P40K7, ASA5585-SSP-P60K7.","None required.","1","Alert","5","network","general"
+"%ASA-1-413008","413008","An unsupported configuration is detected.","%ASA-1-413008: An unsupported configuration is detected.","Only one power supply and one fan module are inserted when an ASA 10G SSP and IPS 10G SSP are present.","When using an ASA 10G SSP and IPS 10G SSP, insert two power supplies instead of one fan module and one power supply module.","1","Alert","75","network","general"
+"%ASA-4-413009","413009","Internal-Data0/1:RX[1]=[2]","%ASA-4-413009: Internal-Data0/1:RX[1]=[2]","The firewall checks the current value of an internal interface or a data ring every one minute. When the current value of the ring falls below 10, this message is generated.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-3-414001","414001","Failed to save logging buffer to FTP server filename using filename ftp_server_address on interface interface_name: fail_reason","%ASA-3-414001: Failed to save logging buffer to FTP server filename using filename ftp_server_address on interface interface_name: fail_reason","The logging module failed to save the logging buffer to an external FTP server.","Take applicable actions based on the failed reason: • Protocol error—Make sure no connectivity issue exists between the FTP server and Secure Firewall ASA, and that the FTP sever can accept the FTP port command and PUT requests. • Invalid username or password—Make sure that the configured FTP client username and password are correct. • All other errors—If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-414002","414002","Failed to save logging buffer to flash:/syslog directory using filename filename: fail_reason","%ASA-3-414002: Failed to save logging buffer to flash:/syslog directory using filename filename: fail_reason","The logging module failed to save the logging buffer to system flash.","If the failed reason is caused by insufficient space, check the flash free space, and make sure that the configured limits of the logging flash-size command are set correctly. If the error is a flash file system I/O error, then contact the Cisco TAC for assistance.","3","Error","75","network","general"
+"%ASA-3-414003","414003","TCP Syslog Server intf:IP_Address/port not responding, New connections are [permitted|denied] based on logging permit-hostdown policy","%ASA-3-414003: TCP Syslog Server intf:IP_Address/port not responding, New connections are [permitted|denied] based on logging permit-hostdown policy","The TCP syslog server for remote host logging was successful, is connected to the server, and new connections are permitted or denied based on the logging permit-hostdown policy. If the logging permit-hostdown policy is configured, a new connection is permitted. If not configured, a new connection is denied. • intf —Interface of the Secure Firewall ASA to which the server is connected • IP_Address —IP address of the remote TCP syslog server • port —Port of the remote TCP syslog server","Validate that the configured TCP syslog server is up. To permit new connections, configure the logging permit-hostdown policy. To deny new connections, do not configure the logging permit-hostdown policy.","3","Error","85","network","general"
+"%ASA-6-414004","414004","TCP Syslog Server intf:IP_Address/port - Connection restored","%ASA-6-414004: TCP Syslog Server intf:IP_Address/port - Connection restored","The TCP syslog setup involves 4 channels connecting to the server. This message is generated only when one of the TCP syslog server channels become unreachable and the server is restored. This message is the first to reach the syslog server after a successful connection. This message is generated only on TCP syslog server. This message does not appear every time when the TCP syslog server is restored. It appears only when the server is restored after one of its channels became unreachable. Note • intf —Interface of the ASA to which the server is connected • IP_Address —IP address of the remote TCP syslog server • port —Port of the remote TCP syslog server","None required.","6","Informational","5","network","general"
+"%ASA-3-414005","414005","TCP Syslog Server intf : IP_Address /port connected, New connections are permitted based on logging permit-hostdown policy","%ASA-3-414005: TCP Syslog Server intf : IP_Address /port connected, New connections are permitted based on logging permit-hostdown policy","The TCP syslog server for remote host logging was successful, is connected to the server, and new connections are permitted based on the logging permit-hostdown policy. If the logging permit-hostdown policy is configured, a new connection is permitted. • intf —Interface of the Secure Firewall ASA to which the server is connected • IP_Address —IP address of the remote TCP syslog server • port —Port of the remote TCP syslog server","None required.","3","Error","5","network","general"
+"%ASA-3-414006","414006","TCP syslog server configured and logging queue is full. New connections denied based on logging permit-hostdown policy.","%ASA-3-414006: TCP syslog server configured and logging queue is full. New connections denied based on logging permit-hostdown policy.","The logging queue is close to reaching the configured limit, so there is a risk that syslog messages will be discarded.","See the ""Configuring the Logging Queue"" section in the CLI configuration guide for information about how to tune the queue size to avoid this situation. If you want to deny new connections in this case, use the no logging permit-hostdown command. If you want to allow new connections in this case, use the logging permit-hostdown command.","3","Error","85","network","general"
+"%ASA-6-414007","414007","TCP syslog server connection restored. New connections allowed.","%ASA-6-414007: TCP syslog server connection restored. New connections allowed.","The TCP syslog server for remote host logging was successfully connected and new connections are permitted.","None required.","6","Informational","5","network","general"
+"%ASA-6-414008","414008","New connections are now allowed due to change of logging permit-hostdown policy.","%ASA-6-414008: New connections are now allowed due to change of logging permit-hostdown policy.","An administrator changed the logging permit-hostdown policy by entering the logging permit-hostdown command at a time when new connections are being denied. Due to this change of policy, new connections will be allowed.","None required.","6","Informational","35","network","general"
+"%ASA-6-415001","415001","HTTP - matched matched_string in policy-map map_name, header field count exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-6-415001: HTTP - matched matched_string in policy-map map_name, header field count exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","This message is generated when one of the following occurs: • The total number of fields in the HTTP header exceeds the user-configured number of header fields. The relevant command is: match {request | response} header count num. • The appearance of a specified field in the HTTP header exceeds the user-configured number for this header field. The relevant command is: match {request | response} header header-name count num. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match {request | response} header command to reconfigure the HTTP header field value.","6","Informational","45","network","general"
+"%ASA-6-415002","415002","HTTP - matched matched_string in policy-map map_name, header field length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-6-415002: HTTP - matched matched_string in policy-map map_name, header field length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The specified HTTP header field length exceeded the user-configured length. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map","Enter the match {request | response} header header_name length gt num command to change the HTTP header field length.","6","Informational","25","network","general"
+"%ASA-6-415003","415003","HTTP - matched matched_string in policy-map map_name, body length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-6-415003: HTTP - matched matched_string in policy-map map_name, body length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The length of the message body exceeded the user-configured length. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match {request | response} body length gt num command to change the length of the message body.","6","Informational","45","network","general"
+"%ASA-5-415004","415004","HTTP - matched matched_string in policy-map map_name, content-type verification failed connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415004: HTTP - matched matched_string in policy-map map_name, content-type verification failed connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The magic number in the body of the HTTP message is not the correct magic number for the MIME-type specified in the content-type field in the HTTP message header. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match {request | response} header content-type violation command to correct the error.","5","Notification","45","network","general"
+"%ASA-5-415005","415005","HTTP - matched matched_string in policy-map map_name, URI length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415005: HTTP - matched matched_string in policy-map map_name, URI length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The length of the URI exceeded the user-configured length. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match request uri length gt num command to change the length of the URI.","5","Notification","55","network","general"
+"%ASA-5-415006","415006","HTTP - matched matched_string in policy-map map_name, URI matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415006: HTTP - matched matched_string in policy-map map_name, URI matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The URI matched the regular expression that the user configured. See the match request uri regex {regex-name | class class-name} command for more information. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","None required.","5","Notification","45","network","general"
+"%ASA-5-415007","415007","HTTP - matched matched_string in policy-map map_name, Body matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415007: HTTP - matched matched_string in policy-map map_name, Body matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The message body matched the regular expression that the user configured. See the match {request | response} body regex {regex-name | class class-name} command for more information. • matched_string—The matched string is one of the following:","None required.","5","Notification","5","network","general"
+"%ASA-5-415008","415008","HTTP - matched matched_string in policy-map map_name, header matched connection_action int_type:IP_address/port_num to int_type: IP_address/port_num","%ASA-5-415008: HTTP - matched matched_string in policy-map map_name, header matched connection_action int_type:IP_address/port_num to int_type: IP_address/port_num","A value in a user-specified field in the message header matched the regular expression that the user configured. See the match {request | response } header header-field-name {regex-name | class class-name} command for more information. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","None required.","5","Notification","45","network","general"
+"%ASA-5-415009","415009","HTTP - matched matched_string in policy-map map_name, method matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415009: HTTP - matched matched_string in policy-map map_name, method matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The HTTP method matched the user-configured regular expression. See the match request method {regex-name | class class-name} command for more information. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface","None required.","5","Notification","45","network","general"
+"%ASA-5-415010","415010","matched matched_string in policy-map map_name , transfer encoding matched connection_action from int_type :IP_address /port_num to int_type :IP_address /port_num","%ASA-5-415010: matched matched_string in policy-map map_name , transfer encoding matched connection_action from int_type :IP_address /port_num to int_type :IP_address /port_num","The value in the transfer encoding field matched the user-configured regular expression or keyword. See the match {request | response} header transfer-encoding {{regex-name | class class-name} | keyword} command for more information. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","None required.","5","Notification","45","network","general"
+"%ASA-5-415011","415011","HTTP - policy-map map_name:Protocol violation connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415011: HTTP - policy-map map_name:Protocol violation connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The HTTP parser cannot detect a valid HTTP message in the first few bytes of an HTTP message. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the protocol-violation action {drop | reset} log command to correct the problem.","5","Notification","45","network","general"
+"%ASA-5-415012","415012","HTTP - matched matched_string in policy-map map_name, content-type unknown connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415012: HTTP - matched matched_string in policy-map map_name, content-type unknown connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The content-type field did not contain a MIME type that matches a built-in MIME type. • matched_string—The matched string is one of the following:","Enter the match {request | response} header content-type unknown command to correct the problem.","5","Notification","25","network","general"
+"%ASA-5-415013","415013","HTTP - policy-map map-name:Malformed chunked encoding connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415013: HTTP - policy-map map-name:Malformed chunked encoding connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","A chunked encoding was malformed, and the HTTP message cannot be parsed. In addition, logging for the protocol-violation command was configured. • map-name— The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the protocol-violation action {drop | reset} log command to correct the problem.","5","Notification","45","network","general"
+"%ASA-5-415014","415014","HTTP - matched matched_string in policy-map map_name, Mime-type in response wasn't found in the accept-types of the request connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415014: HTTP - matched matched_string in policy-map map_name, Mime-type in response wasn't found in the accept-types of the request connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The MIME type in an HTTP response was not in the accept field of the request. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match req-resp content-type mismatch command to correct the problem.","5","Notification","55","network","general"
+"%ASA-5-415015","415015","HTTP - matched matched_string in policy-map map_name, transfer-encoding unknown connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415015: HTTP - matched matched_string in policy-map map_name, transfer-encoding unknown connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","An empty transfer encoding occurred. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match {request | response} header transfer-encoding empty command to correct the problem.","5","Notification","45","network","general"
+"%ASA-4-415016","415016","policy-map map_name:Maximum number of unanswered HTTP requests exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-4-415016: policy-map map_name:Maximum number of unanswered HTTP requests exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The number of unanswered HTTP requests exceeded the internal number of requests allowed. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the protocol-violation action {drop | reset} log command to correct the problem.","4","Warning","75","network","general"
+"%ASA-6-415017","415017","HTTP - matched matched_string in policy-map map_name, arguments matched connection_actionint_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-6-415017: HTTP - matched matched_string in policy-map map_name, arguments matched connection_actionint_type:IP_address/port_num to int_type:IP_address/port_num","A pattern in the arguments matches the user-configured regular expression or keyword. See the match request args regex {regex-name | class class-name} command for more information. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map","None required.","6","Informational","5","network","general"
+"%ASA-5-415018","415018","HTTP - matched matched_string in policy-map map_name, Header length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415018: HTTP - matched matched_string in policy-map map_name, Header length exceeded connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The total header length exceeded the user-configured length for the header. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match {request | response} header length gt num command to reduce the length of the header.","5","Notification","55","network","general"
+"%ASA-5-415019","415019","HTTP - matched matched_string in policy-map map_name, status line matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415019: HTTP - matched matched_string in policy-map map_name, status line matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","The status line in a response matched a user-configured regular expression. See the match response status-line regex {regex-name | class class-name } command for more information. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","None required.","5","Notification","45","network","general"
+"%ASA-5-415020","415020","HTTP - matched matched_string in policy-map map_name, a non-ASCII character was matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%ASA-5-415020: HTTP - matched matched_string in policy-map map_name, a non-ASCII character was matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","A non-ASCII character was found. • matched_string—The matched string is one of the following: - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal. • map_name —The name of the policy map • connection_action —Dropping the connection or resetting the connection • interface_type —The type of interface (for example, DMZ or outside) • IP_address —The IP address of the interface • port_num —The port number","Enter the match {request | response} header non-ascii command to correct the problem.","5","Notification","45","network","general"
+"%ASA-4-416001","416001","Dropped UDP SNMP packet from source_interface:source_IP/source_port to dest_interface:dest_address/dest_port; prot_version","%ASA-4-416001: Dropped UDP SNMP packet from source_interface:source_IP/source_port to dest_interface:dest_address/dest_port; prot_version","An SNMP packet was denied passage through the ASA because of a bad packet format or because the prot_version is not allowed through the ASA. The prot_version parameter can be one of the following values: 1, 2, 2c, or 3.","Change the settings for SNMP inspection using the snmp-map command, which allows the user to permit or deny specific protocol versions.","4","Warning","65","network","general"
+"%ASA-4-417001","417001","Unexpected event received: number","%ASA-4-417001: Unexpected event received: number","A process received a signal, but no handler was found for the event.","If the problem persists, contact the Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-417004","417004","Filter violation error: conn number (string:string) in string","%ASA-4-417004: Filter violation error: conn number (string:string) in string","A client tried to modify a route attribute that the client does not own.","If the problem persists, contact the Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-417006","417006","No memory for string in string (warning)","%ASA-4-417006: No memory for string in string (warning)","An operation failed because of low memory, but will be handled with another mechanism.","If the problem persists, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-4-418001","418001","Through-the-device packet to/from management-only network is denied: protocol_string","%ASA-4-418001: Through-the-device packet to/from management-only network is denied: protocol_string","A packet from the specified source to the destination was dropped because it is traversing the Secure Firewall ASA to and from the management-only network. • protocol_string—TCP, UDP, ICMP, or protocol ID as a number in decimal • interface_name— Interface name • IP_address—IP address • port—Port number • sg_info —Security group name or tag for the specified IP address","Determine who is generating this packet and why.","4","Warning","65","network","general"
+"%ASA-3-418018","418018","neighbor IP_Address IPv4 Unicast topology base removed from session BGP Notification sent","%ASA-3-418018: neighbor IP_Address IPv4 Unicast topology base removed from session BGP Notification sent","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","general"
+"%ASA-3-418019","418019","received from IP_Address error_code/error_subcode(error_text) data_bytesbytes hex_data","%ASA-3-418019: received from IP_Address error_code/error_subcode(error_text) data_bytesbytes hex_data","An indication of why BGP peering was terminated. • Reason—Reason for termination. The reason could be invalid or corrupt AS path, or expiry of hold time, and so on. • Bytes—Number of bytes transmitted","None required.","3","Error","95","network","general"
+"%ASA-3-418040","418040","Unsupported or malformed message: IP_Address","%ASA-3-418040: Unsupported or malformed message: IP_Address","Indication of unsupported or mal-formed messages received during the BGP handshake, not necessarily only related to Graceful restart specifically.","None required.","3","Error","5","network","general"
+"%ASA-3-418044","418044","Connection closed remotely by IP_Address","%ASA-3-418044: Connection closed remotely by IP_Address","Indication of hold time for a BGP neighbor has expired. • IP_Address—IPv4 or IPv6 address of the BGP neighbor. • hold_time—The hold time in milliseconds.","None required.","3","Error","5","network","general"
+"%ASA-4-419001","419001","Dropping TCP packet from src_ifc:src_IP/src_port to dest_ifc:dest_IP/dest_port, reason: reason, MSS size, data size","%ASA-4-419001: Dropping TCP packet from src_ifc:src_IP/src_port to dest_ifc:dest_IP/dest_port, reason: reason, MSS size, data size","The length of the TCP packet exceeded the MSS advertised in the three-way handshake. • >src_ifc— Input interface name • >src_IP— The source IP address of the packet • >src_port— The source port of the packet • >dest_ifc— The output interface name • >dest_IP— The destination IP address of the packet • >dest_port— The destination port of the packet","If there is a need to allow packets that exceed the MSS, create a TCP map using the exceed-mss command, as in the following example: ciscoasa# access-list http-list permit tcp any host server_ip eq 80 ciscoasa# class-map http ciscoasa# match access-list http-list ciscoasa# tcp-map tmap ciscoasa# exceed-mss allow ciscoasa# policy-map global_policy ciscoasa# class http ciscoasa# set connection advanced-options tmap","4","Warning","75","network","general"
+"%ASA-4-419002","419002","Duplicate TCP SYN from in_interface:src_address/src_port to out_interface:dest_address/dest_port with different initial sequence number","%ASA-4-419002: Duplicate TCP SYN from in_interface:src_address/src_port to out_interface:dest_address/dest_port with different initial sequence number","A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number from the SYN that opened the embryonic connection. This may indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later. • in_interface—The input interface • src_address—The source IP address of the packet • src_port—The source port of the packet • out_interface—The output interface • dest_address—The destination IP address of the packet • dest_port—The destination port of the packet","None required.","4","Warning","65","network","general"
+"%ASA-4-419003","419003","Cleared TCP urgent flag.","%ASA-7-419003: Cleared TCP urgent flag.","A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number from the SYN that opened the embryonic connection. This may indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later. • in_ifc—The input interface • src_ip—The source IP address of the packet • src_port—The source port of the packet • out_ifc—The output interface • dest_ip—The destination IP address of the packet • dest_port—The destination port of the packet","If you need to keep the urgent flag in TCP headers, use the urgent-flag allow command in TCP map configuration mode. Error Message","4","Warning","65","network","general"
+"%ASA-6-419004","419004","TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) is probed by DCD","%ASA-6-419004: TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) is probed by DCD","A TCP connection was probed by Dead Connection Detection (DCD) to determine if connection was still valid.","None.","6","Informational","15","network","general"
+"%ASA-6-419005","419005","TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dest_ifc:des_ip/des_port (des_ip/des_port) duration hh:mm:ss data bytes, is kept open by DCD as valid connection","%ASA-6-419005: TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dest_ifc:des_ip/des_port (des_ip/des_port) duration hh:mm:ss data bytes, is kept open by DCD as valid connection","A TCP connection was kept open by Dead Connection Detection (DCD) as a valid connection.","None.","6","Informational","15","network","general"
+"%ASA-6-419006","419006","Teardown TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) duration hh:mm:ss data bytes, DCD probe was not responded from client/server interface ifc_name","%ASA-6-419006: Teardown TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) duration hh:mm:ss data bytes, DCD probe was not responded from client/server interface ifc_name","A TCP connection was closed by Dead Connection Detection (DCD) as it is no longer required.","None.","6","Informational","15","network","general"
+"%ASA-3-420001","420001","IPS card not up and fail-close mode used, dropping TCP packet from &gt;ifc_in :&gt;SIP /&gt;SPORT to &gt;ifc_out :&gt;DIP /&gt;DPORT %ASA-3-420001: IPS card not up and fail-close mode used, dropping UDP packet from &gt;ifc_in :&gt;SIP /&gt;SPORT to &gt;ifc_out :&gt;DIP /&gt;DPORT %ASA-3-420001: IPS card not up and fail-close mode used, dropping protocol &gt;protocol packet from &gt;ifc_in :&gt;SIP to &gt;ifc_out :&gt;DIP","%ASA-3-420001: IPS card not up and fail-close mode used, dropping TCP packet from &gt;ifc_in :&gt;SIP /&gt;SPORT to &gt;ifc_out :&gt;DIP /&gt;DPORT %ASA-3-420001: IPS card not up and fail-close mode used, dropping UDP packet from &gt;ifc_in :&gt;SIP /&gt;SPORT to &gt;ifc_out :&gt;DIP /&gt;DPORT %ASA-3-420001: IPS card not up and fail-close mode used, dropping protocol &gt;protocol packet from &gt;ifc_in :&gt;SIP to &gt;ifc_out :&gt;DIP","Packets are dropped when the IPS fail-close mode is used, and the IPS card is not up. This message is rate limited. • ifc_in —Input interface name • ifc_out —Output interface name • SIP —Source IP of the packet • SPORT —Source port of the packet • DIP —Destination IP of the packet","Bring up the IPS card.","3","Error","85","network","general"
+"%ASA-4-420002","420002","IPS requested to drop TCP packet from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT %ASA-4-420002: IPS requested to drop UDP packet from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT %ASA-4-420002: IPS requested to drop protocol packet from ifc_in:SIP to ifc_out:DIP","%ASA-4-420002: IPS requested to drop TCP packet from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT %ASA-4-420002: IPS requested to drop UDP packet from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT %ASA-4-420002: IPS requested to drop protocol packet from ifc_in:SIP to ifc_out:DIP","IPS requested that the packet be dropped. • ifc_in —Input interface name • ifc_out —Output interface name • SIP —Source IP of the packet • SPORT —Source port of the packet • DIP —Destination IP of the packet • DPORT —Destination port of the packet • ICMP_TYPE —Type of the ICMP packet • ICMP_CODE —Code of the ICMP packet","None required.","4","Warning","65","network","general"
+"%ASA-4-420003","420003","IPS requested to reset TCP connection from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT","%ASA-4-420003: IPS requested to reset TCP connection from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT","IPS requested a reset of a TCP connection. • ifc_in —Input interface name • ifc_out —Output interface name • SIP —Source IP of the packet • SPORT —Source port of the packet • DIP —Destination IP of the packet • DPORT —Destination port of the packet","None required.","4","Warning","5","network","general"
+"%ASA-6-420004","420004","Virtual Sensor sensor_name was added on the AIP SSM","%ASA-6-420004: Virtual Sensor sensor_name was added on the AIP SSM","A virtual sensor was added on the AIP SSM card. • n —Card number","None required.","6","Informational","5","network","general"
+"%ASA-6-420005","420005","Virtual Sensor sensor_name was deleted from the AIP SSM","%ASA-6-420005: Virtual Sensor sensor_name was deleted from the AIP SSM","A virtual sensor was deleted from the AIP SSM card. • n —Card number","None required.","6","Informational","5","network","general"
+"%ASA-3-420006","420006","Virtual sensor not present and fail-close mode used, dropping protocol packet from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT","%ASA-3-420006: Virtual sensor not present and fail-close mode used, dropping protocol packet from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT","Packets are dropped when the IPS fail-close mode is used, and the virtual sensor used for the packet is not present. • protocol— Protocol used to send the packet • ifc_in —Input interface name • ifc_out —Output interface name • SIP —Source IP address of the packet • SPORT —Source port of the packet • DIP —Destination IP address of the packet • DPORT —Destination port of the packet","Add the virtual sensor.","3","Error","85","network","general"
+"%ASA-4-420007","420007","application-string cannot be enabled for the Module in slot slot_id. The module's current software version does not support this feature. Please upgrade the software on the module in slot slot_id to support this feature.","%ASA-4-420007: application-string cannot be enabled for the Module in slot slot_id. The module's current software version does not support this feature. Please upgrade the software on the module in slot slot_id to support this feature.","This message is generated by any new feature in the ASA that needs a corresponding software version in the SSM or SSC hardware module. The message is sent each time that the ASA module manager detects state changes in the SSM or SSC hardware module. • application-string —The name of the application (for example, Promiscuous IDS) • slot_id —The module identifier, which is 1 for the current ASA • version_number —The version number of the message header between the ASA and the IPS application","Load the SSM or SSC hardware module with the correct software images that support the designated application.","4","Warning","45","network","general"
+"%ASA-3-420008","420008","IPS module license disabled and fail-close mode used, dropping packet.","%ASA-3-420008: IPS module license disabled and fail-close mode used, dropping packet.","The IPS module license has been disabled and when the fail-close mode is configured, all traffic destined for the IPS module will be dropped. You can check the status of the license by using the show activation-key command.","Use the activation-key command to apply an activation key that has the IPS license enabled.","3","Error","85","network","general"
+"%ASA-3-421001","421001","{TCP|UDP} flow from interface_name:IP_address/port to interface_name:IP_address/port is skipped because application_id has failed.","%ASA-3-421001: {TCP|UDP} flow from interface_name:IP_address/port to interface_name:IP_address/port is skipped because application_id has failed.","A packet was dropped (Error Message 1) or skipped (Error Message 2) because the CSC SSM application failed. By default, this message is rate limited to 1 message every 10 seconds. • interface_name—The interface name • IP_address—The IP address • port—The port number • application—The CSC SSM is the only application supported in the current release","Determine the problem with the service module.","3","Error","95","network","general"
+"%ASA-6-421002","421002","TCP|UDP flow from interface_name :IP_address /port to interface_name :IP_address /port bypassed application checking because the protocol is not supported.","%ASA-6-421002: TCP|UDP flow from interface_name :IP_address /port to interface_name :IP_address /port bypassed application checking because the protocol is not supported.","The connection bypassed service module security checking because the protocol that it is using cannot be scanned by the service module. For example, the CSC SSM is not capable of scanning Telnet traffic. If the user configures Telnet traffic to be scanned, the traffic will bypass the scanning service. By default, this message is rate limited to 1 message every 10 seconds. • IP_address—The IP address • port—The port number • interface_name—The name of the interface on which the policy is applied • application—The CSC SSM is the only application supported in the current release","The configuration should be modified to only include protocols that are supported by the service module.","6","Informational","35","network","general"
+"%ASA-3-421003","421003","Invalid data plane encapsulation","%ASA-3-421003: Invalid data plane encapsulation","A packet injected by the service module did not have the correct data plane header. Packets exchanged on the data backplane adhere to a Cisco proprietary protocol called ASDP. Any packet that does not have the proper ASDP header is dropped.","Use the capture name type asp-drop [ssm-asdp-invalid-encap] command to capture the offending packets and contact the Cisco TAC.","3","Error","95","network","general"
+"%ASA-7-421004","421004","Failed to inject {TCP|UDP} packet from IP_address/port to IP_address/port","%ASA-7-421004: Failed to inject {TCP|UDP} packet from IP_address/port to IP_address/port","The ASA has failed to inject a packet as instructed by the service module. This may happen if the ASA tries to inject a packet into a flow that has already been released or when the ASA maintains its connection table independently from the service module. Normally it will not cause any problem. • IP_address—The IP address • port—The port number","If ASA performance is affected, or if the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-6-421005","421005","interface_name:IP_address is counted as a user for application","%ASA-6-421005: interface_name:IP_address is counted as a user for application","A host has been counted toward the license limit. The specified host was counted as a user of application. The total number of users in 24 hours is calculated at midnight for license validation. • interface_name—The interface name • IP_address—The IP address • application—The CSC SSM","None required. However, if the overall count exceeds the user license that you have purchased, contact the Cisco TAC to upgrade your license.","6","Informational","5","network","general"
+"%ASA-6-421006","421006","There are number users of application accounted during the past 24 hours","%ASA-6-421006: There are number users of application accounted during the past 24 hours","The total number of users who have used an application for the past 24 hours have been identified. This message is generated every 24 hours to give the total number of hosts that have used services provided by the service module. • application—The CSC SSM","None required. However, if the overall count exceeds the user license that you have purchased, contact the Cisco TAC to upgrade your license.","6","Informational","5","network","general"
+"%ASA-3-421007","421007","TCP|UDP flow from interface_name :IP_address /port to interface_name :IP_address /port is skipped because application has failed.","%ASA-3-421007: TCP|UDP flow from interface_name :IP_address /port to interface_name :IP_address /port is skipped because application has failed.","A flow was skipped because the service module application has failed. By default, this message is rate limited to 1 message every 10 seconds. • IP_address—The IP address • port—The port number • interface_name—The name of the interface on which the policy is applied • application—The CSC SSM","Determine the problem with the service module.","3","Error","75","network","general"
+"%ASA-4-422004","422004","IP SLA Monitor number0 : Duplicate event received. Event number number1","%ASA-4-422004: IP SLA Monitor number0 : Duplicate event received. Event number number1","The IP SLA monitor process has received a duplicate event. Currently, this message applies to destroy events. Only one destroy request will be applied. This is only a warning message. • number0 —The SLA operation number • number1 —The SLA operation event ID","If this recurs, enter the show sla monitor configuration SLA_operation_id command and copy the output of the command. Copy the message as it appears on the console or in the system log. Then contact the Cisco TAC and provide the representative with the information that you have, along with information about the application that is configuring and polling the SLA probes.","4","Warning","45","network","general"
+"%ASA-4-422005","422005","IP SLA Monitor Probe(s) could not be scheduled because clock is not set.","%ASA-4-422005: IP SLA Monitor Probe(s) could not be scheduled because clock is not set.","One or more IP SLA monitor probes cannot be scheduled because the system clock was not set.","Make sure that the system clock is functional by using NTP or another mechanism.","4","Warning","45","network","general"
+"%ASA-4-422006","422006","IP SLA Monitor Probe number : string","%ASA-4-422006: IP SLA Monitor Probe number : string","The IP SLA monitor probe cannot be scheduled. Either the configured starting time has already occurred or the starting time is invalid. • number —The SLA operation ID • string —A string describing the error","Reschedule the failed probe with a valid start time.","4","Warning","55","network","general"
+"%ASA-4-423001","423001","{Allowed|Dropped} invalid NBNS pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.","%ASA-4-423001: {Allowed|Dropped} invalid NBNS pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.","The NBNS packet format is incorrect.","None required.","4","Warning","75","network","general"
+"%ASA-4-423002","423002","{Allowed|Dropped} mismatched NBNS pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port","%ASA-4-423002: {Allowed|Dropped} mismatched NBNS pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port","An NBNS ID mismatch occurred.","None required.","4","Warning","75","network","general"
+"%ASA-4-423003","423003","{Allowed|Dropped} invalid NBDGM pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.","%ASA-4-423003: {Allowed|Dropped} invalid NBDGM pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.","The NBDGM packet format is incorrect.","None required.","4","Warning","75","network","general"
+"%ASA-4-423004","423004","{Allowed|Dropped} mismatched NBDGM pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port","%ASA-4-423004: {Allowed|Dropped} mismatched NBDGM pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port","An NBDGM ID mismatch occurred.","None required.","4","Warning","75","network","general"
+"%ASA-4-423005","423005","{Allowed|Dropped} NBDGM pkt_type_name fragment with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.","%ASA-4-423005: {Allowed|Dropped} NBDGM pkt_type_name fragment with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.","The NBDGM fragment format is incorrect.","None required.","4","Warning","65","network","general"
+"%ASA-4-424001","424001","Packet denied: protocol_string. intf_in interface is in a backup state","%ASA-4-424001: Packet denied: protocol_string. intf_in interface is in a backup state","A packet was dropped because it was traversing the Secure Firewall ASA to or from a redundant interface. Interface functionality is limited on low-end platforms. The interface specified by the backup interface command can only be a backup for the primary interface configured. If the default route to the primary interface is up, any traffic through the Secure Firewall ASA from the backup interface will be denied. Conversely, if the default route to the primary interface is down, traffic through the Secure Firewall ASA from the primary interface will be denied. • protocol_string —The protocol string; for example, TCP or protocol ID (a decimal number) • intf_in —The input interface name • src_ip —The source IP address of the packet • src_port —The source port of the packet • intf_out —The output interface name • dst_ip —The destination IP address of the packet • dst_port —The destination port of the packet • sg_info —The security group name or tag for the specified IP address","Determine the source of the denied packet.","4","Warning","65","network","general"
+"%ASA-4-424002","424002","Connection to the backup interface is denied: protocol_string","%ASA-4-424002: Connection to the backup interface is denied: protocol_string","A connection was dropped because it is in a backup state. Interface functionality is limited on low-end platforms. The backup interface can only be a backup for the primary interface specified by the backup interface command. If the default route to the primary interface is up, any connection to the Secure Firewall ASA through the backup interface will be denied. Conversely, if the default route to the primary interface is down, connections to the Secure Firewall ASA through the primary interface will be denied. • protocol_string —The protocol string; for example, TCP or protocol ID (a decimal number) • intf_in —The input interface name • src_ip —The source IP address of the packet • src_port —The source port of the packet • intf_out —The output interface name • dst_ip —The destination IP address of the packet • dst_port —The destination port of the packet","Determine the source of the denied packet.","4","Warning","65","network","general"
+"%ASA-6-425001","425001","Redundant interface redundant_interface_name created.","%ASA-6-425001: Redundant interface redundant_interface_name created.","The specified redundant interface was created in the configuration. • redundant_interface_name —Redundant interface name","None required.","6","Informational","5","network","general"
+"%ASA-6-425002","425002","Redundant interface redundant_interface_name removed.","%ASA-6-425002: Redundant interface redundant_interface_name removed.","The specified redundant interface was removed from the configuration. • redundant_interface_name —Redundant interface name","None required.","6","Informational","5","network","general"
+"%ASA-6-425003","425003","Interface interface_name added into redundant interface redundant_interface_name","%ASA-6-425003: Interface interface_name added into redundant interface redundant_interface_name","The specified physical interface was added to the specified redundant interface as a member interface. • interface_name —An interface name • redundant_interface_name —Redundant interface name","None required.","6","Informational","5","network","general"
+"%ASA-6-425004","425004","Interface interface_name removed from redundant interface redundant_interface_name","%ASA-6-425004: Interface interface_name removed from redundant interface redundant_interface_name","The specified redundant interface was removed from the specified redundant interface. • interface_name —An interface name • redundant_interface_name —Redundant interface name","None required.","6","Informational","5","network","general"
+"%ASA-5-425005","425005","Interface interface_name become active in redundant interface redundant_interface_name","%ASA-5-425005: Interface interface_name become active in redundant interface redundant_interface_name","Within a redundant interface, one member interface is the active member. Traffic only passes through the active member interface. The specified physical interface became the active member of the specified redundant interface. Member interface switchover occurs when one of the following is true: • The redundant-interface interface-name active-member interface-name command was executed. • The active member interface is down, while the standby member interface is up. • The standby member interface comes up (from down), while the active member interface remains down. • interface_name —An interface name • redundant_interface_name —Redundant interface name","Check the status of the member interfaces.","5","Notification","25","network","general"
+"%ASA-3-425006","425006","Redundant interface redundant_interface_name switch active member to interface_name failed","%ASA-3-425006: Redundant interface redundant_interface_name switch active member to interface_name failed","An error occurred when member interface switchover was attempted. • redundant_interface_name —Redundant interface name • interface_name —An interface name","If the problem persists, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-6-426001","426001","PORT-CHANNEL:Interface ifc_name bundled into EtherChannel interface num","%ASA-6-426001: PORT-CHANNEL:Interface ifc_name bundled into EtherChannel interface num","The interface port-channel num or the channel-group num mode mode command has been used on a nonexistent port channel. • ifc_name —The EtherChannel interface name • num —The port channel number","None required.","6","Informational","5","network","general"
+"%ASA-6-426002","426002","PORT-CHANNEL:Interface ifc_name unbundled from EtherChannel interface num","%ASA-6-426002: PORT-CHANNEL:Interface ifc_name unbundled from EtherChannel interface num","The no interface port-channel num command has been used. • ifc_name —The EtherChannel interface name • num— The port channel number","None required.","6","Informational","5","network","general"
+"%ASA-6-426003","426003","PORT-CHANNEL:Interface ifc_name1 has become standby in EtherChannel interface num","%ASA-6-426003: PORT-CHANNEL:Interface ifc_name1 has become standby in EtherChannel interface num","The channel-group num mode mode command has been used. • ifc_name1 —The EtherChannel interface name • num —The port channel number","None required.","6","Informational","5","network","general"
+"%ASA-4-426004","426004","Interface ifc_name1 is not compatible with ifc_name1 and will be suspended (ifc_name1 is Full-duplex, ifc_name1 is Half-duplex)","%ASA-4-426004: Interface ifc_name1 is not compatible with ifc_name1 and will be suspended (ifc_name1 is Full-duplex, ifc_name1 is Half-duplex)","The channel-group num mode mode command is executed on a physical interface and there is a speed or duplex mismatch of this physical interface with that of the port channel. • ifc_name —The interface that is being added to the port channel • ifc_name1 —The interface that is already in the port channel and in a bundled state","Do one of the following: • Change the speed of the physical interface to that of the port channel and execute the channel-group num mode mode command again. • Leave the member interface in a suspended state. When the last active member is removed, then that member will try to reestablish LACP on the suspended member.","4","Warning","55","network","general"
+"%ASA-6-426101","426101","PORT-CHANNEL:Interface ifc_name is allowed to bundle into EtherChannel interface port-channel_id by CLACP.","%ASA-6-426101: PORT-CHANNEL:Interface ifc_name is allowed to bundle into EtherChannel interface port-channel_id by CLACP.","A port has been bundled in a span-cluster channel group.","None required.","6","Informational","5","network","general"
+"%ASA-6-426102","426102","PORT-CHANNEL:Interface ifc_name is moved to standby in EtherChannel interface port-channel_id by CLACP.","%ASA-6-426102: PORT-CHANNEL:Interface ifc_name is moved to standby in EtherChannel interface port-channel_id by CLACP.","A port has been moved to hot-standby state in a span-cluster channel group.","None required.","6","Informational","5","network","general"
+"%ASA-6-426103","426103","PORT-CHANNEL:Interface ifc_name is selected to move from standby to bundle in EtherChannel interface port-channel_id by CLACP.","%ASA-6-426103: PORT-CHANNEL:Interface ifc_name is selected to move from standby to bundle in EtherChannel interface port-channel_id by CLACP.","A standby port has been selected to move to bundled state in a span-cluster channel group.","None required.","6","Informational","5","network","general"
+"%ASA-6-426104","426104","PORT-CHANNEL:Interface ifc_name is unselected in EtherChannel interface port-channel_id by CLACP.","%ASA-6-426104: PORT-CHANNEL:Interface ifc_name is unselected in EtherChannel interface port-channel_id by CLACP.","A bundled port has been unbundled in a span-cluster channel group to obtain space for other ports to be bundled.","None required.","6","Informational","5","network","general"
+"%ASA-6-428001","428001","WAAS confirmed from in_interface:src_ip_addr/src_port to","%ASA-6-428001: WAAS confirmed from in_interface:src_ip_addr/src_port to","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","network","general"
+"%ASA-6-428002","428002","WAAS confirmed from in_interface :src_ip_addr/src_port to out_interface :dest_ip_addr/dest_port , inspection services bypassed on this connection.","%ASA-6-428002: WAAS confirmed from in_interface :src_ip_addr/src_port to out_interface :dest_ip_addr/dest_port , inspection services bypassed on this connection.","WAAS optimization was detected on a connection. All layer 7 inspection services, including IPS, are bypassed on WAAS-optimized connections.","No action is required if the network includes WAE devices; otherwise, the network administrator should investigate the use of the WAAS option on this connection.","6","Informational","25","network","general"
+"%ASA-3-429001","429001","CX card not up and fail-close mode used, dropping protocol packet from interface_name:ip_address/port to interface_name:ip_address/port","%ASA-3-429001: CX card not up and fail-close mode used, dropping protocol packet from interface_name:ip_address/port to interface_name:ip_address/port","Data has been dropped because an SSP is down and a fail-close policy exists.","Check the status of the service module and contact the Cisco TAC for assistance, if necessary.","3","Error","85","network","general"
+"%ASA-4-429002","429002","CX requested to drop protocol packet from interface_name:ip_address/port to interface_name:ip_address/port","%ASA-4-429002: CX requested to drop protocol packet from interface_name:ip_address/port to interface_name:ip_address/port","The CXSC SSP requested that the ASA drop a packet of a connection.","None.","4","Warning","65","network","general"
+"%ASA-4-429003","429003","CX requested to reset TCP connection from interface_name:ip_addr/port to interface_name:ip_addr/port","%ASA-4-429003: CX requested to reset TCP connection from interface_name:ip_addr/port to interface_name:ip_addr/port","The CXSC SSP requested that the ASA reset a TCP connection.","None required.","4","Warning","5","network","general"
+"%ASA-3-429004","429004","Unable to set up rule_name authentication-proxy rule for the cxsc action on interface interface_name for policy_type service-policy.","%ASA-3-429004: Unable to set up rule_name authentication-proxy rule for the cxsc action on interface interface_name for policy_type service-policy.","The ASA could not set up to-the-box rules for authentication proxy with the CXSC action because of some internal errors, such as insufficient memory.","This error should not occur. Contact the Cisco TAC.for assistance.","3","Error","75","network","general"
+"%ASA-6-429005","429005","Set up protocol_type authentication-proxy rule for the cxsc action on interface interface_name for traffic destined to ip_address/port for policy_type service-policy","%ASA-6-429005: Set up protocol_type authentication-proxy rule for the cxsc action on interface interface_name for traffic destined to ip_address/port for policy_type service-policy","The ASA successfully set up to-the-box rules for authentication proxy with the CXSC action.","None.","6","Informational","15","network","general"
+"%ASA-6-429006","429006","Cleaned up authentication-proxy rule for the cxsc action on interface interface_name for traffic destined to ip_address for policy_type service-policy","%ASA-6-429006: Cleaned up authentication-proxy rule for the cxsc action on interface interface_name for traffic destined to ip_address for policy_type service-policy","The ASA successfully cleaned up to-the-box rules for authentication proxy with the CXSC action.","None.","6","Informational","15","network","general"
+"%ASA-4-429007","429007","CXSC redirect will override Scansafe redirect for flow from interface_name:ip_address/port to interface_name:ip_address/port [(username)]","%ASA-4-429007: CXSC redirect will override Scansafe redirect for flow from interface_name:ip_address/port to interface_name:ip_address/port [(username)]","A flow matches both CXSC and Scansafe redirects. The message indicates that the CXSC redirect overrides the Scansafe redirect for the displayed flow.","If this is unwanted behavior, then reconfigure the policy to ensure that no overlap of CXSC and Scansafe redirection occurs for the same flow.","4","Warning","75","network","general"
+"%ASA-4-429008","429008","Unable to respond to VPN query from CX for session 0x%x . Reason %s","%ASA-4-429008: Unable to respond to VPN query from CX for session 0x%x . Reason %s","The CX sent a VPN session query to the Secure Firewall ASA, but it did not respond either because of an invalid session ID or another reason. Valid reasons can be any of the following: • TLV length is invalid • TLV memory allocation failed • VPN session query message enqueue failed • VPN session ID is invalid","None required.","4","Warning","5","network","general"
+"%ASA-4-431001","431001","RTP conformance: Dropping RTP packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, Drop reason: drop_reason value","%ASA-4-431001: RTP conformance: Dropping RTP packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, Drop reason: drop_reason value","The RTP packet was dropped. • in_ifc—The input interface • src_ip—The source IP address of the packet • src_port—The source port of the packet • out_ifc—The output interface • dest_ip —The destination IP address of the packet • dest_port—The destination port of the packet • drop_reason—One of the following drop reasons: - Incorrect version value —The version number from the packet is incorrect. - Invalid payload-type value —The payload type from the packet is invalid. - Incorrect SSRC value —The SSRC from the packet is incorrect. - Out-of-range sequence number value sequence number from the packet. - Out of sequence in packet in probation value sequence number from the packet.","Examine the dropped RTP packets to determine which field the RTP source is setting incorrectly. Also examine the source to verify that it is legitimate and not an attacker trying to misuse an opening in the ASA.","4","Warning","85","network","general"
+"%ASA-4-431002","431002","RTCP conformance: Dropping RTCP packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, Drop reason: drop_reason value","%ASA-4-431002: RTCP conformance: Dropping RTCP packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, Drop reason: drop_reason value","The RTCP packet was dropped. • in_ifc—The input interface • src_ip—The source IP address of the packet • src_port—The source port of the packet • out_ifc—The output interface","Examine the dropped RTP packets to determine which field the RTP source is setting incorrectly. Also examine the source to verify that it is legitimate and not an attacker trying to misuse an opening in the ASA.","4","Warning","75","network","general"
+"%ASA-4-434001","434001","SFR card not up and fail-close mode used, dropping protocol packet from ingress:source/IP_address to source_port:egress_interface/destination_IP_address","%ASA-4-434001: SFR card not up and fail-close mode used, dropping protocol packet from ingress:source/IP_address to source_port:egress_interface/destination_IP_address","A packet has been dropped because of a fail-close configuration for the module. Your loss of connectivity for all the flows is caused by redirecting them to the module, because the fail-close configuration is designed to drop all the flows if the module is down.","Try to understand the reason for failure and restore services. Alternatively, you can use the fail-open option even if the card does not recover immediately. Note that in the fail-open configuration, all packets to the module are bypassed if the card status is down.","4","Warning","75","network","general"
+"%ASA-4-434002","434002","SFR requested to drop protocol packet from ingress_interface:source_IP_address/source_port to egress_interface:destination_IP_address/destination_port","%ASA-4-434002: SFR requested to drop protocol packet from ingress_interface:source_IP_address/source_port to egress_interface:destination_IP_address/destination_port","A packet has been denied by the module. Your connection is not successful for a certain flow has been redirected to the module.","Try to identify the module policy that caused this flow or packet to be denied.","4","Warning","65","network","general"
+"%ASA-4-434003","434003","SFR requested to reset TCP connection from ingress_interface:source_IP_address/source_port to egress:interface/destination_IP_address","%ASA-4-434003: SFR requested to reset TCP connection from ingress_interface:source_IP_address/source_port to egress:interface/destination_IP_address","A TCP flow has been reset by the ASA, as requested by the module. Your TCP connection is not successful for a certain flow because it was redirected to the module.","Try to identify the module policy that caused this flow or packet to be denied.","4","Warning","65","network","general"
+"%ASA-5-434004","434004","SFR requested device to bypass further packet redirection and process protocol flow from inside_ifc_name:src_ip/src_port to outside_ifc_name:dst_ip/dst_port locally","%ASA-5-434004: SFR requested device to bypass further packet redirection and process protocol flow from inside_ifc_name:src_ip/src_port to outside_ifc_name:dst_ip/dst_port locally","SourceFire (SFR) has determined not to inspect more traffic of a flow and requests the Secure Firewall ASA to stop redirecting the flow of traffic to SFR.","None Required.","5","Notification","5","network","general"
+"%ASA-4-434007","434007","SFR redirect will override Scansafe redirect for flow from inside_interface:source_ip_address/source_port to outside_interface:destination_IP_address/destination_port [(user)]","%ASA-4-434007: SFR redirect will override Scansafe redirect for flow from inside_interface:source_ip_address/source_port to outside_interface:destination_IP_address/destination_port [(user)]","A flow that was inspected by Scansafe is now inspected by SourceFire (SFR) only. Scansafe and SFR cannot inspect a flow simultaneously.","Reconfigure the ASA inspect policy that caused this flow or packet to be inspected by either Scansafe or SFR.","4","Warning","75","network","general"
+"%ASA-2-444004","444004","Timebased activation key xxx xxx xxx xxx xxx has expired. Applying permanent_license activation key xxx xxx xxx xxx xxx.","%ASA-2-444004: Timebased activation key xxx xxx xxx xxx xxx has expired. Applying permanent_license activation key xxx xxx xxx xxx xxx.","The temporary license that was installed has expired. The features that the license provided are no longer available. • key —The temporary activation key • permkey —The permanent activation key","A permanent license should be purchased and installed.","2","Critical","85","network","general"
+"%ASA-4-444005","444005","Timebased license key xxx xxx xxx xxx xxx will expire in num days.","%ASA-4-444005: Timebased license key xxx xxx xxx xxx xxx will expire in num days.","This message is generated every 24 hours, indicating that the temporary license will expire in the number of days specified. After that date, the features that the license provided will no longer be available. • activation-key —The temporary activation key • num —The number of days left until expiration","If the amount of time remaining is less than 30 days, you should purchase another time-based activation key before the temporary license runs out.","4","Warning","45","network","general"
+"%ASA-2-444007","444007","Timebased activation key xxx xxx xxx xxx xxx has expired.","%ASA-2-444007: Timebased activation key xxx xxx xxx xxx xxx has expired.","The time-based activation key has expired. The specified features that the license provided are no longer available. • activation-key —The temporary activation key • feature —The name of the licensed feature being affected","You must purchase another time-based activation key as soon as possible to prevent service disruption for the features specified.","2","Critical","85","network","general"
+"%ASA-4-444008","444008","license-type license has expired, and the system is scheduled to reload in number days. Apply a new activation key to enable license-type license and prevent the automatic reload.","%ASA-4-444008: license-type license has expired, and the system is scheduled to reload in number days. Apply a new activation key to enable license-type license and prevent the automatic reload.","The specific license has expired, which will cause the system to reload in x days. Apply a new activation key to enable the specific license and prevent automatic reload.","Apply a new activation key to enable the specific license and prevent automatic reload.","4","Warning","65","network","general"
+"%ASA-2-444009","444009","license-type license has expired 30 days ago. The system will now reload.","%ASA-2-444009: license-type license has expired 30 days ago. The system will now reload.","The specific license expired 30 days ago. The system will reload.","None required.","2","Critical","100","network","general"
+"%ASA-5-444100","444100","Shared license request request failed, Reason: reason.","%ASA-5-444100: Shared license request request failed, Reason: reason.","A shared license client request was unsuccessfully sent or processed by the server. • request —Valid requests are: - get AnyConnect Premium - release AnyConnect Premium - transfer AnyConnect Premium • reason —The reason that the request failed. Valid reasons are: - connection failed to server - version not supported by server - message signature invalid - client ID unknown by server - server is not active - license capacity reached","None required.","5","Notification","5","network","general"
+"%ASA-5-444101","444101","Shared license service is active. License server address: address","%ASA-5-444101: Shared license service is active. License server address: address","The shared license server has become active. • address —The license server IPv4 or IPv6 address","None required.","5","Notification","5","network","general"
+"%ASA-2-444102","444102","Shared license service inactive. License server is not responding.","%ASA-2-444102: Shared license service inactive. License server is not responding.","The shared license service was inactive because the license server was not responding. The ASA failed to register with the shared license server.","Verify that the license server address, secret, and port are configured correctly.","2","Critical","100","network","general"
+"%ASA-6-444103","444103","Shared licensetype license usage is over 90% capacity.","%ASA-6-444103: Shared licensetype license usage is over 90% capacity.","The shared license usage on the network is over 90 percent capacity. • licensetype —AnyConnect Premium","None required.","6","Informational","5","network","general"
+"%ASA-6-444104","444104","Shared licensetype license availability: value.","%ASA-6-444104: Shared licensetype license availability: value.","The shared license availability on the network appeared. • licensetype —AnyConnect Premium • value —The license availability","None required.","6","Informational","5","network","general"
+"%ASA-2-444105","444105","Released value shared licensetype license(s). License server has been unreachable for 24 hours.","%ASA-2-444105: Released value shared licensetype license(s). License server has been unreachable for 24 hours.","The shared license server has been unreachable for 24 hours, and all shared licenses that have been acquired by the ASA have been released. The ASA failed to register with the license server. • licensetype —AnyConnect Premium • value —The license availability","Verify the connectivity to the license server, and that the configuration has not been changed on the license server.","2","Critical","100","network","general"
+"%ASA-4-444106","444106","Shared license backup server address is not available","%ASA-4-444106: Shared license backup server address is not available","The shared license backup server is not reachable. License server information is not synchronized with the backup device.","None required.","4","Warning","5","network","general"
+"%ASA-6-444107","444107","Shared license service status on interface ifname.","%ASA-6-444107: Shared license service status on interface ifname.","The shared license service has been enabled or disabled on the specified interface. • ifname —The interface name. • status —The status of the license server. Valid values are enabled or disabled.","None required.","6","Informational","5","network","general"
+"%ASA-6-444108","444108","Shared license state client id id.","%ASA-6-444108: Shared license state client id id.","The multi-site license client ID has registered or expired with the server. • id —The ID of the client • state —The state of the license server. Valid values are registered or expired.","None required.","6","Informational","5","network","general"
+"%ASA-4-444109","444109","Shared license backup server role change to state.","%ASA-4-444109: Shared license backup server role change to state.","The shared backup license server role has changed. • state —The state of the license server. Valid values are active or inactive.","None required.","4","Warning","5","network","general"
+"%ASA-4-444110","444110","Shared license server backup has days day(s) remaining as active license server.","%ASA-4-444110: Shared license server backup has days day(s) remaining as active license server.","The shared backup license server is in an active role and remains active for a specified number of days. The ASA failed to register with the license server, and needs to register with the primary license server soon. • days —The number of days left as the active license server","Verify that the license server is online and reachable by the ASA.","4","Warning","65","network","general"
+"%ASA-2-444111","444111","Shared license backup service has been terminated due to the primary license server address being unavailable for more than days days. The License server needs to be brought back on-line to continue using shared licensing.","%ASA-2-444111: Shared license backup service has been terminated due to the primary license server address being unavailable for more than days days. The License server needs to be brought back on-line to continue using shared licensing.","The shared backup license server active time has expired. The primary server needs to go online in order for the shared license service to continue. • address —The IPv4 or IPv6 address of the license server • days —The number of days that the license server has been unavailable","Register with the primary license server in order to continue using the shared license service.","2","Critical","85","network","general"
+"%ASA-2-444302","444302","%SMART_LIC-2-PLATFORM_ERROR: Platform error.","%ASA-2-444302: %SMART_LIC-2-PLATFORM_ERROR: Platform error.","Smart Licensing Agent has encountered a platform problem. This indicates that the platform team did not properly implement smart licensing on the device.","The platform team needs to address this problem before release.","2","Critical","85","network","general"
+"%ASA-3-444303","444303","%SMART_LIC-3-HOT_STANDBY_OUT_OF_SYNC: Smart Licensing agent on hot standby is out of sync with active Smart Licensing agent.","%ASA-3-444303: %SMART_LIC-3-HOT_STANDBY_OUT_OF_SYNC: Smart Licensing agent on hot standby is out of sync with active Smart Licensing agent.","The system clock has been changed so that it is now outside the valid registration period. If the clock is reset to a value inside the registration validity period within one hour smart licensing will continue function normally. If the clock is not reset the device will become un-registered and a new identity token will need to be obtained to re-register the device. The registration validity period is defined by the start and end date in the identity certificate. Use 'show tech license' to get the id certificate information. Error Message","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","network","general"
+"%ASA-4-444304","444304","%SMART_LIC-4-CONFIG_NOT_SAVED: Smart Licensing configuration has not been saved.","%ASA-4-444304: %SMART_LIC-4-CONFIG_NOT_SAVED: Smart Licensing configuration has not been saved.","This is for information only. The customer is still in compliance and within the overage amount as specified in their contract. Error Message","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-5-444305","444305","%SMART_LIC-5-COMM_INIT_FAILED: Failed to initialize communications with the Cisco Licensing Cloud.","%ASA-5-444305: %SMART_LIC-5-COMM_INIT_FAILED: Failed to initialize communications with the Cisco Licensing Cloud.","Either customer allocate entitlement prior to registration or customer registration has expired. The device is now de-registered and is in evaluation mode. Error Message","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-6-444306","444306","%SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is status.","%ASA-6-444306: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is status.","Notification of whether the usage of export controlled features is allowed or not allowed. This message is generated following the registration with Cisco licensing cloud.","None.","6","Informational","15","network","general"
+"%ASA-7-444307","444307","%SMART_LIC-7-DAILY_JOB_TIMER_RESET: Daily job timer reset.","%ASA-7-444307: %SMART_LIC-7-DAILY_JOB_TIMER_RESET: Daily job timer reset.","This message is only used for testing purposes and does not indicate an error.","None.","7","Debugging","5","network","general"
+"%ASA-3-444714","444714","Azure failed to retrieve Wireserver IPv4 address.","%ASA-3-444714: Azure failed to retrieve Wireserver IPv4 address.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","75","network","general"
+"%ASA-4-446001","446001","Maximum TLS Proxy session limit of max_sess reached","%ASA-4-446001: Maximum TLS Proxy session limit of max_sess reached","A configured maximum session limit for TLS proxy was reached. New sessions beyond the limit were denied. • max_sess —The currently effective maximum session limit","If more TLS sessions are needed, use the tls-proxy maximum-sessions max_sess command to increase the limit. Alternatively, you can use the tls-proxy proxy_name and tls-proxy maximum-sessions max_sess commands, and then reboot for the commands to take effect.","4","Warning","65","network","general"
+"%ASA-4-446003","446003","Denied TLS Proxy session from src_int :src_ip /src_port to dst_int :dst_ip /dst_port , UC-IME license is disabled.","%ASA-4-446003: Denied TLS Proxy session from src_int :src_ip /src_port to dst_int :dst_ip /dst_port , UC-IME license is disabled.","The UC-IME license is either on or off. Once enabled, UC-IME can use any number of available TLS sessions, according to the Secure Firewall ASA limit and the K8 export limit. • src_int —The source interface name (inside or outside) • src_ip —The source IP address • src_port —The source port • dst_int —The destination interface name (inside or outside) • dst_ip —The destination IP address • dst_port —The destination port","Check to see if UC-IME is disabled. If so, activate it.","4","Warning","65","network","general"
+"%ASA-4-447001","447001","ASP DP to CP queue_name was full. Queue length length, limit limit","%ASA-4-447001: ASP DP to CP queue_name was full. Queue length length, limit limit","This message indicates a particular data path (DP) to control point (CP) event queue is full, and one or more multiple enqueue actions have failed. If the event contains a packet block, such as for CP application inspection, the packet will be dropped by the DP, and a counter from the show asp drop command will increment. If the event is for punt to CP, a typical counter is the Punt no memory ASP-drop counter. • queue —The name of the DP-CP event queue. • length —The current number of events on the queue. • limit —The maximum number of events that are allowed on the queue.","The queue-full condition reflects the fact that the load on the CP has exceeded the CP processing ability, which may or may not be a temporary condition. You should consider reducing the feature load on the CP if this message appears repeatedly. Use the show asp event dp-cp command to identify the features that contribute the most load on the event queue.","4","Warning","75","network","general"
+"%ASA-4-448001","448001","Denied SRTP crypto session setup on flow from src_int:src_ip/src_port to dst_int:dst_ip/dst_port, licensed K8 SRTP crypto session limit of limit exceeded","%ASA-4-448001: Denied SRTP crypto session setup on flow from src_int:src_ip/src_port to dst_int:dst_ip/dst_port, licensed K8 SRTP crypto session limit of limit exceeded","For a K8 platform, the limit of 250 SRTP crypto sessions is enforced. Each pair of SRTP encrypt or decrypt sessions is counted as one SRTP crypto session. A call is counted toward this limit only when encryption or decryption is required for a medium, which means that if the pass-through is set for the call, even if both legs use SRTP, they are not counted toward this limit. • src_int —The source interface name (inside or outside) • src_ip —The source IP address • src_port —The source port • dst_int —The destination interface name (inside or outside) • dst_ip —The destination IP address • dst_port —The destination port • limit —The K8 limit of SRTP crypto sessions (250)","None required. You can set up new SRTP crypto sessions only when existing SRTP crypto sessions have been released.","4","Warning","65","network","general"
+"%ASA-4-450001","450001","Deny traffic for protocol protocol_id src interface_name:IP_address/port dst","%ASA-4-450001: Deny traffic for protocol protocol_id src interface_name:IP_address/port dst","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","65","network","general"
+"%ASA-4-450002","450002","Teardown string connection connection for interface:address/port to interface:address/port duration hh:mm:ss bytes bytes reason reason_string","%ASA-4-450002: Teardown string connection connection for interface:address/port to interface:address/port duration hh:mm:ss bytes bytes reason reason_string","Drop due to vPath license failure.","None required.","4","Warning","75","network","general"
+"%ASA-5-500001","500001","ActiveX content in java script is modified: src forward_ip_address dest reverse_ip_address on interface interface_name","%ASA-5-500001: ActiveX content in java script is modified: src forward_ip_address dest reverse_ip_address on interface interface_name","Ensure the blocking of Java/ActiveX content present in Java script when the policy (filter Java (or) filter ActiveX) is enabled on the Secure Firewall ASA.","None required.","5","Notification","5","network","general"
+"%ASA-5-500002","500002","Java content in java script is modified: src forward_ip_address dest reverse_ip_address on interface interface_name","%ASA-5-500002: Java content in java script is modified: src forward_ip_address dest reverse_ip_address on interface interface_name","Ensure the blocking of Java/ActiveX content present in Java script when the policy (filter Java (or) filter ActiveX) is enabled on the Secure Firewall ASA.","None required.","5","Notification","5","network","general"
+"%ASA-5-500003","500003","Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags:tcp_flags, on interfaceinterface_name","%ASA-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags:tcp_flags, on interfaceinterface_name","A header length in TCP was incorrect. Some operating systems do not handle TCP resets (RSTs) correctly when responding to a connection request to a disabled socket. If a client tries to connect to an FTP server outside the Secure Firewall ASA and the FTP server is not listening, then it sends an RST. Some operating systems send incorrect TCP header lengths, which causes this problem. UDP uses ICMP port unreachable messages. The TCP header length may indicate that it is larger than the packet length, which results in a negative number of bytes being transferred. A negative number appears by a message as an unsigned number, which makes it appear much larger than it would be normally; for example, it may show 4 GB transferred in one second. This message should occur infrequently.","None required.","5","Notification","5","network","general"
+"%ASA-4-500004","500004","Invalid transport field for protocol=protocol, from source_address/source_port to dest_address/dest_port","%ASA-4-500004: Invalid transport field for protocol=protocol, from source_address/source_port to dest_address/dest_port","An invalid transport number was used, in which the source or destination port number for a protocol is zero. The protocol value is 6 for TCP and 17 for UDP.","If these messages persist, contact the administrator of the peer.","4","Warning","55","network","general"
+"%ASA-3-500005","500005","Connection terminated for protocol from in_ifc_name:src_adddress/src_port to out_ifc_name:dest_address/dest_port due to invalid combination of inspections on same flow. Inspect inspect_name is not compatible with filter filter_name","%ASA-3-500005: Connection terminated for protocol from in_ifc_name:src_adddress/src_port to out_ifc_name:dest_address/dest_port due to invalid combination of inspections on same flow. Inspect inspect_name is not compatible with filter filter_name","A connection matched with single or multiple inspection and/or single or multiple filter features that are not allowed to be applied to the same connection. • protocol— The protocol that the connection was using • in_ifc_name —The input interface name • src_address —The source IP address of the connection • src_port —The source port of the connection • out_ifc_name —The output interface name • dest_address —The destination IP address of the connection • dest_port —The destination port of the packet • inspect_name —The inspect or filter feature name • filter_name —The filter feature name","Review the class-map, policy-map, service-policy, and/or filter command configurations that are causing the referenced inspection and/or filter features that are matched for the connection. The rules for inspection and filter feature combinations for a connection are as follows:","3","Error","65","network","general"
+"%ASA-4-500006","500006","For flow inside:IP_Address/port to outside:IP_Address/port :existing_flow_message:connection_id","%ASA-4-500006: For flow inside:IP_Address/port to outside:IP_Address/port :existing_flow_message:connection_id","This message is generated when staleness in pinhole flows persist due to failure to clear timeout expiry, interface flap, and so on. The flow message with connection ID in the message helps in debugging the issue: • Existing flow message—Displays the current flow information for the connection id, such as: • found existing flow • pin-hole consumption maybe in progress • pin-hole delete • connection id—Displays the unique connection ID.","None.","4","Warning","55","network","general"
+"%ASA-5-501101","501101","User transitioning priv level","%ASA-5-501101: User transitioning priv level","The privilege level of a command was changed.","None required.","5","Notification","5","network","general"
+"%ASA-5-502101","502101","New user added to local dbase: Uname: user Priv: privilege_level Encpass: *****","%ASA-5-502101: New user added to local dbase: Uname: user Priv: privilege_level Encpass: *****","A new username record was created, which included the username, privilege level, and encrypted password.","None required.","5","Notification","5","network","general"
+"%ASA-5-502102","502102","User deleted from local dbase: Uname: user Priv: privilege_level Encpass: *****","%ASA-5-502102: User deleted from local dbase: Uname: user Priv: privilege_level Encpass: *****","A username record was deleted, which included the username, privilege level, and encrypted password.","None required.","5","Notification","5","network","general"
+"%ASA-5-502103","502103","User priv level changed: Uname: user From: privilege_level To: privilege_level","%ASA-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level","The privilege level of a user changed.","None required.","5","Notification","5","network","general"
+"%ASA-5-502111","502111","New group policy added: name: policy_name Type: policy_type","%ASA-5-502111: New group policy added: name: policy_name Type: policy_type","A group policy was configured using the group-policy CLI command. • policy_name—The name of the group policy • policy_type—Either internal or external","None required.","5","Notification","5","network","general"
+"%ASA-5-502112","502112","Group policy deleted: name: policy_name Type: policy_type","%ASA-5-502112: Group policy deleted: name: policy_name Type: policy_type","A group policy has been removed using the group-policy CLI command. • policy_name—The name of the group policy • policy_type—Either internal or external","None required.","5","Notification","5","network","general"
+"%ASA-5-503001","503001","Process number, Nbr IP_address on interface_name from string to string , reason","%ASA-5-503001: Process number, Nbr IP_address on interface_name from string to string , reason","An OSPFv2 neighbor has changed its state. The message describes the change and the reason for it. This message appears only if the log-adjacency-changes command is configured for the OSPF process.","Copy the message exactly as it appears, and report it to the Cisco TAC.","5","Notification","25","network","general"
+"%ASA-5-503002","503002","Last valid authentication key for neighbor nameif expires","%ASA-5-503002: Last valid authentication key for neighbor nameif expires","None of the security associations have a lifetime that include the current system time.","Configure a new security association or alter the lifetime of a current security association.","5","Notification","25","network","general"
+"%ASA-5-503003","503003","Expired key ID sent | received used by neighbor nameif","%ASA-5-503003: Expired key ID sent | received used by neighbor nameif","The Key ID configured on the interface expired.","Configure a new key.","5","Notification","25","network","general"
+"%ASA-5-503004","503004","No key ID key-id for neighbor key-chain-name","%ASA-5-503004: No key ID key-id for neighbor key-chain-name","OSPF has been configured to use cryptographic authentication, however a key or password has not been configured.","Configure a new security association or alter the lifetime of a current security association.","5","Notification","25","network","general"
+"%ASA-5-503005","503005","No crypto algorithm for neighbor key-id key ID key-chain-name","%ASA-5-503005: No crypto algorithm for neighbor key-id key ID key-chain-name","OSPF has been configured to use cryptographic authentication, however an algorithm has not been configured.","Configure a cryptographic-algorithm for the security association.","5","Notification","25","network","general"
+"%ASA-5-503101","503101","Process d, Nbr i on s from s to s, s","%ASA-5-503101: Process d, Nbr i on s from s to s, s","An OSPFv3 neighbor has changed its state. The message describes the change and the reason for it. This message appears only if the log-adjacency-changes command is configured for the OSPF process.","None required.","5","Notification","5","network","general"
+"%ASA-5-504001","504001","Security context context_name was added to the system","%ASA-5-504001: Security context context_name was added to the system","A security context was successfully added to the Secure Firewall ASA.","None required.","5","Notification","5","network","general"
+"%ASA-5-504002","504002","Security context context_name was removed from the system","%ASA-5-504002: Security context context_name was removed from the system","A security context was successfully removed from the Secure Firewall ASA.","None required.","5","Notification","5","network","general"
+"%ASA-5-505001","505001","Module string_one is shutting down. Please wait...","%ASA-5-505001: Module string_one is shutting down. Please wait...","A module is being shut down.","None required.","5","Notification","5","network","general"
+"%ASA-5-505002","505002","Module ips is reloading. Please wait...","%ASA-5-505002: Module ips is reloading. Please wait...","An IPS module is being reloaded.","None required.","5","Notification","45","network","general"
+"%ASA-5-505003","505003","Module string_one is resetting. Please wait...","%ASA-5-505003: Module string_one is resetting. Please wait...","A module is being reset.","None required.","5","Notification","5","network","general"
+"%ASA-5-505004","505004","Module string_one shutdown is complete.","%ASA-5-505004: Module string_one shutdown is complete.","A module has been shut down.","None required.","5","Notification","5","network","general"
+"%ASA-5-505005","505005","Module module_name is initializing control communication. Please wait...","%ASA-5-505005: Module module_name is initializing control communication. Please wait...","A module has been detected, and the Secure Firewall ASA is initializing control channel communication with it.","None required.","5","Notification","5","network","general"
+"%ASA-5-505006","505006","Module string_one is Up.","%ASA-5-505006: Module string_one is Up.","A module has completed control channel initialization and is in the UP state.","None required.","5","Notification","5","network","general"
+"%ASA-5-505007","505007","Module prod_id in slot slot_num is recovering. Please wait...","%ASA-5-505007: Module prod_id in slot slot_num is recovering. Please wait...","A software module is being recovered with the sw-module module service-module-name recover boot command, or a hardware module is being recovered with the hw-module module slotnum recover boot command. • module_id—The name of the software services module. • prod_id—The product ID string. • slot_num —The slot in which the hardware services module is installed. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot.","None required.","5","Notification","5","network","general"
+"%ASA-5-505008","505008","Module","%ASA-5-505008: Module","The services module software is being upgraded. The update is proceeding normally. • module_id —The name of the software services module • slot_num —The slot number that contains the hardware services module • >newver —The new version number of software that was not successfully written to the module (for example, 1.0(1)0) • >ver —The current version number of the software on the module (for example, 1.0(1)0)","None required.","5","Notification","5","network","general"
+"%ASA-5-505009","505009","Module in slot string_one software was updated to vnewver (previously vprevver)","%ASA-5-505009: Module in slot string_one software was updated to vnewver (previously vprevver)","The 4GE SSM module software was successfully upgraded. • string one —The text string that specifies the module • newver —The new version number of software that was not successfully written to the module (for example, 1.0(1)0) • ver —The current version number of the software on the module (for example, 1.0(1)0)","None required.","5","Notification","5","network","general"
+"%ASA-5-505010","505010","Module in slot slot removed","%ASA-5-505010: Module in slot slot removed","An SSM was removed from the Secure Firewall ASA chassis. • slot—The slot from which the SSM was removed","None required.","5","Notification","5","network","general"
+"%ASA-1-505011","505011","Module ips data channel communication is UP.","%ASA-1-505011: Module ips data channel communication is UP.","The data channel communication recovered from a DOWN state.","None required.","1","Alert","5","network","general"
+"%ASA-5-505012","505012","Module prod_id in slot slot_num , application stopped application , version version","%ASA-5-505012: Module prod_id in slot slot_num , application stopped application , version version","An application was stopped or removed from a services module. This may occur when the services module upgraded an application or when an application on the services module was stopped or uninstalled. • module_id—The name of the software services module • prod_id —The product ID string for the device installed in the hardwre services module • slot_num —The slot in which the application was stopped • application—The name of the application stopped • version—The application version stopped","If an upgrade was not occurring on the 4GE SSM or the application was not intentionally stopped or uninstalled, review the logs from the 4GE SSM to determine why the application stopped.","5","Notification","35","network","general"
+"%ASA-5-505013","505013","Module prod_id in slot slot_nunm application changed from: application version version to: newapplication version newversion .","%ASA-5-505013: Module prod_id in slot slot_nunm application changed from: application version version to: newapplication version newversion .","An application version changed, such as after an upgrade. A software update for the application on the services module is complete. • module_id—The name of the software services module • application—The name of the application that was upgraded • version—The application version that was upgraded","Verify that the upgrade was expected and that the new version is correct.","5","Notification","35","network","general"
+"%ASA-1-505014","505014","Module prod_id in slot slot_num , application down name , version version reason","%ASA-1-505014: Module prod_id in slot slot_num , application down name , version version reason","The application running on the module is disabled. • module_id—The name of the software services module • prod_id—The product ID string for the device installed in the hardware services module • slot_num —The slot in which the application was disabled. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot. • name—Application name (string) • application—The name of the application that was upgraded • version—The application version (string) • reason—Failure reason (string)","If the problem persists, contact the Cisco TAC.","1","Alert","95","network","general"
+"%ASA-1-505015","505015","Module prod_id in slot slot_num , application up application , version version","%ASA-1-505015: Module prod_id in slot slot_num , application up application , version version","The application running on the SSM in slot slot_num is up and running. • module_id—The name of the software services module • prod_id—The product ID string for the device installed in the hardware services module • slot_num —The slot in which the application is running. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot. • application—The application name (string) • version—The application version (string)","None required.","1","Alert","5","network","general"
+"%ASA-3-505016","505016","Module","%ASA-3-505016: Module","The application version or a name change was detected. • module_id—The name of the software services module • prod_id—The product ID string for the device installed in the hardware services module • slot_num —The slot in which the application changed. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot. • name—Application name (string) • version—The application version (string) • state—Application state (string) • application—The name of the application that changed","Verify that the change was expected and that the new version is correct.","3","Error","75","network","general"
+"%ASA-5-506001","506001","event_source_string event_string","%ASA-5-506001: event_source_string event_string","The status of a file system has changed. The event and the source of the event that caused a file system to become available or unavailable appear. Examples of sources and events that can cause a file system status change are as follows: • External CompactFlash removed • External CompactFlash inserted • External CompactFlash unknown event","None required.","5","Notification","5","network","general"
+"%ASA-5-507001","507001","Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port - reassembly limit of limit bytes exceeded","%ASA-5-507001: Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port - reassembly limit of limit bytes exceeded","The assembly buffer limit was exceeded during TCP segment reassembly. • source_address/source_port—The source IP address and the source port of the packet initiating the connection • dest_address/dest_port—The destination IP address and the destination port of the packet initiating the connection • interface_inside—The name of the interface on which the packet which initiated the connection arrives • interface_outside—The name of the interface on which the packet which initiated the connection exits • limit—The configured embryonic connection limit for the traffic class","None required.","5","Notification","5","network","general"
+"%ASA-4-507002","507002","Data copy in proxy-mode exceeded the buffer limit","%ASA-4-507002: Data copy in proxy-mode exceeded the buffer limit","An operational error occurred during processing of a fragmented TCP message.","None required.","4","Warning","5","network","general"
+"%ASA-3-507003","507003","protocol flow from originating_interface:src_ip/src_port to dest_if:dest_ip/dest_port terminated by inspection engine, reason - reason.","%ASA-3-507003: protocol flow from originating_interface:src_ip/src_port to dest_if:dest_ip/dest_port terminated by inspection engine, reason - reason.","The TCP proxy or session API terminated a connection for various reasons, which are provided in the message. • protocol—The protocol for the flow • src_ip—The source IP address for the flow • src_port —The name of the source port for the flow • dest_if —The destination interface for the flow • dest_ip —The destination IP address for the flow • dest_port —The destination port for the flow • reason —The description of why the flow is being terminated by the inspection engine. Valid reasons include: - Failed to create flow - Failed to initialize session API - Filter rules installed/matched are incompatible - Failed to consolidate new buffer data with original - Reset unconditionally - Reset based on “service reset inbound” configuration - Disconnected, dropped packet - Packet length changed - Reset reflected back to sender - Proxy inspector reset unconditionally - Proxy inspector drop reset - Proxy inspector received data after FIN - Proxy inspector disconnected, dropped packet - Inspector reset unconditionally - Inspector drop reset - Inspector received data after FIN - Inspector disconnected, dropped packet - Could not buffer unprocessed data","None required.","3","Error","95","network","general"
+"%ASA-5-508001","508001","DCERPC message_type non-standard version_type version version_number from src_if:src_ip/src_port to dest_if:dest_ip/dest_port, terminating connection.","%ASA-5-508001: DCERPC message_type non-standard version_type version version_number from src_if:src_ip/src_port to dest_if:dest_ip/dest_port, terminating connection.","During DCERPC inspection, a message header included a nonstandard major or minor version. • message_type—The DCERPC message type • version_type—The version type, which can be major or minor • version_number—The nonstandard version in the message header","If this is a valid version, and the problem persists, contact the Cisco TAC.","5","Notification","25","network","general"
+"%ASA-5-508002","508002","DCERPC response has low endpoint port port_number from src_if:src_ip/src_port to dest_if:dest_ip/dest_port, terminating connection.","%ASA-5-508002: DCERPC response has low endpoint port port_number from src_if:src_ip/src_port to dest_if:dest_ip/dest_port, terminating connection.","During DCERPC inspection, a response message included an endpoint port number less than 1024 (in the range of well-known server ports).","None required.","5","Notification","5","network","general"
+"%ASA-5-509001","509001","Connection attempt was prevented by \ command: src_intf","%ASA-5-509001: Connection attempt was prevented by \ command: src_intf","The no forward interface command was entered to block traffic from the source interface to the destination interface given in the message. This command is required on low-end platforms to allow the creation of interfaces beyond the licensed limit. • src_intf—The name of the source interface to which the no forward interface command restriction applies • dst_intf—The name of the destination interface to which the no forward interface command restriction applies • sg_info —The security group name or tag for the specified IP address","Upgrade the license to remove the requirement of this command on low-end platforms, then remove the command from the configuration.","5","Notification","35","network","general"
+"%ASA-3-520001","520001","error_string","%ASA-3-520001: error_string","A malloc failure occurred in ID Manager. The errror string can be either of the following: • Malloc failure—id_reserve • Malloc failure—id_get","Contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-520002","520002","bad new ID table size","%ASA-3-520002: bad new ID table size","A bad new table request to the ID Manager occurred.","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520003","520003","bad id in error_string (id: 0xid_num)","%ASA-3-520003: bad id in error_string (id: 0xid_num)","An ID Manager error occurred. The error string may be any of the following: • id_create_new_table (no more entries allowed) • id_destroy_table (bad table ID) • id_reserve • id_reserve (bad ID) • id_reserve: ID out of range • id_reserve (unassigned table ID) • id_get (bad table ID) • id_get (unassigned table ID) • id_get (out of IDs!) • id_to_ptr • id_to_ptr (bad ID) • id_to_ptr (bad table ID) • id_get_next_id_ptr (bad table ID) • id_delete • id_delete (bad ID) • id_delete (bad table key)","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520004","520004","error_string","%ASA-3-520004: error_string","An id_get was attempted at the interrupt level.","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520005","520005","error_string","%ASA-3-520005: error_string","An internal error occurred with the ID Manager.","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520010","520010","Bad queue elem – qelem_ptr : flink flink_ptr , blink blink_ptr , flink-blink flink_blink_ptr , blink-flink blink_flink_ptr","%ASA-3-520010: Bad queue elem – qelem_ptr : flink flink_ptr , blink blink_ptr , flink-blink flink_blink_ptr , blink-flink blink_flink_ptr","An internal software error occurred, which can be any of the following: • qelem_ptr —A pointer to the queue data structure • flink_ptr —A pointer to the forward element of the queue data structure • blink_ptr —A pointer to the backward element of the queue data structure • flink_blink_ptr —A pointer to the forward element’s backward pointer of the queue data structure • blink_flink_ptr —A pointer to the backward element’s forward pointer of the queue data structure","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520011","520011","Null queue elem","%ASA-3-520011: Null queue elem","An internal software error occurred.","Contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520013","520013","Regular expression access check with bad list acl_ID","%ASA-3-520013: Regular expression access check with bad list acl_ID","A pointer to an access list is invalid.","The event that caused this message to be issued should not have occurred. It can mean that one or more data structures have been overwritten. If this message recurs, and you decide to report it to your TAC representative, you should copy the text of the message exactly as it appears and include the associated stack trace. Because access list corruption may have occurred, a TAC representative should verify that access lists are functioning correctly.","3","Error","100","network","general"
+"%ASA-3-520020","520020","No memory available","%ASA-3-520020: No memory available","The system is out of memory.","Try one of the following actions to correct the problem: • Reduce the number of routes accepted by this router. • Upgrade hardware. • Use a smaller subset image on run-from-RAM platforms.","3","Error","75","network","general"
+"%ASA-3-520021","520021","Error deleting trie entry, error_message","%ASA-3-520021: Error deleting trie entry, error_message","A software programming error occurred. The error message can be any of the following: • Inconsistent annotation • Couldn't find our annotation • Couldn't find deletion target","Copy the error message exactly as it appears, and report it to Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520022","520022","Error adding mask entry, error_message","%ASA-3-520022: Error adding mask entry, error_message","A software or hardware error occurred. The error message can be any of the following: • Mask already in tree • Mask for route not entered • Non-unique normal route, mask not entered","Copy the error message exactly as it appears, and report it to Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520023","520023","Invalid pointer to head of tree, 0x radix_node_ptr","%ASA-3-520023: Invalid pointer to head of tree, 0x radix_node_ptr","A software programming error occurred.","Copy the error message exactly as it appears, and report it to Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-520024","520024","Orphaned mask #radix_mask_ptr, refcount= radix_mask_ptr’s ref count at #radix_node_address, next= #radix_node_nxt","%ASA-3-520024: Orphaned mask #radix_mask_ptr, refcount= radix_mask_ptr’s ref count at #radix_node_address, next= #radix_node_nxt","A software programming error occurred.","Copy the error message exactly as it appears, and report it to Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-520025","520025","No memory for radix initialization: err_msg","%ASA-3-520025: No memory for radix initialization: err_msg","The system ran out of memory during initialization. This should only occur if an image is too large for the existing dynamic memory. The error message can be either of the following:Initializing leaf nodesMask housekeeping","Use a smaller subset image or upgrade hardware.","3","Error","75","network","general"
+"%ASA-6-602101","602101","PMTU-D packet number bytes greater than effective mtu number, dest_addr=dest_address, src_addr=source_address, prot=protocol","%ASA-6-602101: PMTU-D packet number bytes greater than effective mtu number, dest_addr=dest_address, src_addr=source_address, prot=protocol","The Secure Firewall ASA sent an ICMP destination unreachable message and fragmentation is needed.","Make sure that the data is sent correctly.","6","Informational","15","network","general"
+"%ASA-6-602103","602103","IPSEC: Received an ICMP Destination Unreachable from src_addr with suggested PMTU of rcvd_mtu; PMTU updated for SA with peer peer_addr, SPI spi, tunnel name username, old PMTU old_mtu, new PMTU new_mtu","%ASA-6-602103: IPSEC: Received an ICMP Destination Unreachable from src_addr with suggested PMTU of rcvd_mtu; PMTU updated for SA with peer peer_addr, SPI spi, tunnel name username, old PMTU old_mtu, new PMTU new_mtu","The MTU of an SA was changed. When a packet is received for an IPsec tunnel, the corresponding SA is located and the MTU is updated based on the MTU suggested in the ICMP packet. If the suggested MTU is greater than 0 but less than 256, then the new MTU is set to 256. If the suggested MTU is 0, the old MTU is reduced by 256 or it is set to 256—whichever value is greater. If the suggested MTU is greater than 256, then the new MTU is set to the suggested value. • src_addr—IP address of the PMTU sender • rcvd_mtu—Suggested MTU received in the PMTU message • peer_addr—IP address of the IPsec peer • spi—IPsec Security Parameter Index • username—Username associated with the IPsec tunnel • old_mtu—Previous MTU associated with the IPsec tunnel","None required.","6","Informational","5","network","general"
+"%ASA-6-602104","602104","IPSEC: Received an ICMP Destination Unreachable from src_addr, PMTU is unchanged because suggested PMTU of rcvd_mtu is equal to or greater than the current PMTU of curr_mtu, for SA with peer peer_addr, SPI spi, tunnel name username","%ASA-6-602104: IPSEC: Received an ICMP Destination Unreachable from src_addr, PMTU is unchanged because suggested PMTU of rcvd_mtu is equal to or greater than the current PMTU of curr_mtu, for SA with peer peer_addr, SPI spi, tunnel name username","An ICMP message was received indicating that a packet sent over an IPsec tunnel exceeded the path MTU, and the suggested MTU was greater than or equal to the current MTU. Because the MTU value is already correct, no MTU adjustment is made. This may happen when multiple PMTU messages are received from different intermediate stations, and the MTU is adjusted before the current PMTU message is processed. • src_addr—IP address of the PMTU sender • rcvd_mtu—Suggested MTU received in the PMTU message • curr_mtu—Current MTU associated with the IPsec tunnel • peer_addr—IP address of the IPsec peer • spi—IPsec Security Parameter Index • username —Username associated with the IPsec tunnel","None required.","6","Informational","5","network","general"
+"%ASA-6-602303","602303","IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been created.","%ASA-6-602303: IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been created.","A new SA was created. • direction—SA direction (inbound or outbound) • tunnel_type—SA type (remote access or L2L) • spi—IPsec Security Parameter Index • local_IP—IP address of the tunnel local endpoint • remote_IP—IP address of the tunnel remote endpoint • >username —Username associated with the IPsec tunnel","None required.","6","Informational","5","network","general"
+"%ASA-6-602304","602304","IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been deleted.","%ASA-6-602304: IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been deleted.","An SA was deleted. • direction—SA direction (inbound or outbound) • tunnel_type—SA type (remote access or L2L) • spi—IPsec Security Parameter Index • local_IP—IP address of the tunnel local endpoint • remote_IP—IP address of the tunnel remote endpoint","None required.","6","Informational","5","network","general"
+"%ASA-3-602305","602305","IPSEC: SA creation error, source source_address, destination destination_address, reason error_string.","%ASA-3-602305: IPSEC: SA creation error, source source_address, destination destination_address, reason error_string.","An error has occurred while creating an IPsec security association.","This is typically a transient error condition. If this message occurs consistently, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-602306","602306","IPSEC: SA change peer IP error, SPI: IPsec_SPI, (src original_src_IP_address/original_src_port, dest original_dest_IP_address/original_dest_port =&gt; src new_src_IP_address/new_src_port, dest: new_dest_IP_address/new_dest_port), reason failure_reason.","%ASA-3-602306: IPSEC: SA change peer IP error, SPI: IPsec_SPI, (src original_src_IP_address/original_src_port, dest original_dest_IP_address/original_dest_port =&gt; src new_src_IP_address/new_src_port, dest: new_dest_IP_address/new_dest_port), reason failure_reason.","An error has occurred while updating an IPsec tunnel’s peer address for Mobile IKE and the peer address could not be changed.","This is typically a transient error condition. If this message occurs consistently, contact the Cisco TAC.","3","Error","65","network","general"
+"%ASA-6-603101","603101","PPTP received out of seq or duplicate pkt, tnl_id=number, sess_id=number, seq=number","%ASA-6-603101: PPTP received out of seq or duplicate pkt, tnl_id=number, sess_id=number, seq=number","The ASA received a PPTP packet that was out of sequence or duplicated.","If the packet count is high, contact the peer administrator to check the client PPTP configuration.","6","Informational","15","network","general"
+"%ASA-6-603102","603102","PPP virtual interface interface_name - user: user aaa authentication started","%ASA-6-603102: PPP virtual interface interface_name - user: user aaa authentication started","The ASA sent an authentication request to the AAA server.","None required.","6","Informational","5","network","general"
+"%ASA-6-603103","603103","PPP virtual interface interface_name - user: user aaa authentication status","%ASA-6-603103: PPP virtual interface interface_name - user: user aaa authentication status","The ASA received an authentication response from the AAA server.","None required.","6","Informational","5","network","general"
+"%ASA-6-603104","603104","PPTP Tunnel created, tunnel_id is number, remote_peer_ip is remote_address, ppp_virtual_interface_id is number, client_dynamic_ip is IP_address, username is user, MPPE_key_strength is string","%ASA-6-603104: PPTP Tunnel created, tunnel_id is number, remote_peer_ip is remote_address, ppp_virtual_interface_id is number, client_dynamic_ip is IP_address, username is user, MPPE_key_strength is string","A PPTP tunnel was created.","None required.","6","Informational","5","network","general"
+"%ASA-6-603105","603105","PPTP Tunnel deleted, tunnel_id = number, remote_peer_ip = remote_address","%ASA-6-603105: PPTP Tunnel deleted, tunnel_id = number, remote_peer_ip = remote_address","A PPTP tunnel was deleted.","None required.","6","Informational","5","network","general"
+"%ASA-6-603106","603106","L2TP Tunnel created, tunnel_id is number, remote_peer_ip is remote_address, ppp_virtual_interface_id is number, client_dynamic_ip is IP_address, username is user","%ASA-6-603106: L2TP Tunnel created, tunnel_id is number, remote_peer_ip is remote_address, ppp_virtual_interface_id is number, client_dynamic_ip is IP_address, username is user","An L2TP tunnel was created. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.","None required.","6","Informational","5","network","general"
+"%ASA-6-603107","603107","L2TP Tunnel deleted, tunnel_id = number, remote_peer_ip = remote_address","%ASA-6-603107: L2TP Tunnel deleted, tunnel_id = number, remote_peer_ip = remote_address","An L2TP tunnel was deleted.","None required.","6","Informational","5","network","general"
+"%ASA-6-603108","603108","Built PPPOE Tunnel, tunnel_id = interface_name, remote_peer_ip = number, ppp_virtual_interface_id = IP_address, client_dynamic_ip = number, username = IP_address","%ASA-6-603108: Built PPPOE Tunnel, tunnel_id = interface_name, remote_peer_ip = number, ppp_virtual_interface_id = IP_address, client_dynamic_ip = number, username = IP_address","A new PPPoE tunnel was created.","None required.","6","Informational","5","network","general"
+"%ASA-6-603109","603109","Teardown PPPOE Tunnel, tunnel_id = interface_name, remote_peer_ip = number","%ASA-6-603109: Teardown PPPOE Tunnel, tunnel_id = interface_name, remote_peer_ip = number","A new PPPoE tunnel was deleted.","None required.","6","Informational","5","network","general"
+"%ASA-4-603110","603110","Failed to establish L2TP session, tunnel_id = tunnel_id, remote_peer_ip = peer_ip, user = username. Multiple sessions per tunnel are not supported","%ASA-4-603110: Failed to establish L2TP session, tunnel_id = tunnel_id, remote_peer_ip = peer_ip, user = username. Multiple sessions per tunnel are not supported","An attempt to establish a second session was detected and denied. Cisco does not support multiple L2TP sessions per tunnel. • tunnel_id —The L2TP tunnel ID • peer_ip —The peer IP address • username —The name of the authenticated user","None required.","4","Warning","75","network","general"
+"%ASA-6-604101","604101","DHCP client interface interface_name: Allocated ip = IP_address, mask = netmask, gw = gateway_address","%ASA-6-604101: DHCP client interface interface_name: Allocated ip = IP_address, mask = netmask, gw = gateway_address","The Secure Firewall ASA DHCP client successfully obtained an IP address from a DHCP server. The dhcpc command statement allows the Secure Firewall ASA to obtain an IP address and network mask for a network interface from a DHCP server, as well as a default route. The default route statement uses the gateway address as the address of the default router.","None required.","6","Informational","5","network","general"
+"%ASA-6-604102","604102","DHCP client interface interface_name: address released","%ASA-6-604102: DHCP client interface interface_name: address released","The Secure Firewall ASA DHCP client released an allocated IP address back to the DHCP server.","None required.","6","Informational","5","network","general"
+"%ASA-6-604103","604103","DHCP daemon interface interface_name: address granted MAC_address (IP_address)","%ASA-6-604103: DHCP daemon interface interface_name: address granted MAC_address (IP_address)","The Secure Firewall ASA DHCP server granted an IP address to an external client.","None required.","6","Informational","5","network","general"
+"%ASA-6-604104","604104","DHCP daemon interface interface_name: address released build_number (IP_address)","%ASA-6-604104: DHCP daemon interface interface_name: address released build_number (IP_address)","An external client released an IP address back to the Secure Firewall ASA DHCP server.","None required.","6","Informational","5","network","general"
+"%ASA-4-604105","604105","Unable to send DHCP reply to client hardware_address on interface interface_name. Reply exceeds options field size (options_field_size) by number_of_octets octets.","%ASA-4-604105: Unable to send DHCP reply to client hardware_address on interface interface_name. Reply exceeds options field size (options_field_size) by number_of_octets octets.","An administrator can configure the DHCP options to return to the DHCP client. Depending on the options that the DHCP client requests, the DHCP options for the offer could exceed the message length limits. A DHCP offer cannot be sent, because it will not fit within the message limits. • hardware_address —The hardware address of the requesting client. • interface_name— The interface to which server messages are being sent and received • options_field_size —The maximum options field length. The default is 312 octets, which includes 4 octets to terminate. • number_of_octets —The number of exceeded octets.","Reduce the size or number of configured DHCP options.","4","Warning","55","network","general"
+"%ASA-6-604201","604201","DHCPv6 PD client on interface pd-client-iface received delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","%ASA-6-604201: DHCPv6 PD client on interface pd-client-iface received delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","This syslog is displayed whenever DHCPv6 PD client is received with delegated prefix from PD server as part of initial 4-way exchange. In the case of multiple prefixes, the syslog is displayed for each prefix. • pd-client-iface—The interface name on which the DHCPv6 PD client is enabled. • prefix—Prefix received from DHCPv6 PD server. • server-address—DHCPv6 PD server address. • in-seconds—Associated preferred and valid lifetime in seconds for delegated prefixes.","None.","6","Informational","15","network","general"
+"%ASA-6-604202","604202","DHCPv6 PD client on interface pd-client-iface releasing delegated prefix prefix/prefix received from DHCPv6 PD server server-address","%ASA-6-604202: DHCPv6 PD client on interface pd-client-iface releasing delegated prefix prefix/prefix received from DHCPv6 PD server server-address","This syslog is displayed whenever DHCPv6 PD Client is releasing delegated prefix(s) received from PD Server upon no configuration. In the case of multiple prefixes, the syslog is displayed for each prefix. • pd-client-iface—The interface name on which the DHCPv6 PD client is enabled. • prefix—Prefix received from DHCPv6 PD server. • server-address—DHCPv6 PD server address.","None.","6","Informational","15","network","general"
+"%ASA-6-604203","604203","DHCPv6 PD client on interface pd-client-iface renewed delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","%ASA-6-604203: DHCPv6 PD client on interface pd-client-iface renewed delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","This syslog is displayed whenever DHCPv6 PD Client initiate renewal of previously allocated delegated prefix from PD Server and upon successful. In the case of multiple prefixes, the syslog is displayed for each prefix. • pd-client-iface—The interface name on which the DHCPv6 PD client is enabled. • prefix—Prefix received from DHCPv6 PD server. • server-address—DHCPv6 PD server address. • in-seconds—Associated preferred and valid lifetime in seconds for delegated prefixes.","None.","6","Informational","15","network","general"
+"%ASA-6-604204","604204","DHCPv6 delegated prefix delegated_prefix/prefix got expired on interface pd-client-iface, received from DHCPv6 PD server server-address","%ASA-6-604204: DHCPv6 delegated prefix delegated_prefix/prefix got expired on interface pd-client-iface, received from DHCPv6 PD server server-address","This syslog is displayed whenever DHCPv6 PD Client received delegated prefix is getting expired. • pd-client-iface—The interface name on which the DHCPv6 PD client is enabled. • prefix—Prefix received from DHCPv6 PD server. • delegated prefix—The delegated prefix received from DHCPv6 PD server.","None.","6","Informational","15","network","general"
+"%ASA-6-604205","604205","DHCPv6 client on interface client-iface allocated address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","%ASA-6-604205: DHCPv6 client on interface client-iface allocated address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","This syslog is displayed whenever DHCPv6 Client address is received from DHCPv6 Server as part of initial 4-way exchange and is valid. In the case of multiple addresses, the syslog is displayed for each received address. • client-iface—The interface name on which the DHCPv6 client address is enabled. • ipv6-address—IPv6 Address received from DHCPv6 server. • server-address—DHCPv6 server address. • in-seconds—Associated preferred and valid lifetime in seconds for client address.","None.","6","Informational","15","network","general"
+"%ASA-6-604206","604206","DHCPv6 client on interface client-iface releasing address ipv6-address received from DHCPv6 server server-address","%ASA-6-604206: DHCPv6 client on interface client-iface releasing address ipv6-address received from DHCPv6 server server-address","DHCPv6 Client is releasing received client address whenever no configuration of DHCPv6 client address is performed. In the case of multiple addresses release, the syslog is displayed for each address. • client-iface—The interface name on which the DHCPv6 client address is enabled. • ipv6-address—IPv6 address received from DHCPv6 server. • server-address—DHCPv6 server address.","None.","6","Informational","15","network","general"
+"%ASA-6-604207","604207","DHCPv6 client on interface client-iface renewed address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","%ASA-6-604207: DHCPv6 client on interface client-iface renewed address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds","This syslog is displayed whenever DHCPv6 client initiates renewal of previously allocated address from DHCPv6 server. In the case of multiple addresses, the syslog is displayed for each renewed address. • client-iface—The interface name on which the DHCPv6 client address is enabled. • ipv6-address—IPv6 Address received from DHCPv6 server. • server-address—DHCPv6 server address. • in-seconds—Associated preferred and valid lifetime in seconds for client address.","None.","6","Informational","15","network","general"
+"%ASA-6-604208","604208","DHCPv6 client address ipv6-address got expired on interface client-iface, received from DHCPv6 server server-address","%ASA-6-604208: DHCPv6 client address ipv6-address got expired on interface client-iface, received from DHCPv6 server server-address","This syslog is displayed whenever DHCPv6 client received address is getting expired. • client-iface—The interface name on which the DHCPv6 client address is enabled. • ipv6-address—IPv6 Address received from DHCPv6 server. • server-address—DHCPv6 server address.","None.","6","Informational","15","network","general"
+"%ASA-6-605004","605004","Login denied from serial to console for user \'username\'","%ASA-6-605004: Login denied from serial to console for user \'username\'","The following form of the message appears when the user attempts to log in to the console: Login denied from serial to console for user “username” An incorrect login attempt or a failed login to the Secure Firewall ASA occurred. For all logins, three attempts are allowed per session, and the session is terminated after three incorrect attempts. For SSH and Telnet logins, this message is generated after the third failed attempt or if the TCP session is terminated after one or more failed attempts. For other types of management sessions, this message is generated after every failed attempt.","If this message appears infrequently, no action is required. If this message appears frequently, it may indicate an attack. Communicate with the user to verify the username and password.","6","Informational","55","network","general"
+"%ASA-6-605005","605005","Login permitted from serial to console for user 'username'","%ASA-6-605005: Login permitted from serial to console for user 'username'","A user was authenticated successfully, and a management session started. • source_ip_address— Source address of the login attempt • source_port— Source port of the login attempt • interface— Destination management interface • destination_ip_address— Destination IP address • service— Destination service • username— Destination management interface","None required.","6","Informational","5","network","general"
+"%ASA-6-606001","606001","ASDM session number number from IP_address started","%ASA-6-606001: ASDM session number number from IP_address started","An administrator has been authenticated successfully, and an ASDM session started.","None required.","6","Informational","5","network","general"
+"%ASA-6-606002","606002","ASDM session number number from IP_address ended","%ASA-6-606002: ASDM session number number from IP_address ended","An ASDM session ended.","None required.","6","Informational","5","network","general"
+"%ASA-6-606003","606003","ASDM logging session number id from IP_address started","%ASA-6-606003: ASDM logging session number id from IP_address started","An ASDM logging connection was started by a remote management client. • IP_address—IP address of the remote management client","None required.","6","Informational","5","network","general"
+"%ASA-6-606004","606004","ASDM logging session number id from IP_address ended","%ASA-6-606004: ASDM logging session number id from IP_address ended","An ASDM logging connection was terminated. • id—Session ID assigned • IP_address—IP address of remote management client","None required.","6","Informational","5","network","general"
+"%ASA-6-607001","607001","Pre-allocate SIP connection_type secondary channel for interface_name:ip_address/port to interface_name:ip_address from message_string message","%ASA-6-607001: Pre-allocate SIP connection_type secondary channel for interface_name:ip_address/port to interface_name:ip_address from message_string message","The fixup sip command preallocated a SIP connection after inspecting a SIP message . The connection_type is one of the following strings: • SIGNALLING UDP • SIGNALLING TCP • SUBSCRIBE UDP • SUBSCRIBE TCP • Via UDP • Route • RTP • RTCP","None required.","6","Informational","5","network","general"
+"%ASA-4-607002","607002","action_class SIP action req_resp from req_resp_info:src_ifc/sip to sport:dest_ifc/dip; dport","%ASA-4-607002: action_class SIP action req_resp from req_resp_info:src_ifc/sip to sport:dest_ifc/dip; dport","A SIP classification was performed on a SIP message, and the specified criteria were satisfied. As a result, the configured action occurs. • action_class —The class of the action: SIP Classification for SIP match commands or SIP Parameter for parameter commands","None required.","4","Warning","5","network","general"
+"%ASA-6-607003","607003","action_class SIP req_resp req_resp_info from src_ifc:sip/sport to dest_ifc:dip/dport; further_info","%ASA-6-607003: action_class SIP req_resp req_resp_info from src_ifc:sip/sport to dest_ifc:dip/dport; further_info","A SIP classification was performed on a SIP message, and the specified criteria were satisfied. As a result, the standalone log action occurs. • action_class —SIP classification for SIP match commands or SIP parameter for parameter commands • req_resp —Request or Response • req_resp_info —The SIP method name if the type is Request: INVITE or CANCEL. The SIP response code if the type is Response: 100, 183, 200. • src_ifc —The source interface name • sip —The source IP address • sport —The source port • dest_ifc —The destination interface name • dip —The destination IP address. • dport —The destination port. • further_info —More information appears for SIP match and SIP parameter commands, as follows: For SIP match commands:","None required.","6","Informational","5","network","general"
+"%ASA-4-607004","607004","Phone Proxy: Dropping SIP message from src_if:src_ip/src_port to dest_if:dest_ip/dest_port with source MAC mac_address due to secure phone database mismatch","%ASA-4-607004: Phone Proxy: Dropping SIP message from src_if:src_ip/src_port to dest_if:dest_ip/dest_port with source MAC mac_address due to secure phone database mismatch","The MAC address in the SIP message is compared with the secure database entries in addition to the IP address and interface. If they do not match, then the particular message is dropped.","None required.","4","Warning","65","network","general"
+"%ASA-6-608001","608001","Pre-allocate Skinny connection_type secondary channel for interface_name:IP_address to interface_name:IP_address from string message","%ASA-6-608001: Pre-allocate Skinny connection_type secondary channel for interface_name:IP_address to interface_name:IP_address from string message","The inspect skinny command preallocated a Skinny connection after inspecting a Skinny message . The connection_type is one of the following strings: • SIGNALLING UDP • SIGNALLING TCP • SUBSCRIBE UDP • SUBSCRIBE TCP • Via UDP • Route • RTP • RTCP","None required.","6","Informational","5","network","general"
+"%ASA-4-608002","608002","Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too small","%ASA-4-608002: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too small","A Skinny (SSCP) message was received with an SCCP prefix length less than the minimum length configured.","If the SCCP message is valid, then customize the Skinny policy map to increase the minimum length value of the SSCP prefix.","4","Warning","65","network","general"
+"%ASA-4-608003","608003","Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too large","%ASA-4-608003: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too large","A Skinny (SSCP) message was received with an SCCP prefix length greater than the maximum length configured. • in_ifc —The input interface • src_ip —The source IP address of the packet • src_port —The source port of the packet • out_ifc —The output interface • dest_ip —The destination IP address of the packet • dest_port —The destination port of the packet • value —The SCCP prefix length of the packet","If the SCCP message is valid, then customize the Skinny policy map to increase the maximum length value of the SCCP prefix.","4","Warning","65","network","general"
+"%ASA-4-608004","608004","Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, message id value not allowed","%ASA-4-608004: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, message id value not allowed","This SCCP message ID is not allowed. • in_ifc —The input interface • src_ip —The source IP address of the packet • src_port —The source port of the packet • out_ifc —The output interface • dest_ip —The destination IP address of the packet • dest_port —The destination port of the packet • value —The SCCP prefix length of the packet","If the SCCP messages should be allowed, then customize the Skinny policy map to allow them.","4","Warning","65","network","general"
+"%ASA-4-608005","608005","Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, message id value registration not complete","%ASA-4-608005: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, message id value registration not complete","This SCCP message ID is not allowed, because the endpoint did not complete registration. • in_ifc —The input interface • src_ip —The source IP address of the packet • src_port —The source port of the packet • out_ifc —The output interface • dest_ip —The destination IP address of the packet • dest_port —The destination port of the packet • value —The SCCP prefix length of the packet","If the SCCP messages that are being dropped are valid, then customize the Skinny policy map to disable registration enforcement.","4","Warning","65","network","general"
+"%ASA-7-609001","609001","Built local_host zone_name:ip_address","%ASA-7-609001: Built local_host zone_name:ip_address","A network state container was reserved for host ip_address connected to zone zone_name. The zone_name/* parameter is used if the interface on which the host is created is part of a zone. The asterisk symbolizes all interfaces because hosts do not belong to any one interface.","None required.","7","Debugging","5","network","general"
+"%ASA-7-609002","609002","Teardown local-host zone_name:ip_address duration time","%ASA-7-609002: Teardown local-host zone_name:ip_address duration time","A network state container for host ip_address connected to zone zone_name was removed. The zone_name/* parameter is used if the interface on which the host is created is part of a zone. The asterisk symbolizes all interfaces because hosts do not belong to any one interface.","None required. Messages 610001 to 622102 This section includes messages from 610001 to 622102.","7","Debugging","5","network","general"
+"%ASA-3-610001","610001","NTP daemon interface interface_name: Packet denied from IP_address","%ASA-3-610001: NTP daemon interface interface_name: Packet denied from IP_address","An NTP packet was received from a host that does not match one of the configured NTP servers. The ASA is only an NTP client; it is not a time server and does not respond to NTP requests.","None required.","3","Error","85","network","general"
+"%ASA-3-610002","610002","NTP daemon interface interface_name: Authentication failed for packet from IP_address","%ASA-3-610002: NTP daemon interface interface_name: Authentication failed for packet from IP_address","The received NTP packet failed the authentication check.","Make sure that both the ASA and the NTP server are set to use authentication, and the same key number and value.","3","Error","95","network","general"
+"%ASA-6-610101","610101","Authorization failed: Cmd: command Cmdtype: command_modifier","%ASA-6-610101: Authorization failed: Cmd: command Cmdtype: command_modifier","Command authorization failed for the specified command. The command_modifier is one of the following strings: • cmd (this string means the command has no modifier) • • clear • no • show If the ASA encounters any other value other than the four command types listed, the message “ unknown command type ” appears.","None required.","6","Informational","5","network","general"
+"%ASA-6-611101","611101","User authentication succeeded: IP address: IP_address, Uname: user","%ASA-6-611101: User authentication succeeded: IP address: IP_address, Uname: user","User authentication succeeded when accessing the Secure Firewall ASA. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured. • IP address —The IP address of the client that succeeded user authentication • user —The user that authenticated","None required.","6","Informational","5","network","general"
+"%ASA-6-611102","611102","User authentication failed: IP address: IP_address,, Uname: user","%ASA-6-611102: User authentication failed: IP address: IP_address,, Uname: user","User authentication failed when attempting to access the Secure Firewall ASA. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured. • IP address —The IP address of the client that failed user authentication • user —The user that authenticated","None required.","6","Informational","45","network","general"
+"%ASA-5-611103","611103","User logged out: Uname: user","%ASA-5-611103: User logged out: Uname: user","The specified user logged out.","None required.","5","Notification","5","network","general"
+"%ASA-5-611104","611104","Serial console idle timeout exceeded","%ASA-5-611104: Serial console idle timeout exceeded","The configured idle timeout for the Secure Firewall ASA serial console was exceeded because of no user activity.","None required.","5","Notification","5","network","general"
+"%ASA-6-611301","611301","VPNClient: NAT configured for Client Mode with no split tunneling: NAT addr: mapped_address","%ASA-6-611301: VPNClient: NAT configured for Client Mode with no split tunneling: NAT addr: mapped_address","The VPN client policy for client mode with no split tunneling was installed.","None required.","6","Informational","5","network","general"
+"%ASA-6-611302","611302","VPNClient: NAT exemption configured for Network Extension Mode with no split tunneling","%ASA-6-611302: VPNClient: NAT exemption configured for Network Extension Mode with no split tunneling","The VPN client policy for network extension mode with no split tunneling was installed.","None required.","6","Informational","5","network","general"
+"%ASA-6-611303","611303","VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: mapped_address Split Tunnel Networks: IP_address","%ASA-6-611303: VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: mapped_address Split Tunnel Networks: IP_address","The VPN client policy for client mode with split tunneling was installed.","None required.","6","Informational","5","network","general"
+"%ASA-6-611304","611304","VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks: IP_address","%ASA-6-611304: VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks: IP_address","The VPN client policy for network extension mode with split tunneling was installed.","None required.","6","Informational","5","network","general"
+"%ASA-6-611305","611305","VPNClient: DHCP Policy installed: IP_address","%ASA-6-611305: VPNClient: DHCP Policy installed: IP_address","The VPN client policy for DHCP was installed.","None required.","6","Informational","5","network","general"
+"%ASA-6-611306","611306","VPNClient: Perfect Forward Secrecy Policy installed","%ASA-6-611306: VPNClient: Perfect Forward Secrecy Policy installed","Perfect forward secrecy was configured as part of the VPN client download policy.","None required.","6","Informational","5","network","general"
+"%ASA-6-611307","611307","VPNClient: Head end : IP_address","%ASA-6-611307: VPNClient: Head end : IP_address","The VPN client is connected to the specified headend.","None required.","6","Informational","5","network","general"
+"%ASA-6-611308","611308","VPNClient: Split DNS Policy installed: List of domains: string_string","%ASA-6-611308: VPNClient: Split DNS Policy installed: List of domains: string_string","A split DNS policy was installed as part of the VPN client downloaded policy.","None required.","6","Informational","5","network","general"
+"%ASA-6-611309","611309","VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End : IP_address","%ASA-6-611309: VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End : IP_address","A VPN client is disconnecting and uninstalling a previously installed policy.","None required.","6","Informational","5","network","general"
+"%ASA-6-611310","611310","VPNClient: XAUTH Succeeded: Peer: IP_address","%ASA-6-611310: VPNClient: XAUTH Succeeded: Peer: IP_address","The VPN client Xauth succeeded with the specified headend.","None required.","6","Informational","5","network","general"
+"%ASA-6-611311","611311","VPNClient: XAUTH Failed: Peer: IP_address","%ASA-6-611311: VPNClient: XAUTH Failed: Peer: IP_address","The VPN client Xauth failed with the specified headend.","None required.","6","Informational","45","network","general"
+"%ASA-6-611312","611312","VPNClient: Backup Server List: reason","%ASA-6-611312: VPNClient: Backup Server List: reason","When the Secure Firewall ASA is an Easy VPN remote device, the Easy VPN server downloaded a list of backup servers to the Secure Firewall ASA. This list overrides any backup servers that you have configured locally. If the downloaded list is empty, then the Secure Firewall ASA uses no backup servers. The reason is one of the following messages: • A list of backup server IP addresses • Received NULL list. Deleting current backup servers","None required.","6","Informational","5","network","general"
+"%ASA-3-611313","611313","VPNClient: Backup Server List Error: reason","%ASA-3-611313: VPNClient: Backup Server List Error: reason","When the Secure Firewall ASA is an Easy VPN remote device, and the Easy VPN server downloads a backup server list to the Secure Firewall ASA, the list includes an invalid IP address or a hostname. The Secure Firewall ASA does not support DNS, and therefore does not support hostnames for servers, unless you manually map a name to an IP address using the name command.","On the Easy VPN server, make sure that the server IP addresses are correct, and configure the servers as IP addresses instead of hostnames. If you must use hostnames on the server, use the name command on the Easy VPN remote device to map the IP addresses to names.","3","Error","75","network","general"
+"%ASA-6-611314","611314","VPNClient: Load Balancing Cluster with Virtual IP: IP_address has redirected firewall to server IP_address","%ASA-6-611314: VPNClient: Load Balancing Cluster with Virtual IP: IP_address has redirected firewall to server IP_address","When the Secure Firewall ASA is an Easy VPN remote device, the director server of the load balancing group redirected the Secure Firewall ASA to connect to a particular server.","None required.","6","Informational","5","network","general"
+"%ASA-6-611315","611315","VPNClient: Disconnecting from Load Balancing Cluster member IP_address.","%ASA-6-611315: VPNClient: Disconnecting from Load Balancing Cluster member IP_address.","When the Secure Firewall ASA is an Easy VPN remote device, it disconnected from a load balancing cluster server.","None required.","6","Informational","5","network","general"
+"%ASA-6-611316","611316","VPNClient: Secure Unit Authentication Enabled","%ASA-6-611316: VPNClient: Secure Unit Authentication Enabled","When the Secure Firewall ASA is an Easy VPN remote device, the downloaded VPN policy enabled SUA.","None required.","6","Informational","5","network","general"
+"%ASA-6-611317","611317","VPNClient: Secure Unit Authentication Disabled","%ASA-6-611317: VPNClient: Secure Unit Authentication Disabled","When the Secure Firewall ASA is an Easy VPN remote device, the downloaded VPN policy disabled SUA.","None required.","6","Informational","5","network","general"
+"%ASA-6-611318","611318","VPNClient: User Authentication Enabled: Auth Server IP: IP_address Auth Server Port: port Idle Timeout: time","%ASA-6-611318: VPNClient: User Authentication Enabled: Auth Server IP: IP_address Auth Server Port: port Idle Timeout: time","When the Secure Firewall ASA is an Easy VPN remote device, the downloaded VPN policy enabled IUA for users on the Secure Firewall ASA inside network. • IP_address—The server IP address to which the Secure Firewall ASA sends authentication requests. • port—The server port to which the Secure Firewall ASA sends authentication requests • time—The idle timeout value for authentication credentials","None required.","6","Informational","5","network","general"
+"%ASA-6-611319","611319","VPNClient: User Authentication Disabled","%ASA-6-611319: VPNClient: User Authentication Disabled","When the Secure Firewall ASA is an Easy VPN remote device, the downloaded VPN policy disabled IUA for users on the Secure Firewall ASA inside network.","None required.","6","Informational","5","network","general"
+"%ASA-6-611320","611320","VPNClient: Device Pass Through Enabled","%ASA-6-611320: VPNClient: Device Pass Through Enabled","When the Secure Firewall ASA is an Easy VPN remote device, the downloaded VPN policy enabled device pass-through. The device pass-through feature allows devices that cannot perform authentication (such as an IP phone) to be exempt from authentication when IUA is enabled. If the Easy VPN server enabled this feature, you can specify the devices that should be exempt from authentication (IUA) using the vpnclient mac-exempt command on the Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-6-611321","611321","VPNClient: Device Pass Through Disabled","%ASA-6-611321: VPNClient: Device Pass Through Disabled","When the Secure Firewall ASA is an Easy VPN remote device, the downloaded VPN policy disabled device pass-through.","None required.","6","Informational","5","network","general"
+"%ASA-6-611322","611322","VPNClient: Extended XAUTH conversation initiated when SUA disabled","%ASA-6-611322: VPNClient: Extended XAUTH conversation initiated when SUA disabled","When the Secure Firewall ASA is an Easy VPN remote device and the downloaded VPN policy disabled SUA, the Easy VPN server uses two-factor/SecurID/cryptocard-based authentication mechansims to authenticate the Secure Firewall ASA using XAUTH.","If you want the Easy VPN remote device to be authenticated using two-factor/SecureID/cryptocard-based authentication mechanisms, enable SUA on the server.","6","Informational","15","network","general"
+"%ASA-6-611323","611323","VPNClient: Ignoring duplicate split network entry network_address/network_mask","%ASA-6-611323: VPNClient: Ignoring duplicate split network entry network_address/network_mask","When the Secure Firewall ASA is an Easy VPN remote device, the downloaded VPN policy included duplicate split network entries. An entry is considered a duplicate if it matches both the network address and the network mask.","Remove duplicate split network entries from the VPN policy on the Easy VPN server.","6","Informational","15","network","general"
+"%ASA-5-612001","612001","Auto Update succeeded: filename, version: number","%ASA-5-612001: Auto Update succeeded: filename, version: number","An update from an Auto Update server was successful. The filename variable is image, ASDM file, or configuration. The version number variable is the version number of the update.","None required.","5","Notification","5","network","general"
+"%ASA-4-612002","612002","Auto Update failed: filename, version: number, reason: reason","%ASA-4-612002: Auto Update failed: filename, version: number, reason: reason","An update from an Auto Update server failed. • filename—Either an image file, an ASDM file, or a configuration file. • number—The version number of the update. • reason—The failure reason, which may be one of the following: - Failover module failed to open stream buffer - Failover module failed to write data to stream buffer","Check the configuration of the Auto Update server. Check to see if the standby unit is in the failed state. If the Auto Update server is configured correctly, and the standby unit is not in the failed state, contact the Cisco TAC.","4","Warning","55","network","general"
+"%ASA-4-612003","612003","Auto Update failed to contact: url, reason: reason","%ASA-4-612003: Auto Update failed to contact: url, reason: reason","The Auto Update daemon was unable to contact the specified URL url, which can be the URL of the Auto Update server or one of the file server URLs returned by the Auto Update server. The reason field describes why the contact failed. Possible reasons for the failure include no response from the server, authentication failed, or a file was not found.","Check the configuration of the Auto Update server.","4","Warning","75","network","general"
+"%ASA-6-613001","613001","Bad checksum string from IP_address on number","%ASA-6-613001: Bad checksum string from IP_address on number","OSPF has detected a checksum error in the database because of memory corruption.","Restart the OSPF process.","6","Informational","35","network","general"
+"%ASA-6-613002","613002","Interface interface_name has zero bandwidth configuration","%ASA-6-613002: Interface interface_name has zero bandwidth configuration","The interface reported its bandwidth as zero.","Copy the message exactly as it appears, and report it to the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-6-613003","613003","Network range IP_address netmask changed from area string to string","%ASA-6-613003: Network range IP_address netmask changed from area string to string","An OSPF configuration change has caused a network range to change areas.","Reconfigure OSPF with the correct network range.","6","Informational","25","network","general"
+"%ASA-3-613004","613004","Internal error: memory allocation failure","%ASA-3-613004: Internal error: memory allocation failure","An internal software error occurred.","Copy the error message exactly as it appears, and report it to Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-613005","613005","Flagged as being an ABR without a backbone area","%ASA-3-613005: Flagged as being an ABR without a backbone area","The router was flagged as an Area Border Router (ABR) without a backbone area in the router.","Restart the OSPF process.","3","Error","65","network","general"
+"%ASA-3-613006","613006","Reached unknown state in neighbor state machine","%ASA-3-613006: Reached unknown state in neighbor state machine","An internal software error in this router has resulted in an invalid neighbor state during database exchange.","Copy the error message, the configuration and any details about the events leading up to this error and submit them to Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-613007","613007","area string lsid IP_address mask netmask type number","%ASA-3-613007: area string lsid IP_address mask netmask type number","OSPF is trying to add an existing LSA to the database.","Copy the error message, the configuration and any details about the events leading up to this error and submit them to Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-613008","613008","if inside if_state number","%ASA-3-613008: if inside if_state number","An internal error occurred.","Copy the error message, the configuration and any details about the events leading up to this error and submit them to Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-613011","613011","OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id","%ASA-3-613011: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id","An OSPF process is being reset, and it is going to select a new router ID. This action brings down all virtual links. To make them work again, the virtual link configuration needs to be changed on all virtual link neighbors.","Change the virtual link configuration on all the virtual link neighbors to reflect the new router ID.","3","Error","75","network","general"
+"%ASA-3-613013","613013","OSPF LSID IP_address adv IP_address type number gateway IP_address metric number forwarding addr route IP_address/mask type number has no corresponding LSA","%ASA-3-613013: OSPF LSID IP_address adv IP_address type number gateway IP_address metric number forwarding addr route IP_address/mask type number has no corresponding LSA","OSPF found inconsistency between its database and the IP routing table.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","3","Error","65","network","general"
+"%ASA-6-613014","613014","Base topology enabled on interface string attached to MTR compatible mode area string","%ASA-6-613014: Base topology enabled on interface string attached to MTR compatible mode area string","OSPF interfaces attached to MTR-compatible OSPF areas require the base topology to be enabled.","None.","6","Informational","15","network","general"
+"%ASA-4-613015","613015","Process 1 flushes LSA ID IP_address type-number adv-rtr IP_address in area mask","%ASA-4-613015: Process 1 flushes LSA ID IP_address type-number adv-rtr IP_address in area mask","A router is extensively re-originating or flushing the LSA reported by this error message.","If this router is flushing the network LSA, it means the router received a network LSA whose LSA ID conflicts with the IP address of one of the router's interfaces and flushed the LSA out of the network. For OSPF to function correctly, the IP addresses of transit networks must be unique. Conflicting routers are the router reporting this error message and the router with the OSPF router ID reported as adv-rtr in this message. If this router is re-originating an LSA, it is highly probable that some other router is flushing this LSA out of the network. Find that router and avoid the conflict. The conflict for a Type-2 LSA may be due to a duplicate LSA ID. For a Type-5 LSA, it may be a duplicate router ID on the router reporting this error message and on the routers connected to a different area. In an unstable network, this message may also warn of extensive re-origination of the LSA for some other reason. Contact Cisco TAC to investigate this type of case.","4","Warning","55","network","general"
+"%ASA-3-613016","613016","Area string router-LSA of length number bytes plus update overhead bytes is too large to flood.","%ASA-3-613016: Area string router-LSA of length number bytes plus update overhead bytes is too large to flood.","The router tried to build a router-LSA that is larger than the huge system buffer size or the OSPF protocol imposed maximum.","If the reported total length (LSA size plus overhead) is larger than the huge system buffer size but less than 65535 bytes (the OSPF protocol imposed maximum), you may increase the huge system buffer size. If the reported total length is greater than 65535, you need to decrease the number of OSPF interfaces in the reported area.","3","Error","65","network","general"
+"%ASA-4-613017","613017","Bad LSA mask: Type number, LSID IP_address Mask mask from IP_address","%ASA-4-613017: Bad LSA mask: Type number, LSID IP_address Mask mask from IP_address","The router received an LSA with an invalid LSA mask because of an incorrect configuration from the LSA originator. As a result, this route is not installed in the routing table.","Find the originating router of the LSA with the bad mask, then correct any misconfiguration of this LSA's network. For further debugging, call Cisco TAC for assistance.","4","Warning","55","network","general"
+"%ASA-4-613018","613018","Maximum number of non self-generated LSA has been exceeded “OSPF number” - number LSAs","%ASA-4-613018: Maximum number of non self-generated LSA has been exceeded “OSPF number” - number LSAs","The maximum number of non self-generated LSAs has been exceeded.","Check whether or not a router in the network is generating a large number of LSAs as a result of a misconfiguration.","4","Warning","55","network","general"
+"%ASA-4-613019","613019","Threshold for maximum number of non self-generated LSA has been reached ""OSPF number"" - number LSAs","%ASA-4-613019: Threshold for maximum number of non self-generated LSA has been reached ""OSPF number"" - number LSAs","The threshold for the maximum number of non self-generated LSAs has been reached.","Check whether or not a router in the network is generating a large number of LSAs as a result of a misconfiguration.","4","Warning","45","network","general"
+"%ASA-4-613021","613021","Packet not written to the output queue","%ASA-4-613021: Packet not written to the output queue","An internal error occurred.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-613022","613022","Doubly linked list linkage is NULL","%ASA-4-613022: Doubly linked list linkage is NULL","An internal error occurred.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-613023","613023","Doubly linked list prev linkage is NULL number","%ASA-4-613023: Doubly linked list prev linkage is NULL number","An internal error occurred.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-613024","613024","Unrecognized timer number in OSPF string","%ASA-4-613024: Unrecognized timer number in OSPF string","An internal error occurred.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","4","Warning","45","network","general"
+"%ASA-4-613025","613025","Invalid build flag number for LSA IP_address, type number","%ASA-4-613025: Invalid build flag number for LSA IP_address, type number","An internal error occurred.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","4","Warning","55","network","general"
+"%ASA-4-613026","613026","Can not allocate memory for area structure","%ASA-4-613026: Can not allocate memory for area structure","An internal error occurred.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","4","Warning","45","network","general"
+"%ASA-6-613027","613027","OSPF process number removed from interface interface_name","%ASA-6-613027: OSPF process number removed from interface interface_name","The OSPF process was removed from the interface because of an IP VRF.","None.","6","Informational","15","network","general"
+"%ASA-6-613028","613028","Unrecognized virtual interface intetface_name. Treat it as loopback stub route","%ASA-6-613028: Unrecognized virtual interface intetface_name. Treat it as loopback stub route","The virtual interface type was not recognized by OSPF, so it is treated as a loopback interface stub route.","None.","6","Informational","15","network","general"
+"%ASA-3-613029","613029","Router-ID IP_address is in use by ospf process number","%ASA-3-613029: Router-ID IP_address is in use by ospf process number","The Secure Firewall ASA attempted to assign a router ID that is in use by another process.","Configure another router ID for one of the processes.","3","Error","65","network","general"
+"%ASA-4-613030","613030","Router is currently an ASBR while having only one area which is a stub area","%ASA-4-613030: Router is currently an ASBR while having only one area which is a stub area","An ASBR must be attached to an area that can carry AS external or NSSA LSAs.","Make the area to which the router is attached into an NSSA or regular area.","4","Warning","45","network","general"
+"%ASA-4-613031","613031","No IP address for interface inside","%ASA-4-613031: No IP address for interface inside","The interface is not point-to-point and is unnumbered.","Change the interface type or give the interface an IP address.","4","Warning","45","network","general"
+"%ASA-3-613032","613032","Init failed for interface inside, area is being deleted. Try again.","%ASA-3-613032: Init failed for interface inside, area is being deleted. Try again.","The interface initialization failed. The possible reasons include the following: • The area to which the interface is being attached is being deleted. • It was not possible to create a neighbor datablock for the local router.","Remove the configuration command that covers the interface and then try it again.","3","Error","75","network","general"
+"%ASA-3-613033","613033","Interface inside is attached to more than one area","%ASA-3-613033: Interface inside is attached to more than one area","The interface is on the interface list for an area other than the one to which the interface links.","Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-613034","613034","Neighbor IP_address not configured","%ASA-3-613034: Neighbor IP_address not configured","The configured neighbor options are not valid.","Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.","3","Error","65","network","general"
+"%ASA-3-613035","613035","Could not allocate or find neighbor IP_address","%ASA-3-613035: Could not allocate or find neighbor IP_address","An internal error occurred.","Copy the error message exactly as it appears, and report it to Cisco TAC.","3","Error","65","network","general"
+"%ASA-4-613036","613036","Can not use configured neighbor: cost and database-filter options are allowed only for a point-to-multipoint network","%ASA-4-613036: Can not use configured neighbor: cost and database-filter options are allowed only for a point-to-multipoint network","The configured neighbor was found on an NBMA network and either the cost or database-filter option was configured. These options are only allowed on point-to-multipoint type networks.","Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.","4","Warning","45","network","general"
+"%ASA-4-613037","613037","Can not use configured neighbor: poll and priority options are allowed only for a NBMA network","%ASA-4-613037: Can not use configured neighbor: poll and priority options are allowed only for a NBMA network","The configured neighbor was found on a point-to-multipoint network and either the poll or priority option was configured. These options are only allowed on NBMA-type networks.","Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.","4","Warning","45","network","general"
+"%ASA-4-613038","613038","Can not use configured neighbor: cost or database-filter option is required for point-to-multipoint broadcast network","%ASA-4-613038: Can not use configured neighbor: cost or database-filter option is required for point-to-multipoint broadcast network","The configured neighbor was found on a point-to-multipoint broadcast network. Either the cost or database-filter option needs to be configured.","Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.","4","Warning","45","network","general"
+"%ASA-4-613039","613039","Can not use configured neighbor: neighbor command is allowed only on NBMA and point-to-multipoint networks","%ASA-4-613039: Can not use configured neighbor: neighbor command is allowed only on NBMA and point-to-multipoint networks","The configured neighbor was found on a network for which the network type was neither NBMA nor point-to-multipoint.","None.","4","Warning","45","network","general"
+"%ASA-4-613040","613040","OSPF-1 Area string: Router IP_address originating invalid type number LSA, ID IP_address, Metric number on Link ID IP_address Link Type number","%ASA-4-613040: OSPF-1 Area string: Router IP_address originating invalid type number LSA, ID IP_address, Metric number on Link ID IP_address Link Type number","The router indicated in this message has originated an LSA with an invalid metric. If this is a router LSA and the link metric is zero, a risk of routing loops and traffic loss in the network exists.","Configure a valid metric for the given LSA type and link type on the router originating on the reported LSA.","4","Warning","55","network","general"
+"%ASA-6-613041","613041","OSPF-100 Areav string: LSA ID IP_address, Type number, Adv-rtr IP_address, LSA counter DoNotAge","%ASA-6-613041: OSPF-100 Areav string: LSA ID IP_address, Type number, Adv-rtr IP_address, LSA counter DoNotAge","An internal error has corrected itself. There is no operational effect related to this error message.","Check the system memory. If memory is low, then the timer wheel functionality did not initialize. Try to reenter the commands when memory is available. If there is sufficient memory, then contact the Cisco TAC and provide output from the show memory, show processes, and show tech-support ospf commands.","6","Informational","15","network","general"
+"%ASA-4-613042","613042","OSPF process number lacks forwarding address for type 7 LSA IP_address in NSSA string - P-bit cleared","%ASA-4-613042: OSPF process number lacks forwarding address for type 7 LSA IP_address in NSSA string - P-bit cleared","There is no viable forwarding address in the NSSA area. As a result, the P-bit must be cleared and the Type 7 LSA is not translated into a Type 5 LSA by the NSSA translator. See RFC 3101.","Configure at least one interface in the NSSA with an advertised IP address. A loopback is preferable because an advertisement does not depend on the underlying layer 2 state.","4","Warning","45","network","general"
+"%ASA-6-613043","613043","","%ASA-6-613043: ","A negative database reference count occurred.","Check the system memory. If memory is low, then the timer wheel functionality did not initialize. Try to reenter the commands when memory is available. If there is sufficient memory, then contact the Cisco TAC and provide output from the show memory, show processes, and show tech-support ospf commands.","6","Informational","15","network","general"
+"%ASA-6-613104","613104","Unrecognized virtual interface IF_NAME .","%ASA-6-613104: Unrecognized virtual interface IF_NAME .","The virtual interface type was not recognized by OSPFv3, so it is treated as a loopback interface stub route.","None required.","6","Informational","5","network","general"
+"%ASA-6-614001","614001","Split DNS: request patched from server: IP_address to server: IP_address","%ASA-6-614001: Split DNS: request patched from server: IP_address to server: IP_address","Split DNS is redirecting DNS queries from the original destination server to the primary enterprise DNS server.","None required.","6","Informational","5","network","general"
+"%ASA-6-614002","614002","Split DNS: reply from server: IP_address reverse patched back to original server: IP_address","%ASA-6-614002: Split DNS: reply from server: IP_address reverse patched back to original server: IP_address","Split DNS is redirecting DNS queries from the enterprise DNS server to the original destination server.","None required.","6","Informational","5","network","general"
+"%ASA-6-615001","615001","vlan number not available for firewall interface","%ASA-6-615001: vlan number not available for firewall interface","The switch removed the VLAN from the Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-6-615002","615002","vlan number available for firewall interface","%ASA-6-615002: vlan number available for firewall interface","The switch added the VLAN to the Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-6-616001","616001","Pre-allocate MGCP data_channel connection for inside_interface:inside_address to outside_interface:outside_address/port from message_type_message message","%ASA-6-616001: Pre-allocate MGCP data_channel connection for inside_interface:inside_address to outside_interface:outside_address/port from message_type_message message","An MGCP data channel connection, RTP, or RTCP was preallocated. The message text also specifies which message has triggered the connection preallocation.","None required.","6","Informational","5","network","general"
+"%ASA-6-617001","617001","GTPv(version) msg_type from dest_interface:dest_address/dest_port not accepted by source_interface:source_address/source_port, Cause: value cause_info (cause_string)","%ASA-6-617001: GTPv(version) msg_type from dest_interface:dest_address/dest_port not accepted by source_interface:source_address/source_port, Cause: value cause_info (cause_string)","A request was not accepted by the peer, which is usually seen with a Create PDP Context request.","None required.","6","Informational","5","network","general"
+"%ASA-6-617002","617002","Removing v2 {primary | secondary} PDP Context with TID tid from PGW ip_address and SGW ip_address, Cause: value error_code (string), Reason: reason","%ASA-6-617002: Removing v2 {primary | secondary} PDP Context with TID tid from PGW ip_address and SGW ip_address, Cause: value error_code (string), Reason: reason","A PDP context was removed from the database either because it expired, a Delete PDP Context Request/Response was exchanged, or a user removed it using the CLI.","None required.","6","Informational","5","network","general"
+"%ASA-6-617003","617003","GTP Tunnel created from source_interface:source_address/0 to source_port:source_interface/dest_address","%ASA-6-617003: GTP Tunnel created from source_interface:source_address/0 to source_port:source_interface/dest_address","A GTP tunnel was created after receiving a Create PDP Context Response that accepted the request.","None required.","6","Informational","5","network","general"
+"%ASA-6-617004","617004","GTP connection created for response from source_interface:source_address/0 to 0:source_interface/dest_address","%ASA-6-617004: GTP connection created for response from source_interface:source_address/0 to 0:source_interface/dest_address","The SGSN or GGSN signaling address in the Create PDP Context Request or Response, respectively, was different from the SGSN/GGSN sending it.","None required.","6","Informational","5","network","general"
+"%ASA-6-617100","617100","Teardown num_conns connection(s) for user user_ip","%ASA-6-617100: Teardown num_conns connection(s) for user user_ip","The connections for this user were torn down because either a RADIUS accounting stop or RADIUS accounting start was received, which includes attributes that were configured in the policy map for a match. The attributes did not match those stored for the user entry, if the user entry exists. • num_conns—The number of connections torn down • user_ip—The IP address (framed IP attribute) of the user","None required.","6","Informational","5","network","general"
+"%ASA-6-618001","618001","Denied STUN packet msg_type from inside_ifc:source_addr/source_port to outside_ifc:destination_addr/destination_port for connection conn_id, translation id doesn't match previous entry","%ASA-6-618001: Denied STUN packet msg_type from inside_ifc:source_addr/source_port to outside_ifc:destination_addr/destination_port for connection conn_id, translation id doesn't match previous entry","This syslog is modeled after 4313009. This message is rate limited to 25 logs per second. • msg_type—The STUN message type value. • ingress_ifc—The interface on which the packet arrived. • source_addr—The IP address of the host which sent the packet. • source_port—The port number of the host which sent the packet. • egress_ifc—The interface on which the packet will leave. • destination_addr—The IP address of the host which will receive the packet • destination_port—The port number of the host which will receive the packet. • conn_id—The unique connection ID • drop_reason—The reason why the STUN packet was dropped.","None required.","6","Informational","35","network","general"
+"%ASA-6-620001","620001","Pre-allocate CTIQBE {RTP | RTCP} channel for interface_name:outside_address/outside_port to interface_name:inside_address from message_name message","%ASA-6-620001: Pre-allocate CTIQBE {RTP | RTCP} channel for interface_name:outside_address/outside_port to interface_name:inside_address from message_name message","The ASA preallocated a connection object for the specified CTIQBE media traffic. This message is rate limited to one message every 10 seconds.","None required.","6","Informational","5","network","general"
+"%ASA-4-620002","620002","Drop CTIQBE packet from interface_name:ip_address/port to","%ASA-4-620002: Drop CTIQBE packet from interface_name:ip_address/port to","The ASA received a CTIQBE message with an unsupported version number, and dropped the packet. This message is rate limited to one message every 10 seconds.","If the version number captured in the log message is unreasonably large (greater than 10), the packet may be malformed, a non-CTIQBE packet, or corrupted before it arrives at the ASA. We recommend that you determine the source of the packets. If the version number is reasonably small (less than or equal to 10), then contact the Cisco TAC to see if a new ASA image that supports this CTIQBE version is available.","4","Warning","65","network","general"
+"%ASA-6-621001","621001","Interface","%ASA-6-621001: Interface","An attempt was made to enable PIM on an interface that does not support multicast.","If the problem persists, contact the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-6-621002","621002","Interface","%ASA-6-621002: Interface","An attempt was made to enable IGMP on an interface that does not support multicast.","If the problem persists, contact the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-6-621003","621003","The event queue size has exceeded","%ASA-6-621003: The event queue size has exceeded","The number of event managers created has exceeded the expected amount.","If the problem persists, contact the Cisco TAC.","6","Informational","25","network","general"
+"%ASA-6-621006","621006","Mrib disconnected","%ASA-6-621006: Mrib disconnected","A packet triggering a data-driven event was received, but the connection to the MRIB was down. The notification was canceled.","If the problem persists, contact the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-6-621007","621007","Bad register from","%ASA-6-621007: Bad register from","A PIM router configured as a rendezvous point or with NAT has received a PIM register packet from another PIM router. The data encapsulated in this packet is invalid.","The sending router is erroneously sending non-RFC registers. Upgrade the sending router.","6","Informational","35","network","general"
+"%ASA-6-622001","622001","action tracked route destination_network netmask nexthop_address, distance admin_distance, table routing_table_name, on interface interface_name","%ASA-6-622001: action tracked route destination_network netmask nexthop_address, distance admin_distance, table routing_table_name, on interface interface_name","A tracked route has been added to or removed from a routing table, which means that the state of the tracked object has changed from up or down. • string —Adding or Removing • network —The network address • mask —The network mask • address —The gateway address • number —The route administrative distance • string —The routing table name • interface-name —The interface name as specified by the nameif command","None required.","6","Informational","5","network","general"
+"%ASA-6-622101","622101","Starting regex table compilation for match_command, table entries = regex_num entries","%ASA-6-622101: Starting regex table compilation for match_command, table entries = regex_num entries","Information on the background activities of regex compilation appear. • match_command —The match command to which the regex table is associated • regex_num —The number of regex entries to be compiled","None required.","6","Informational","5","network","general"
+"%ASA-6-622102","622102","Completed regex table compilation for match_command, table size = num bytes","%ASA-6-622102: Completed regex table compilation for match_command, table size = num bytes","Information on the background activities of the regex compilation appear. • match_command —The match command to which the regex table is associated • num —The size, in bytes, of the compiled table","None required.","6","Informational","5","network","general"
+"%ASA-7-701001","701001","alloc_user() out of Tcp_user objects","%ASA-7-701001: alloc_user() out of Tcp_user objects","A AAA message that appears if the user authentication rate is too high for the module to handle new AAA requests.","Enable Flood Defender with the floodguard enable command.","7","Debugging","5","network","general"
+"%ASA-7-701002","701002","alloc_proxy() out of Tcp_proxy objects","%ASA-7-701002: alloc_proxy() out of Tcp_proxy objects","A AAA message that appears if the user authentication rate is too high for the module to handle new AAA requests.","Enable Flood Defender with the floodguard enable command.","7","Debugging","5","network","general"
+"%ASA-3-702305","702305","IPSEC: An direction tunnel_type SA (SPI= spi) between and local_IP (user= remote_IP) is rekeying due to sequence number rollover.","%ASA-3-702305: IPSEC: An direction tunnel_type SA (SPI= spi) between and local_IP (user= remote_IP) is rekeying due to sequence number rollover.","More than four billion packets have been received in the IPsec tunnel, and a new tunnel is being negotiated. • direction—SA direction (inbound or outbound) • tunnel_type—SA type (remote access or L2L)","Contact the peer administrator to compare the SA lifetime setting.","3","Error","65","network","general"
+"%ASA-7-702307","702307","IPSEC: An direction tunnel_type SA (SPI= spi) between and local_IP (user= remote_IP) is rekeying due to data rollover.","%ASA-7-702307: IPSEC: An direction tunnel_type SA (SPI= spi) between and local_IP (user= remote_IP) is rekeying due to data rollover.","An SA data life span expired. An IPsec SA is rekeying as a result of the amount of data transmitted with that SA. This information is useful for debugging rekeying issues. • direction—SA direction (inbound or outbound) • tunnel_type—SA type (remote access or L2L) • spi—IPsec Security Parameter Index • local_IP—IP address of the tunnel local endpoint • remote_IP—IP address of the tunnel remote endpoint • >username —Username associated with the IPsec tunnel","None required.","7","Debugging","5","network","general"
+"%ASA-7-703001","703001","H.225 message received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number","%ASA-7-703001: H.225 message received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number","The Secure Firewall ASA received an H.323 packet with an unsupported version number. The Secure Firewall ASA might reencode the protocol version field of the packet to the highest supported version.","Use the version of H.323 that the Secure Firewall ASA supports in the VoIP network.","7","Debugging","5","network","general"
+"%ASA-7-703002","703002","Received H.225 Release Complete with newConnectionNeeded for interface_name:IP_address to interface_name:IP_address/port","%ASA-7-703002: Received H.225 Release Complete with newConnectionNeeded for interface_name:IP_address to interface_name:IP_address/port","The Secure Firewall ASA received the specified H.225 message, and the Secure Firewall ASA opened a new signaling connection object for the two specified H.323 endpoints.","None required.","7","Debugging","5","network","general"
+"%ASA-7-703008","703008","Allowing early-message: msg_str before SETUP from src_int_name:src_ip/src_port to dest_int_name:dest_ip/dest_port","%ASA-7-703008: Allowing early-message: msg_str before SETUP from src_int_name:src_ip/src_port to dest_int_name:dest_ip/dest_port","This message indicates that an outside endpoint requested an incoming call to an inside host and wants the inside host to send FACILITY message before SETUP message towards Gatekeeper and wants to follow H.460.18.","Ensure that the setup indeed intends to allow early FACILITY message before SETUP message for incoming H323 calls as described in H.640.18. 709001,","7","Debugging","5","network","general"
+"%ASA-7-709001","709001","FO replication failed: cmd=command returned=code","%ASA-7-709001: FO replication failed: cmd=command returned=code","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","7","Debugging","15","network","general"
+"%ASA-7-709002","709002","FO unreplicable: cmd=command","%ASA-7-709002: FO unreplicable: cmd=command","Failover messages that only appear during the development debugging and testing phases.","None required.","7","Debugging","5","network","general"
+"%ASA-1-709003","709003","(Primary) Beginning configuration replication: Send to mate.","%ASA-1-709003: (Primary) Beginning configuration replication: Send to mate.","A failover message that appears when the active unit starts replicating its configuration to the standby unit. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-709004","709004","(Primary) End Configuration Replication (ACT)","%ASA-1-709004: (Primary) End Configuration Replication (ACT)","A failover message that appears when the active unit completes replication of its configuration on the standby unit. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-709005","709005","(Primary) Beginning configuration replication: Receiving from mate.","%ASA-1-709005: (Primary) Beginning configuration replication: Receiving from mate.","The standby Secure Firewall ASA received the first part of the configuration replication from the active Secure Firewall ASA. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-1-709006","709006","(Primary) End Configuration Replication (STB)","%ASA-1-709006: (Primary) End Configuration Replication (STB)","A failover message that appears when the standby unit completes replication of a configuration sent by the active unit. Primary can also be listed as Secondary for the secondary unit.","None required.","1","Alert","5","network","general"
+"%ASA-2-709007","709007","Configuration replication failed for command command_name","%ASA-2-709007: Configuration replication failed for command command_name","A failover message that appears when the standby unit is unable to complete replication of a configuration sent by the active unit. The command that caused the failure appears at the end of the message.","If the problem persists, contact the Cisco TAC.","2","Critical","95","network","general"
+"%ASA-4-709008","709008","(Primary | Secondary) Configuration sync in progress. Command: ‘command ’ executed from (terminal/http) will not be replicated to or executed by the standby unit.","%ASA-4-709008: (Primary | Secondary) Configuration sync in progress. Command: ‘command ’ executed from (terminal/http) will not be replicated to or executed by the standby unit.","A command was issued during the configuration sync, which triggered an interactive prompt to indicate that this command would not be issued on the standby unit. To continue, note that the command will be issued on the active unit only and will not be replicated on the standby unit. • Primary | Secondary—The device is either primary or secondary • command —The command issued while the configuration sync is in progress • terminal/http—Issued from the terminal or via HTTP.","None.","4","Warning","45","network","general"
+"%ASA-6-709009","709009","(unit-role) Configuration on Active and Standby is matching. No config sync. Time elapsed time-elapsed ms","%ASA-6-709009: (unit-role) Configuration on Active and Standby is matching. No config sync. Time elapsed time-elapsed ms","This message is generated when the hash computed on both the active and joining unit matches. It also displays the time elapsed, from the time of sending the hash request to the time of getting and comparing the hash response..","None.","6","Informational","15","network","general"
+"%ASA-6-709010","709010","Configuration between units doesn't match. Going for config sync (sync-string). Time elapsed time-elapsed ms","%ASA-6-709010: Configuration between units doesn't match. Going for config sync (sync-string). Time elapsed time-elapsed ms","This syslog message is generated when the hash that is computed on both the active and joining unit does not match. It also displays the time elapsed, from the time of sending the hash request to the time of getting and comparing the hash response.","None.","6","Informational","15","network","general"
+"%ASA-6-709011","709011","Failover configuration replication completed in time ms","%ASA-6-709011: Failover configuration replication completed in time ms","This message displays the time taken to synchronize the config, in the case of hash not matching, and therefore going for a full configuration sync process.","None.","6","Informational","15","network","general"
+"%ASA-6-709012","709012","Skip configuration replication from mate as configuration on Active and Standby is matching","%ASA-6-709012: Skip configuration replication from mate as configuration on Active and Standby is matching","This message is generated when the configuration replication is skipped because, the configuration between active and joining unit matches.","None.","6","Informational","15","network","general"
+"%ASA-4-709013","709013","Failover configuration replication hash comparison timeout expired failover_state.","%ASA-4-709013: Failover configuration replication hash comparison timeout expired failover_state.","This syslog message is generated when the hash computation, transfer, and comparison has timed out. Due to the timeout, the full configuration sync operation is trigerred. The timeout value is 60 secs and you cannot modify this value.","None.","4","Warning","55","network","general"
+"%ASA-7-710001","710001","TCP access requested from source_address/source_port to interface_name:dest_address/service","%ASA-7-710001: TCP access requested from source_address/source_port to interface_name:dest_address/service","The first TCP packet destined to the Secure Firewall ASA requests to establish a TCP session. This packet is the first SYN packet of the three-way handshake. This message appears when the respective (Telnet, HTTP, or SSH) has permitted the packet. However, the SYN cookie verification is not yet completed and no state is reserved.","None required.","7","Debugging","5","network","general"
+"%ASA-7-710002","710002","{TCP|UDP} access permitted from source_address/source_port to interface_name:dest_address/service","%ASA-7-710002: {TCP|UDP} access permitted from source_address/source_port to interface_name:dest_address/service","For a TCP connection, the second TCP packet destined for the Secure Firewall ASA requested to establish a TCP session. This packet is the final ACK of the three-way handshake. The respective (Telnet, HTTP, or SSH) has permitted the packet. Also, the SYN cookie verification was successful and the state is reserved for the TCP session. For a UDP connection, the connection was permitted. For example, the module received an SNMP request from an authorized SNMP management station, and the request has been processed. This message is rate limited to one message every 10 seconds.","None required.","7","Debugging","5","network","general"
+"%ASA-3-710003","710003","UDP access denied by ACL from 95.1.1.14/5000 to outside:95.1.1.13/1005","%ASA-3-710003: UDP access denied by ACL from 95.1.1.14/5000 to outside:95.1.1.13/1005","The Secure Firewall ASA denied an attempt to connect to the interface service. For example, the Secure Firewall ASA received an SNMP request from an unauthorized SNMP management station. If this message appears frequently, it can indicate an attack. For example:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","85","network","general"
+"%ASA-7-710004","710004","TCP connection limit exceeded from Src_ip/Src_port to In_name:Dest_ip/Dest_port (current connections/connection limit = Curr_conn/Conn_lmt)","%ASA-7-710004: TCP connection limit exceeded from Src_ip/Src_port to In_name:Dest_ip/Dest_port (current connections/connection limit = Curr_conn/Conn_lmt)","The maximum number of Secure Firewall ASA management connections for the service was exceeded. The Secure Firewall ASA permits at most five concurrent management connections per management service. Alternatively, an error may have occurred in the to-the-box connection counter. • Src_ip —The source IP address of the packet • Src_por t—The source port of the packet • In_ifc —The input interface • Dest_ip —The destination IP address of the packet • Dest_port —The destination port of the packet • Curr_conn —The number of current to-the-box admin connections • Conn_lmt —The connection limit","From the console, use the kill command to release the unwanted session. If the message was generated because of an error in the to-the-box counter, run the show conn all command to display connection details.","7","Debugging","15","network","general"
+"%ASA-7-710005","710005","{TCP|UDP|SCTP} request discarded from source_address/source_port to interface_name:dest_address/service","%ASA-7-710005: {TCP|UDP|SCTP} request discarded from source_address/source_port to interface_name:dest_address/service","The Secure Firewall ASA does not have a UDP server that services the UDP request. Also, a TCP packet that does not belong to any session on the Secure Firewall ASA may have been discarded. In addition, this message appears (with the SNMP service) when the Secure Firewall ASA receives an SNMP request with an empty payload, even if it is from an authorized host. When the service is SNMP, this message occurs a maximum of once every 10 seconds so that the log receiver is not overwhelmed. This message is also applicable for SCTP packets.","In networks that use broadcasting services such as DHCP, RIP, or NetBIOS extensively, the frequency of this message can be high. If this message appears in excessive numbers, it may indicate an attack.","7","Debugging","25","network","general"
+"%ASA-7-710006","710006","protocol request discarded from source_address to interface_name:dest_address","%ASA-7-710006: protocol request discarded from source_address to interface_name:dest_address","The Secure Firewall ASA does not have an IP server that services the IP protocol request; for example, the Secure Firewall ASA receives IP packets that are not TCP or UDP, and the Secure Firewall ASA cannot service the request.","In networks that use broadcasting services such as DHCP, RIP, or NetBIOS extensively, the frequency of this message can be high. If this message appears in excessive numbers, it may indicate an attack.","7","Debugging","25","network","general"
+"%ASA-7-710007","710007","NAT-T keepalive received from inside:ip-Addr/port to outside:ip-Addr/port","%ASA-7-710007: NAT-T keepalive received from inside:ip-Addr/port to outside:ip-Addr/port","The Secure Firewall ASA received NAT-T keepalive messages.","None required.","7","Debugging","5","network","general"
+"%ASA-7-711001","711001","debug_trace_msg","%ASA-7-711001: debug_trace_msg","You have entered the logging debug-trace command for the logging feature. When the logging debug-trace command is enabled, all debugging messages will be redirected to the message for processing. For security reasons, the message output must be encrypted or sent over a secure out-of-band network.","None required.","7","Debugging","5","network","general"
+"%ASA-4-711002","711002","Task ran for elapsed_time msec, Process = process_name, PC = PC, Traceback = traceback","%ASA-4-711002: Task ran for elapsed_time msec, Process = process_name, PC = PC, Traceback = traceback","A process used the CPU for more than 100 milliseconds. This message is used for debugging CPU purposes, and can appear once every five seconds for each offending process. • PC—Instruction pointer of the CPU hogging process • traceback—Stack trace of the CPU hogging process, which can include up to 12 addresses","None required.","4","Warning","5","network","general"
+"%ASA-7-711003","711003","Unknown/Invalid interface identifier(vpifnum ) detected.","%ASA-7-711003: Unknown/Invalid interface identifier(vpifnum ) detected.","An internal inconsistency that should not occur during normal operation has occurred. However, this message is not harmful if it rarely occurs. If it occurs frequently, it might be worthwhile debugging. • vpifnum —The 32-bit value corresponding to the interface","If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-4-711004","711004","Task ran for msec msec, Process = process_name, PC = pc, Call stack = call_stack","%ASA-4-711004: Task ran for msec msec, Process = process_name, PC = pc, Call stack = call_stack","A process used the CPU for more than 100 milliseconds. This message is used for debugging CPU purposes, and can appear once every five seconds for each offending process. • msec—Length of the detected CPU hog in milliseconds • process_name —Name of the hogging process • pc—Instruction pointer of the CPU hogging process • call stack—Stack trace of the CPU hogging process, which can include up to 12 addresses","None required.","4","Warning","5","network","general"
+"%ASA-5-711005","711005","call_stack","%ASA-5-711005: call_stack","An internal software error that should not occur has occurred. The device can usually recover from this error, and no harmful effect to the device results. • call_stack —The EIPs of the call stack","Contact the Cisco TAC.","5","Notification","25","network","general"
+"%ASA-7-711006","711006","CPU profiling has started for n-samples samples. Reason: reason-string.","%ASA-7-711006: CPU profiling has started for n-samples samples. Reason: reason-string.","CPU profiling has started. • n-samples —The specified number of CPU profiling samples • reason-string —The possible values are: “CPU utilization passed cpu-utilization %” “Process process-name CPU utilization passed cpu-utilization %”","“None specified” Recommended Action Collect CPU profiling results and provide them to Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-3-713004","713004","device scheduled for reboot, IKE key acquire message on interface interface num, for peer IP_address ignored","%ASA-3-713004: device scheduled for reboot, IKE key acquire message on interface interface num, for peer IP_address ignored","The Secure Firewall ASA has received an IKE packet from a remote entity trying to initiate a tunnel. Because the Secure Firewall ASA is scheduled for a reboot or shutdown, it does not allow any more tunnels to be established. The IKE packet is ignored and dropped.","None required.","3","Error","85","vpn","ipsec"
+"%ASA-5-713006","713006","Group = groupname, Username = username, IP = peerIP Failed to obtain state for message Id message_number, Peer Address: IP_address","%ASA-5-713006: Group = groupname, Username = username, IP = peerIP Failed to obtain state for message Id message_number, Peer Address: IP_address","The Secure Firewall ASA does not know about the received message ID. The message ID is used to identify a specific IKE Phase 2 negotiation. An error condition on the Secure Firewall ASA may have occurred, and may indicate that the two IKE peers are out-of-sync.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-3-713008","713008","IP = peerIP Key ID in ID payload too big for pre-shared IKE tunnel","%ASA-3-713008: IP = peerIP Key ID in ID payload too big for pre-shared IKE tunnel","A key ID value was received in the ID payload, which was longer than the maximum allowed size of a group name for this IKE session using preshared keys authentication. This is an invalid value, and the session is rejected. Note that the key ID specified would never work because a group name of that size cannot be created in the Secure Firewall ASA.","Make sure that the client peer (most likely an Altiga remote access client) specifies a valid group name. Notify the user to change the incorrect group name on the client. The current maximum length for a group name is 32 characters.","3","Error","75","vpn","ipsec"
+"%ASA-3-713009","713009","IP = peerIP OU in DN in ID payload too big for Certs IKE tunnel","%ASA-3-713009: IP = peerIP OU in DN in ID payload too big for Certs IKE tunnel","An OU value in the DN was received in the ID payload, which was longer than the maximum allowed size of a group name for this IKE session using Certs authentication. This OU is skipped, and another OU or other criteria may find a matching group.","For the client to be able to use an OU to find a group in the Secure Firewall ASA, the group name must be a valid length. The current maximum length of a group name is 32 characters.","3","Error","65","vpn","ipsec"
+"%ASA-5-713010","713010","Group = groupname, Username = username, IP = peerIP IKE area: failed to find centry for message Id message_number","%ASA-5-713010: Group = groupname, Username = username, IP = peerIP IKE area: failed to find centry for message Id message_number","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713012","713012","Group = groupname, Username = username, IP = peerIP Unknown protocol (protocol ). Not adding SA w/spi= SPI value","%ASA-3-713012: Group = groupname, Username = username, IP = peerIP Unknown protocol (protocol ). Not adding SA w/spi= SPI value","An illegal or unsupported IPsec protocol has been received from the peer.","Check the ISAKMP Phase 2 configuration on the peer(s) to make sure it is compatible with the Secure Firewall ASA.","3","Error","65","vpn","ipsec"
+"%ASA-3-713014","713014","Group = groupname, Username = username, IP = peerIP Unknown Domain of Interpretation (DOI): DOI value","%ASA-3-713014: Group = groupname, Username = username, IP = peerIP Unknown Domain of Interpretation (DOI): DOI value","The ISAKMP DOI received from the peer is unsupported.","Check the ISAKMP DOI configuration on the peer.","3","Error","65","vpn","ipsec"
+"%ASA-3-713016","713016","Group = groupname, Username = username, IP = peerIP Unknown identification type, Phase 1 or 2, Type ID_Type","%ASA-3-713016: Group = groupname, Username = username, IP = peerIP Unknown identification type, Phase 1 or 2, Type ID_Type","The ID received from the peer is unknown. The ID can be an unfamiliar valid ID or an invalid or corrupted ID.","Check the configuration on the headend and peer.","3","Error","95","vpn","ipsec"
+"%ASA-3-713017","713017","Group = groupname, Username = username, IP = peerIP Identification type not supported, Phase 1 or 2, Type ID_Type","%ASA-3-713017: Group = groupname, Username = username, IP = peerIP Identification type not supported, Phase 1 or 2, Type ID_Type","The Phase 1 or Phase 2 ID received from the peer is legal, but not supported.","Check the configuration on the headend and peer.","3","Error","65","vpn","ipsec"
+"%ASA-3-713018","713018","IP = peerIP Unknown ID type during find of group name for certs, Type ID_Type","%ASA-3-713018: IP = peerIP Unknown ID type during find of group name for certs, Type ID_Type","Tn internal software error has occurred.","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-3-713020","713020","IP = peerIP No Group found by matching OU(s) from ID payload: OU_value","%ASA-3-713020: IP = peerIP No Group found by matching OU(s) from ID payload: OU_value","Tn internal software error has occurred.","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-3-713022","713022","IP = peerIP No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address","%ASA-3-713022: IP = peerIP No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address","group exists in the group database with the same name as the value (key ID or IP address) specified by the peer.","Verify the configuration on the peer.","3","Error","75","vpn","ipsec"
+"%ASA-7-713024","713024","Group = groupname, Username = username, IP = peerIP Group group IP ip Received local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port","%ASA-7-713024: Group = groupname, Username = username, IP = peerIP Group group IP ip Received local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port","The Secure Firewall ASA has received the Phase 2 local proxy ID payload from the remote peer.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713025","713025","Group = groupname, Username = username, IP = peerIP Received remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port","%ASA-7-713025: Group = groupname, Username = username, IP = peerIP Received remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port","The Secure Firewall ASA has received the Phase 2 local proxy ID payload from the remote peer.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713028","713028","Group = groupname, Username = username, IP = peerIP Received local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","%ASA-7-713028: Group = groupname, Username = username, IP = peerIP Received local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","The Secure Firewall ASA has received the Phase 2 local proxy ID payload of the remote peer, which includes an IP address range.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713029","713029","Group = groupname, Username = username, IP = peerIP Received remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","%ASA-7-713029: Group = groupname, Username = username, IP = peerIP Received remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","The Secure Firewall ASA has received the Phase 2 local proxy ID payload of the remote peer, which includes an IP address range.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713032","713032","Group = groupname, Username = username, IP = peerIP Received invalid local Proxy Range IP_address - IP_address","%ASA-3-713032: Group = groupname, Username = username, IP = peerIP Received invalid local Proxy Range IP_address - IP_address","The local ID payload included the range ID type, and the specified low address was not less than the high address. A configuration problem may exist.","Check the configuration of ISAKMP Phase 2 parameters.","3","Error","65","vpn","ipsec"
+"%ASA-3-713033","713033","Group = groupname, Username = username, IP = peerIP Received invalid remote Proxy Range IP_address - IP_address","%ASA-3-713033: Group = groupname, Username = username, IP = peerIP Received invalid remote Proxy Range IP_address - IP_address","The remote ID payload included the range ID type, and the specified low address was not less than the high address. A configuration problem may exist.","Check the configuration of ISAKMP Phase 2 parameters.","3","Error","65","vpn","ipsec"
+"%ASA-7-713034","713034","Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port","%ASA-7-713034: Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port","The local IP proxy subnet data has been received in the Phase 2 ID payload.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713035","713035","Group = groupname, Username = username, IP = peerIP Group group IP ip Received remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port","%ASA-7-713035: Group = groupname, Username = username, IP = peerIP Group group IP ip Received remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port","The remote IP proxy subnet data has been received in the Phase 2 ID payload.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713039","713039","Group = groupname, Username = username, IP = peerIP Send failure: Bytes (number ), Peer: IP_address","%ASA-7-713039: Group = groupname, Username = username, IP = peerIP Send failure: Bytes (number ), Peer: IP_address","An internal software error has occurred, and the ISAKMP packet cannot be transmitted.","If the problem persists, contact the Cisco TAC.","7","Debugging","15","vpn","ipsec"
+"%ASA-7-713040","713040","Group = groupname, Username = username, IP = peerIP Could not find connection entry and can not encrypt: msgid message_number","%ASA-7-713040: Group = groupname, Username = username, IP = peerIP Could not find connection entry and can not encrypt: msgid message_number","An internal software error has occurred, and a Phase 2 data structure cannot be found.","If the problem persists, contact the Cisco TAC.","7","Debugging","5","vpn","ipsec"
+"%ASA-5-713041","713041","Group = groupname, Username = username, IP = peerIP IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address, remote Proxy Address IP_address, Crypto map (crypto map tag )","%ASA-5-713041: Group = groupname, Username = username, IP = peerIP IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address, remote Proxy Address IP_address, Crypto map (crypto map tag )","Secure Firewall ASA is negotiating a tunnel as the initiator.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-3-713042","713042","IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address","%ASA-3-713042: IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address","The IPsec fast path processed a packet that triggered IKE, but the IKE policy lookup failed. This error may be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself.","If the condition persists, check the L2L configuration, paying special attention to the type of ACL associated with crypto maps.","3","Error","75","vpn","ipsec"
+"%ASA-3-713043","713043","Cookie/peer address IP_address session already in progress","%ASA-3-713043: Cookie/peer address IP_address session already in progress","IKE has been triggered again while the original tunnel is in progress.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-3-713047","713047","Unsupported Oakley group: Group <Diffie-Hellman group>","%ASA-3-713047: Unsupported Oakley group: Group <Diffie-Hellman group>","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","vpn","ipsec"
+"%ASA-3-713048","713048","Group = groupname, Username = username, IP = peerIP Error processing payload: Payload ID: id","%ASA-3-713048: Group = groupname, Username = username, IP = peerIP Error processing payload: Payload ID: id","A packet has been received with a payload that cannot be processed.","If this problem persists, a misconfiguration may exist on the peer.","3","Error","65","vpn","ipsec"
+"%ASA-5-713049","713049","Group = groupname, Username = username, IP = peerIP Security negotiation complete for tunnel_type type (group_name ) Initiator /Responder, Inbound SPI = SPI, Outbound SPI = SPI","%ASA-5-713049: Group = groupname, Username = username, IP = peerIP Security negotiation complete for tunnel_type type (group_name ) Initiator /Responder, Inbound SPI = SPI, Outbound SPI = SPI","An IPsec tunnel has been started.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713050","713050","Group = groupname, Username = username, IP = peerIP Connection terminated for peer IP_address . Reason: termination reason Remote Proxy IP_address, Local Proxy IP_address","%ASA-5-713050: Group = groupname, Username = username, IP = peerIP Connection terminated for peer IP_address . Reason: termination reason Remote Proxy IP_address, Local Proxy IP_address","An IPsec tunnel has been terminated. Possible termination reasons include: • IPsec SA Idle Timeout • IPsec SA Max Time Exceeded • Administrator Reset • Administrator Reboot • Administrator Shutdown • Session Disconnected • Session Error Terminated • Peer Terminate","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-7-713052","713052","Group = groupname, Username = username, IP = peerIP User (user ) authenticated.","%ASA-7-713052: Group = groupname, Username = username, IP = peerIP User (user ) authenticated.","remote access user was authenticated.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713056","713056","Group = groupname, Username = username, IP = peerIP Tunnel rejected: SA (SA_name ) not found for group (group_name )!","%ASA-3-713056: Group = groupname, Username = username, IP = peerIP Tunnel rejected: SA (SA_name ) not found for group (group_name )!","The IPsec SA was not found.","If this is a remote access tunnel, check the group and user configuration, and verify that a tunnel group and group policy have been configured for the specific user group. For externally authenticated users and groups, check the returned authentication attributes.","3","Error","75","vpn","ipsec"
+"%ASA-3-713060","713060","Group = groupname, Username = username, IP = peerIP Tunnel Rejected: User (user ) not member of group (group_name ), group-lock check failed.","%ASA-3-713060: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: User (user ) not member of group (group_name ), group-lock check failed.","The user is configured for a different group than what was sent in the IPsec negotiation.","If you are using the Cisco VPN client and preshared keys, make sure that the group configured on the client is the same as the group associated with the user on the Secure Firewall ASA. If you are using digital certificates, the group is dictated either by the OU field of the certificate, or the user automatically defaults to the remote access default group.","3","Error","65","vpn","ipsec"
+"%ASA-3-713061","713061","Group = groupname, Username = username, IP = peerIP Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address !","%ASA-3-713061: Group = groupname, Username = username, IP = peerIP Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address !","The Secure Firewall ASA was not able to find security policy information for the private networks or hosts indicated in the message. These networks or hosts were sent by the initiator and do not match any crypto ACLs at the Secure Firewall ASA. This is most likely a misconfiguration.","Check the protected network configuration in the crypto ACLs on both sides and make sure that the local net on the initiator is the remote net on the responder and vice-versa. Pay special attention to wildcard masks, and host addresses versus network addresses. Non-Cisco implementations may have the private addresses labeled as proxy addresses or red networks.","3","Error","65","vpn","ipsec"
+"%ASA-3-713062","713062","IKE Peer address same as our interface address IP_address","%ASA-3-713062: IKE Peer address same as our interface address IP_address","The IP address configured as the IKE peer is the same as the IP address configured on one of the Secure Firewall ASA IP interfaces.","Check the L2L and IP interface configurations.","3","Error","65","vpn","ipsec"
+"%ASA-3-713063","713063","IKE Peer address not configured for destination IP_address","%ASA-3-713063: IKE Peer address not configured for destination IP_address","The IKE peer address is not configured for an L2L tunnel.","Check the L2L configuration.","3","Error","65","vpn","ipsec"
+"%ASA-3-713065","713065","IKE Remote Peer did not negotiate the following: proposal attribute","%ASA-3-713065: IKE Remote Peer did not negotiate the following: proposal attribute","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-7-713066","713066","Group = groupname, Username = username, IP = peerIP IKE Remote Peer configured for SA: SA_name","%ASA-7-713066: Group = groupname, Username = username, IP = peerIP IKE Remote Peer configured for SA: SA_name","The crypto policy settings of the peer have been configured.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-5-713068","713068","Group = groupname, Username = username, IP = peerIP Received non-routine Notify message: notify_type (notify_value)","%ASA-5-713068: Group = groupname, Username = username, IP = peerIP Received non-routine Notify message: notify_type (notify_value)","Notification messages that caused this event are not explicitly handled in the notify processing code.","Examine the specific reason to determine the action to take. Many notification messages indicate a configuration mismatch between the IKE peers.","5","Notification","35","vpn","ipsec"
+"%ASA-3-713072","713072","Group = groupname, Username = username, IP = peerIP Password for user (user ) too long, truncating to number characters","%ASA-3-713072: Group = groupname, Username = username, IP = peerIP Password for user (user ) too long, truncating to number characters","The password of the user is too long.","Correct password lengths on the authentication server.","3","Error","65","vpn","ipsec"
+"%ASA-5-713073","713073","Group = groupname, Username = username, IP = peerIP Responder forcing change of Phase 1 /Phase 2 rekeying duration from larger_value to smaller_value seconds","%ASA-5-713073: Group = groupname, Username = username, IP = peerIP Responder forcing change of Phase 1 /Phase 2 rekeying duration from larger_value to smaller_value seconds","Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the initiator is the lower one.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713074","713074","Group = groupname, Username = username, IP = peerIP Responder forcing change of IPsec rekeying duration from larger_value to smaller_value Kbs","%ASA-5-713074: Group = groupname, Username = username, IP = peerIP Responder forcing change of IPsec rekeying duration from larger_value to smaller_value Kbs","Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the initiator is the lower one.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713075","713075","Group = groupname, Username = username, IP = peerIP Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value seconds","%ASA-5-713075: Group = groupname, Username = username, IP = peerIP Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value seconds","Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the responder is the lower one.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713076","713076","Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value Kbs","%ASA-5-713076: Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value Kbs","Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the responder is the lower one.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-2-713078","713078","Temp buffer for building mode config attributes exceeded: bufsize available_size , used value","%ASA-2-713078: Temp buffer for building mode config attributes exceeded: bufsize available_size , used value","An internal software error has occurred while processing modecfg attributes.","Disable any unnecessary tunnel group attributes, or shorten any text messages that are excessively long. If the problem persists, contact the Cisco TAC.","2","Critical","95","vpn","ipsec"
+"%ASA-3-713081","713081","Unsupported certificate encoding type encoding_type","%ASA-3-713081: Unsupported certificate encoding type encoding_type","One of the loaded certificates is unreadable, and may be an unsupported encoding scheme.","Check the configuration of digital certificates and trustpoints.","3","Error","65","vpn","ipsec"
+"%ASA-3-713082","713082","Failed to retrieve identity certificate","%ASA-3-713082: Failed to retrieve identity certificate","The identity certificate for this tunnel cannot be found.","Check the configuration of digital certificates and trustpoints.","3","Error","75","vpn","ipsec"
+"%ASA-3-713083","713083","Invalid certificate handle","%ASA-3-713083: Invalid certificate handle","The identity certificate for this tunnel cannot be found.","Check the configuration of digital certificates and trustpoints.","3","Error","75","vpn","ipsec"
+"%ASA-3-713084","713084","Received invalid phase 1 port value (port ) in ID payload","%ASA-3-713084: Received invalid phase 1 port value (port ) in ID payload","The port value received in the IKE phase 1 ID payload was incorrect. Acceptable values are 0 or 500 (ISAKMP is also known as IKE).","Make sure that a peer conforms to the IKE standards to avoid a network problem resulting in corrupted packets.","3","Error","95","vpn","ipsec"
+"%ASA-3-713085","713085","Received invalid phase 1 protocol (protocol ) in ID payload","%ASA-3-713085: Received invalid phase 1 protocol (protocol ) in ID payload","The protocol value received in the IKE phase 1 ID payload was incorrect. Acceptable values are 0 or 17 (UDP).","Make sure that a peer conforms to the IKE standards to avoid a network problem resulting in corrupted packets.","3","Error","95","vpn","ipsec"
+"%ASA-3-713086","713086","Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value))","%ASA-3-713086: Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value))","A certificate payload was received, but our internal certificate handle indicates that we do not have an identity certificate. The certificate handle was not obtained through a normal enrollment method. One likely reason this can happen is that the authentication method is not made through RSA or DSS signatures, although the IKE SA negotiation should fail if each side is misconfigured.","Check the trustpoint and ISAKMP configuration settings on the Secure Firewall ASA and its peer.","3","Error","75","vpn","ipsec"
+"%ASA-3-713088","713088","Set Cert filehandle failure: no IPsec SA in group group_name","%ASA-3-713088: Set Cert filehandle failure: no IPsec SA in group group_name","The tunnel group cannot be found, based on the digital certificate information.","Verify that the tunnel group is set up correctly to handle the certificate information of the peer.","3","Error","85","vpn","ipsec"
+"%ASA-5-713092","713092","Failure during phase 1 rekeying attempt due to collision","%ASA-5-713092: Failure during phase 1 rekeying attempt due to collision","An internal software error has occurred. This is often a benign event.","If the problem persists, contact the Cisco TAC.","5","Notification","35","vpn","ipsec"
+"%ASA-7-713094","713094","Cert validation failure: handle invalid for Main /Aggressive Mode Initiator /Responder !","%ASA-7-713094: Cert validation failure: handle invalid for Main /Aggressive Mode Initiator /Responder !","An internal software error has occurred.","You may have to reenroll the trustpoint. If the problem persists, contact the Cisco TAC.","7","Debugging","15","vpn","ipsec"
+"%ASA-3-713098","713098","Aborting: No identity cert specified in IPsec SA (SA_name )!","%ASA-3-713098: Aborting: No identity cert specified in IPsec SA (SA_name )!","An attempt was made to establish a certificate-based IKE session, but no identity certificate has been specified in the crypto policy.","Specify the identity certificate or trustpoint that you want to transmit to peers.","3","Error","65","vpn","ipsec"
+"%ASA-7-713099","713099","Tunnel Rejected: Received NONCE length number is out of range!","%ASA-7-713099: Tunnel Rejected: Received NONCE length number is out of range!","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713102","713102","Phase 1 ID Data length number too long - reject tunnel!","%ASA-3-713102: Phase 1 ID Data length number too long - reject tunnel!","IKE has received an ID payload that includes an identification data field of 2 K or larger.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-7-713103","713103","Invalid (NULL) secret key detected while computing hash","%ASA-7-713103: Invalid (NULL) secret key detected while computing hash","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","7","Debugging","15","vpn","ipsec"
+"%ASA-7-713104","713104","Attempt to get Phase 1 ID data failed while hash computation","%ASA-7-713104: Attempt to get Phase 1 ID data failed while hash computation","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","7","Debugging","15","vpn","ipsec"
+"%ASA-3-713105","713105","Zero length data in ID payload received during phase 1 or 2 processing","%ASA-3-713105: Zero length data in ID payload received during phase 1 or 2 processing","A peer sent an ID payload without including any ID data, which is invalid.","Check the configuration of the peer.","3","Error","75","vpn","ipsec"
+"%ASA-3-713107","713107","IP_Address request attempt failed!","%ASA-3-713107: IP_Address request attempt failed!","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","3","Error","75","vpn","ipsec"
+"%ASA-3-713109","713109","Unable to process the received peer certificate","%ASA-3-713109: Unable to process the received peer certificate","The Secure Firewall ASA was unable to process the certificate received from the remote peer, which can occur if the certificate data was malformed (for example, if the public key size is larger than 4096 bits) or if the data in the certificate cannot be stored by the Secure Firewall ASA.","Try to reestablish the connection using a different certificate on the remote peer. Messages 713112 to 714011 This section includes messages from 713112 to 714011.","3","Error","75","vpn","ipsec"
+"%ASA-3-713112","713112","Group = groupname, Username = username, IP = peerIP Failed to process CONNECTED notify (SPI SPI_value )!","%ASA-3-713112: Group = groupname, Username = username, IP = peerIP Failed to process CONNECTED notify (SPI SPI_value )!","The Secure Firewall ASA was unable to successfully process the notification payload that included the CONNECTED notify type. This may occur if the IKE phase 2 structure cannot be found using the SPI to locate it, or the commit bit had not been set in the received ISAKMP header. The latter case may indicate a nonconforming IKE peer.","If the problem persists, check the configuration of the peer and/or disable commit bit processing.","3","Error","75","vpn","ipsec"
+"%ASA-7-713113","713113","Group = groupname, Username = username, IP = peerIP Deleting IKE SA with associated IPsec connection entries. IKE peer: IP_address, SA address: internal_SA_address, tunnel count: count","%ASA-7-713113: Group = groupname, Username = username, IP = peerIP Deleting IKE SA with associated IPsec connection entries. IKE peer: IP_address, SA address: internal_SA_address, tunnel count: count","An IKE SA is being deleted with a nonzero tunnel count, which means that either the IKE SA tunnel count has lost synchronization with the associated connection entries or the associated connection cookie fields for the entries have lost synchronization with the cookie fields of the IKE SA to which the connection entry points. If this occurs, the IKE SA and its associated data structures will not be freed, so that the entries that may point to it will not have a stale pointer.","None required. Error recovery is built-in.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713114","713114","Group = groupname, Username = username, IP = peerIP Connection entry (conn entry internal address) points to IKE SA (SA_internal_address ) for peer IP_address, but cookies don't match","%ASA-7-713114: Group = groupname, Username = username, IP = peerIP Connection entry (conn entry internal address) points to IKE SA (SA_internal_address ) for peer IP_address, but cookies don't match","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","7","Debugging","5","vpn","ipsec"
+"%ASA-5-713115","713115","Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec request, falling back to standard IPsec","%ASA-5-713115: Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec request, falling back to standard IPsec","The client rejected an attempt by the Secure Firewall ASA to use IPsec over UDP. IPsec over UDP is used to allow multiple clients to establish simultaneous tunnels to the Secure Firewall ASA through a NAT device. The client may have rejected the request, either because it does not support this feature or because it is configured not to use it.","Verify the configuration on the headend and peer.","5","Notification","35","vpn","ipsec"
+"%ASA-7-713117","713117","Group = groupname, Username = username, IP = peerIP Received Invalid SPI notify (SPI SPI_Value )!","%ASA-7-713117: Group = groupname, Username = username, IP = peerIP Received Invalid SPI notify (SPI SPI_Value )!","The IPsec SA identified by the SPI value is no longer active on the remote peer, which might indicate that the remote peer has rebooted or been reset.","This problem should correct itself once DPDs recognize that the peer no longer has the appropriate SAs established. If DPD is not enabled, this may require you to manually reestablish the affected tunnel.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713118","713118","Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area","%ASA-3-713118: Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area","The group_descriptor field included an unsupported value. Currently we support only groups 1, 2, 5, and 7. In the case of a centry, the group_descriptor field may also be set to 0 to indicate that perfect forward secrecy is disabled.","Check the peer Diffie-Hellman configuration.","3","Error","75","vpn","ipsec"
+"%ASA-5-713119","713119","Group = groupname, Username = username, IP = peerIP Group group IP ip PHASE 1 COMPLETED","%ASA-5-713119: Group = groupname, Username = username, IP = peerIP Group group IP ip PHASE 1 COMPLETED","IKE Phase 1 has completed successfully.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713120","713120","Group = groupname, Username = username, IP = peerIP PHASE 2 COMPLETED (msgid=msg_id )","%ASA-5-713120: Group = groupname, Username = username, IP = peerIP PHASE 2 COMPLETED (msgid=msg_id )","IKE Phase 2 has completed successfully.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-7-713121","713121","IP = peerIP Keep-alive type for this connection: keepalive_type","%ASA-7-713121: IP = peerIP Keep-alive type for this connection: keepalive_type","The type of keepalive mechanism that is being used for this tunnel is specified.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713122","713122","IP = peerIP Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type )","%ASA-3-713122: IP = peerIP Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type )","Keepalives were configured on or off for this device, but the IKE peer does or does not support keepalives.","No action is required if this configuration is intentional. If it is not intentional, change the keepalive configuration on both devices.","3","Error","65","vpn","ipsec"
+"%ASA-3-713123","713123","Group = groupname, Username = username, IP = peerIP IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type )","%ASA-3-713123: Group = groupname, Username = username, IP = peerIP IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type )","The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was terminated. The message includes the keepalive mechanism used.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-6-713124","713124","Group = groupname, Username = username, IP = peerIP Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #","%ASA-6-713124: Group = groupname, Username = username, IP = peerIP Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #","The remote IKE peer sent a DPD with a sequence number that did not match the expected sequence number. The packet is discarded. This might indicate a packet loss problem with the network.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713127","713127","Group = groupname, Username = username, IP = peerIP Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal list","%ASA-3-713127: Group = groupname, Username = username, IP = peerIP Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal list","The peer wanted to perform a XAUTH, but the Secure Firewall ASA did not choose the XAUTH IKE proposal.","Check the priorities of the IKE xauth proposals in the IKE proposal list.","3","Error","65","vpn","ipsec"
+"%ASA-6-713128","713128","IP = peerIP Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing","%ASA-6-713128: IP = peerIP Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing","A connection attempt has been made to the VCPIP and has been redirected to a less loaded peer using load balancing.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713129","713129","Group = groupname, Username = username, IP = peerIP Received unexpected Transaction Exchange payload type: payload_id","%ASA-3-713129: Group = groupname, Username = username, IP = peerIP Received unexpected Transaction Exchange payload type: payload_id","An unexpected payload has been received during XAUTH or Mode Cfg, which may indicate that the two peers are out-of-sync, that the XAUTH or Mode Cfg versions do not match, or that the remote peer is not complying with the appropriate RFCs.","Verify the configuration between peers.","3","Error","75","vpn","ipsec"
+"%ASA-5-713130","713130","Group = groupname, Username = username, IP = peerIP Received unsupported transaction mode attribute: attribute id","%ASA-5-713130: Group = groupname, Username = username, IP = peerIP Received unsupported transaction mode attribute: attribute id","The device received a request for a valid transaction mode attribute (XAUTH or Mode Cfg) that is currently not supported. This is generally a benign condition.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713131","713131","Group = groupname, Username = username, IP = peerIP Received unknown transaction mode attribute: attribute_id","%ASA-5-713131: Group = groupname, Username = username, IP = peerIP Received unknown transaction mode attribute: attribute_id","The Secure Firewall ASA has received a request for a transaction mode attribute (XAUTH or Mode Cfg) that is outside the range of known attributes. The attribute may be valid but only supported in later versions of configuration mode, or the peer may be sending an illegal or proprietary value. This should not cause connectivity problems, but may affect the functionality of the peer.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-3-713132","713132","Group = groupname, Username = username, IP = peerIP Cannot obtain an IP_address for remote peer","%ASA-3-713132: Group = groupname, Username = username, IP = peerIP Cannot obtain an IP_address for remote peer","A request for an IP address for a remote access client from the internal utility that provides these addresses cannot be satisfied.","Check the configuration of IP address assignment methods.","3","Error","65","vpn","ipsec"
+"%ASA-3-713133","713133","Group = groupname, Username = username, IP = peerIP Mismatch: Overriding phase 2 DH Group(DH group DH group_id ) with phase 1 group(DH group DH group_number","%ASA-3-713133: Group = groupname, Username = username, IP = peerIP Mismatch: Overriding phase 2 DH Group(DH group DH group_id ) with phase 1 group(DH group DH group_number","The configured Phase 2 PFS Group differed from the DH group that was negotiated for Phase 1.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-3-713134","713134","Group = groupname, Username = username, IP = peerIP Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection","%ASA-3-713134: Group = groupname, Username = username, IP = peerIP Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection","The configured LAN-to-LAN proposal is different from the one accepted for the LAN-to-LAN connection. Depending on which side is the initiator, different proposals will be used.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-5-713135","713135","Group = groupname, Username = username, IP = peerIP message received, redirecting tunnel to IP_address .","%ASA-5-713135: Group = groupname, Username = username, IP = peerIP message received, redirecting tunnel to IP_address .","The tunnel is being redirected because of load balancing on the remote Secure Firewall ASA. A REDIRECT_CONNECTION notify packet was received.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713136","713136","Group = groupname, Username = username, IP = peerIP IKE session establishment timed out [IKE_state_name ], aborting!","%ASA-5-713136: Group = groupname, Username = username, IP = peerIP IKE session establishment timed out [IKE_state_name ], aborting!","The Reaper has detected an Secure Firewall ASA stuck in an inactive state. The Reaper will try to remove the inactive Secure Firewall ASA.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713137","713137","Group = groupname, Username = username, IP = peerIP Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count] -- deleting SA!","%ASA-5-713137: Group = groupname, Username = username, IP = peerIP Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count] -- deleting SA!","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713138","713138","IP = peerIP Group group_name not found and BASE GROUP default preshared key not configured","%ASA-3-713138: IP = peerIP Group group_name not found and BASE GROUP default preshared key not configured","No group exists in the group database with the same name as the IP address of the peer. In Main Mode, the Secure Firewall ASA will fall back and try to use the default preshared key configured in one of the default groups. The default preshared key is not configured.","Verify the configuration of the preshared keys.","3","Error","75","vpn","ipsec"
+"%ASA-5-713139","713139","IP = peerIP group_name not found, using BASE GROUP default preshared key","%ASA-5-713139: IP = peerIP group_name not found, using BASE GROUP default preshared key","No tunnel group exists in the group database with the same name as the IP address of the peer. In Main Mode, the Secure Firewall ASA will fall back and use the default preshared key configured in the default group.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-3-713140","713140","Group = groupname, Username = username, IP = peerIP Split Tunneling Policy requires network list but none configured","%ASA-3-713140: Group = groupname, Username = username, IP = peerIP Split Tunneling Policy requires network list but none configured","The split tunneling policy is set to either split tunneling or to allow local LAN access. A split tunneling ACL must be defined to represent the information required by the VPN client.","Check the configuration of the ACLs.","3","Error","65","vpn","ipsec"
+"%ASA-3-713141","713141","IP = peerIP Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id), Product product(id), Caps: capability_value . Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value","%ASA-3-713141: IP = peerIP Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id), Product product(id), Caps: capability_value . Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value","The Secure Firewall ASA installed on the client does not match the configured required Secure Firewall ASA. This message lists the actual and expected values, and whether the tunnel is terminated or allowed.","You may need to install a different personal Secure Firewall ASA on the client or change the configuration on the Secure Firewall ASA.","3","Error","65","vpn","ipsec"
+"%ASA-3-713142","713142","IP = peerIP Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor: vendor(id), Product product(id), Caps: capability_value","%ASA-3-713142: IP = peerIP Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor: vendor(id), Product product(id), Caps: capability_value","The client did not report an Secure Firewall ASA in use using ModeCfg, but one is required. The event lists the expected values and whether the tunnel is terminated or allowed. Note that the number following the product string is a bitmask of all of the allowed products.","You may need to install a different personal Secure Firewall ASA on the client or change the configuration on the Secure Firewall ASA.","3","Error","65","vpn","ipsec"
+"%ASA-7-713143","713143","IP = peerIP Processing firewall record. Vendor: vendor(id), Product: product(id), Caps: capability_value, Version Number: version_number, Version String: version_text","%ASA-7-713143: IP = peerIP Processing firewall record. Vendor: vendor(id), Product: product(id), Caps: capability_value, Version Number: version_number, Version String: version_text","Debugging information about the Secure Firewall ASA installed on the client appears.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-5-713144","713144","IP = peerIP Ignoring received malformed firewall record; reason - error_reason TLV type attribute_value correction","%ASA-5-713144: IP = peerIP Ignoring received malformed firewall record; reason - error_reason TLV type attribute_value correction","Bad Secure Firewall ASA information was received from the client.","Check the personal configuration on the client and the Secure Firewall ASA.","5","Notification","25","vpn","ipsec"
+"%ASA-6-713145","713145","Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: netmask","%ASA-6-713145: Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: netmask","A tunnel with a hardware client in network extension mode has been negotiated, and a static route is being added for the private network behind the hardware client. This configuration enables the Secure Firewall ASA to make the remote network known to all the routers on the private side of the headend.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713146","713146","Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask","%ASA-3-713146: Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask","An internal software error has occurred. A tunnel with a hardware client in network extension mode has been negotiated, and an attempt to add the static route for the private network behind the hardware client failed. The routing table may be full, or a possible addressing error has occurred.","If the problem persists, contact the Cisco TAC.","3","Error","75","vpn","ipsec"
+"%ASA-6-713147","713147","Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask: netmask","%ASA-6-713147: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask: netmask","A tunnel to a hardware client in network extension mode is being removed, and the static route for the private network is being deleted behind the hardware client.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-5-713148","713148","Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: netmask","%ASA-5-713148: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: netmask","While a tunnel to a hardware client in network extension mode was being removed, a route to the private network behind the hardware client cannot be deleted. This might indicate an addressing or software problem.","Check the routing table to ensure that the route is not there. If it is, it may have to be removed manually, but only if the tunnel to the hardware client has been completely removed.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713149","713149","Group = groupname, Username = username, IP = peerIP Hardware client security attribute attribute_name was enabled but not requested.","%ASA-3-713149: Group = groupname, Username = username, IP = peerIP Hardware client security attribute attribute_name was enabled but not requested.","The headend Secure Firewall ASA has the specified hardware client security attribute enabled, but the attribute was not requested by the VPN 3002 hardware client.","Check the configuration on the hardware client.","3","Error","65","vpn","ipsec"
+"%ASA-3-713152","713152","IP = peerIP Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.","%ASA-3-713152: IP = peerIP Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.","The client is required to use CPP to provision its Secure Firewall ASA, but the headend device was unable to obtain any ACLs to send to the client. This is probably due to a misconfiguration.","Check the ACLs specified for CPP in the group policy for the client.","3","Error","75","vpn","ipsec"
+"%ASA-4-713154","713154","DNS lookup for peer_description Server [server_name ] failed!","%ASA-4-713154: DNS lookup for peer_description Server [server_name ] failed!","This message appears when a DNS lookup for the specified server has not been resolved.","Check the DNS server configuration on the Secure Firewall ASA. Also check the DNS server to ensure that it is operational and has hostname to IP address mapping.","4","Warning","55","vpn","ipsec"
+"%ASA-5-713155","713155","DNS lookup for Primary VPN Server [server_name ] successfully resolved after a previous failure. Resetting any Backup Server init.","%ASA-5-713155: DNS lookup for Primary VPN Server [server_name ] successfully resolved after a previous failure. Resetting any Backup Server init.","A previous DNS lookup failure for the primary server might have caused the Secure Firewall ASA to initialize a backup peer. This message indicates that a later DNS lookup on the primary server finally succeeded and is resetting any backup server initializations. A tunnel initiated after this point will be aimed at the primary server.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713156","713156","Initializing Backup Server [server_name or IP_address ]","%ASA-5-713156: Initializing Backup Server [server_name or IP_address ]","The client is failing over to a backup server, or a failed DNS lookup for the primary server caused the Secure Firewall ASA to initialize a backup server. A tunnel initiated after this point will be aimed at the specified backup server.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-4-713157","713157","IP = peerIP Timed out on initial contact to server [server_name or IP_address ] Tunnel could not be established.","%ASA-4-713157: IP = peerIP Timed out on initial contact to server [server_name or IP_address ] Tunnel could not be established.","The client tried to initiate a tunnel by sending out IKE MSG1, but did not receive a response from the Secure Firewall ASA on the other end. If backup servers are available, the client will attempt to connect to one of them.","Verify connectivity to the headend Secure Firewall ASA.","4","Warning","55","vpn","ipsec"
+"%ASA-5-713158","713158","Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec Over UDP request, falling back to IPsec Over TCP","%ASA-5-713158: Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec Over UDP request, falling back to IPsec Over TCP","The client is configured to use IPsec over TCP. The client rejected the attempt by the Secure Firewall ASA to use IPsec over UDP.","If TCP is desired, no action is required. Otherwise, check the client configuration.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713159","713159","TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access","%ASA-3-713159: TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access","The TCP connection to the Secure Firewall ASA server was lost for a certain reason, such as the server has rebooted, a network problem has occurred, or an SSL mismatch has occurred.","If the server connection was lost after the initial connection was made, then the server and network connections must be checked. If the initial connection is lost immediately, this might indicate an SSL authentication problem.","3","Error","75","vpn","ipsec"
+"%ASA-7-713160","713160","Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been granted access by the Firewall Server","%ASA-7-713160: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been granted access by the Firewall Server","Normal authentication of the remote user to the Secure Firewall ASA server has occurred.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713161","713161","Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) network access has been restricted by the Firewall Server","%ASA-3-713161: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) network access has been restricted by the Firewall Server","The Secure Firewall ASA server has sent the Secure Firewall ASA a message indicating that this user must be restricted. There are several reasons for this, including Secure Firewall ASA software upgrades or changes in permissions. The Secure Firewall ASA server will transition the user back into full access mode as soon as the operation has been completed.","No action is required unless the user is never transitioned back into full access state. If this does not happen, refer to the Secure Firewall ASA server for more information on the operation that is being performed and the state of the Secure Firewall ASA software running on the remote machine.","3","Error","75","vpn","ipsec"
+"%ASA-3-713162","713162","Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been rejected by the Firewall Server","%ASA-3-713162: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been rejected by the Firewall Server","The Secure Firewall ASA server has rejected this user.","Check the policy information on the Secure Firewall ASA server to make sure that the user is configured correctly.","3","Error","65","vpn","ipsec"
+"%ASA-3-713163","713163","Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been terminated by the Firewall Server","%ASA-3-713163: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been terminated by the Firewall Server","The Secure Firewall ASA server has terminated this user session, which can occur if the integrity agent stops running on the client machine or if the security policy is modified by the remote user in any way.","Verify that the Secure Firewall ASA software on the client machine is still running and that the policy is correct.","3","Error","75","vpn","ipsec"
+"%ASA-7-713164","713164","The Firewall Server has requested a list of active user sessions","%ASA-7-713164: The Firewall Server has requested a list of active user sessions","The Secure Firewall ASA server will request the session information if it detects that it has stale data or if it loses the session data (because of a reboot).","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713165","713165","Group = groupname, Username = username, IP = peerIP Client IKE Auth mode differs from the group's configured Auth mode","%ASA-3-713165: Group = groupname, Username = username, IP = peerIP Client IKE Auth mode differs from the group's configured Auth mode","The client negotiated with preshared keys while its tunnel group points to a policy that is configured to use digital certificates.","Check the client configuration.","3","Error","65","vpn","ipsec"
+"%ASA-3-713166","713166","Group = groupname, Username = username, IP = peerIP Headend security gateway has failed our user authentication attempt - check configured username and password","%ASA-3-713166: Group = groupname, Username = username, IP = peerIP Headend security gateway has failed our user authentication attempt - check configured username and password","The hardware client has failed extended authentication. This is most likely a username and password problem or an authentication server issue.","Verify that the configured username and password values on each side match. Also verify that the authentication server at the headend is operational.","3","Error","85","vpn","ipsec"
+"%ASA-3-713167","713167","Group = groupname, Username = username, IP = peerIP Remote peer has failed user authentication - check configured username and password","%ASA-3-713167: Group = groupname, Username = username, IP = peerIP Remote peer has failed user authentication - check configured username and password","The remote user has failed to extend authentication. This is most likely a username or password problem, or an authentication server issue.","Verify that the configured username and password values on each side match. Also verify that the authentication server being used to authenticate the remote user is operational.","3","Error","85","vpn","ipsec"
+"%ASA-3-713168","713168","Re-auth enabled, but tunnel must be authenticated interactively!","%ASA-3-713168: Re-auth enabled, but tunnel must be authenticated interactively!","Reauthentication on rekeying has been enabled, but the tunnel authentication requires manual intervention.","If manual intervention is desired, no action is required. Otherwise, check the interactive authentication configuration.","3","Error","65","vpn","ipsec"
+"%ASA-7-713169","713169","Group = groupname, Username = username, IP = peerIP IKE Received delete for rekeyed SA IKE peer: IP_address, SA address: internal_SA_address, tunnelCnt: tunnel_count","%ASA-7-713169: Group = groupname, Username = username, IP = peerIP IKE Received delete for rekeyed SA IKE peer: IP_address, SA address: internal_SA_address, tunnelCnt: tunnel_count","IKE has received a delete message from the remote peer to delete its old IKE SA after a rekey has completed.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713170","713170","Group group IP ip IKE Received delete for rekeyed centry IKE peer: IP_address , centry address: internal_address , msgid: id","%ASA-7-713170: Group group IP ip IKE Received delete for rekeyed centry IKE peer: IP_address , centry address: internal_address , msgid: id","IKE has received a delete message from the remote peer to delete its old centry after Phase 2 rekeying is completed.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713171","713171","Group = groupname, Username = username, IP = peerIP NAT-Traversal sending NAT-Original-Address payload","%ASA-7-713171: Group = groupname, Username = username, IP = peerIP NAT-Traversal sending NAT-Original-Address payload","UDP-Encapsulated-Transport was either proposed or selected during Phase 2. Send this payload for NAT-Traversal in this case.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-6-713172","713172","Group = groupname, Username = username, IP = peerIP Automatic NAT Detection Status: Remote end is |is not behind a NAT device This end is |is not behind a NAT device","%ASA-6-713172: Group = groupname, Username = username, IP = peerIP Automatic NAT Detection Status: Remote end is |is not behind a NAT device This end is |is not behind a NAT device","NAT-Traversal auto-detected NAT.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713174","713174","Group = groupname, Username = username, IP = peerIP Hardware Client connection rejected! Network Extension Mode is not allowed for this group!","%ASA-3-713174: Group = groupname, Username = username, IP = peerIP Hardware Client connection rejected! Network Extension Mode is not allowed for this group!","A hardware client is attempting to tunnel in using network extension mode, but network extension mode is not allowed.","Verify the configuration of the network extension mode versus PAT mode.","3","Error","75","vpn","ipsec"
+"%ASA-2-713176","713176","Device_type memory resources are critical, IKE key acquire message on interface interface_number , for Peer IP_address ignored","%ASA-2-713176: Device_type memory resources are critical, IKE key acquire message on interface interface_number , for Peer IP_address ignored","The Secure Firewall ASA is processing data intended to trigger an IPsec tunnel to the indicated peer. Because memory resources are at a critical state, it is not initiating any more tunnels. The data packet has been ignored and dropped.","If condition persists, verify that the Secure Firewall ASA is efficiently configured. An Secure Firewall ASA with increased memory may be required for this application.","2","Critical","100","vpn","ipsec"
+"%ASA-6-713177","713177","Group = groupname, Username = username, IP = peerIP Received remote Proxy Host FQDN in ID Payload: Host Name: host_name Address IP_address, Protocol protocol, Port port","%ASA-6-713177: Group = groupname, Username = username, IP = peerIP Received remote Proxy Host FQDN in ID Payload: Host Name: host_name Address IP_address, Protocol protocol, Port port","A Phase 2 ID payload containing an FQDN has been received from the peer.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-5-713178","713178","Group = groupname, Username = username, IP = peerIP IKE Initiator received a packet from its peer without a Responder cookie","%ASA-5-713178: Group = groupname, Username = username, IP = peerIP IKE Initiator received a packet from its peer without a Responder cookie","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","5","Notification","25","vpn","ipsec"
+"%ASA-5-713179","713179","Group = groupname, Username = username, IP = peerIP IKE AM Initiator received a packet from its peer without a payload_type payload","%ASA-5-713179: Group = groupname, Username = username, IP = peerIP IKE AM Initiator received a packet from its peer without a payload_type payload","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713182","713182","Group = groupname, Username = username, IP = peerIP IKE could not recognize the version of the client! IPsec Fragmentation Policy will be ignored for this connection!","%ASA-3-713182: Group = groupname, Username = username, IP = peerIP IKE could not recognize the version of the client! IPsec Fragmentation Policy will be ignored for this connection!","An internal software error has occurred.","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-6-713184","713184","Group = groupname, Username = username, IP = peerIP Client Type: Client_type Client Application Version: Application_version_string","%ASA-6-713184: Group = groupname, Username = username, IP = peerIP Client Type: Client_type Client Application Version: Application_version_string","The client operating system and application version appear. If the information is not available, then N/A will be indicated.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713185","713185","IP = peerIP Error: Username too long - connection aborted","%ASA-3-713185: IP = peerIP Error: Username too long - connection aborted","The client returned an invalid length username, and the tunnel was torn down.","Check the username and make changes, if necessary.","3","Error","75","vpn","ipsec"
+"%ASA-3-713186","713186","Invalid secondary domain name list received from the authentication server. List Received: list_text Character index (value ) is illegal","%ASA-3-713186: Invalid secondary domain name list received from the authentication server. List Received: list_text Character index (value ) is illegal","An invalid secondary domain name list was received from an external RADIUS authentication server. When split tunnelling is used, this list identifies the domains that the client should resolve through the tunnel.","Correct the specification of the Secondary-Domain-Name-List attribute (vendor-specific attribute 29) on the RADIUS server. The list must be specified as a comma-delimited list of domain names. Domain names may include only alphanumeric characters, a hyphen, an underscore, and a period.","3","Error","75","vpn","ipsec"
+"%ASA-7-713187","713187","Group = groupname, Username = username, IP = peerIP Tunnel Rejected: IKE peer does not match remote peer as defined in L2L policy IKE peer address: IP_address, Remote peer address: IP_address","%ASA-7-713187: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: IKE peer does not match remote peer as defined in L2L policy IKE peer address: IP_address, Remote peer address: IP_address","The IKE peer that is attempting to bring up this tunnel is not the one that is configured in the ISAKMP configuration that is bound to the received remote subnet.","Verify that L2L settings are correct on the headend and peer.","7","Debugging","15","vpn","ipsec"
+"%ASA-3-713189","713189","Group = groupname, Username = username, IP = peerIP Attempted to assign network or broadcast IP_address, removing ( IP_address ) from pool.","%ASA-3-713189: Group = groupname, Username = username, IP = peerIP Attempted to assign network or broadcast IP_address, removing ( IP_address ) from pool.","The IP address from the pool is either the network or broadcast address for this subnet. This address will be marked as unavailable.","This error is generally benign, but the IP address pool configuration should be checked.","3","Error","65","vpn","ipsec"
+"%ASA-7-713190","713190","Group = groupname, Username = username, IP = peerIP Got bad refCnt ( ref_count_value ) assigning IP_address ( IP_address )","%ASA-7-713190: Group = groupname, Username = username, IP = peerIP Got bad refCnt ( ref_count_value ) assigning IP_address ( IP_address )","The reference counter for this SA is invalid.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713191","713191","IP = IP_address Maximum concurrent IKE negotiations exceeded!","%ASA-3-713191: IP = IP_address Maximum concurrent IKE negotiations exceeded!","To minimize CPU-intensive cryptographic calculations, the Secure Firewall ASA limits the number of connection negotiations in progress. When a new negotiation is requested and the Secure Firewall ASA is already at its limit, the new negotiation is rejected. When an existing connection negotiation completes, new connection negotiation will again be permitted.","See the crypto ikev1 limit max-in-negotiation-sa command. Increasing the limit can degrade performance..","3","Error","75","vpn","ipsec"
+"%ASA-3-713193","713193","Received packet with missing payload, Expected payload: payload_id","%ASA-3-713193: Received packet with missing payload, Expected payload: payload_id","The Secure Firewall ASA received an encrypted or unencrypted packet of the specified exchange type that had one or more missing payloads. This usually indicates a problem on the peer.","Verify that the peer is sending valid IKE messages.","3","Error","75","vpn","ipsec"
+"%ASA-3-713194","713194","Group = groupname, Username = username, IP = peerIP Sending IKE |IPsec Delete With Reason message: termination_reason","%ASA-3-713194: Group = groupname, Username = username, IP = peerIP Sending IKE |IPsec Delete With Reason message: termination_reason","A delete message with a termination reason code was received.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-3-713195","713195","Group = groupname, Username = username, IP = peerIP Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!","%ASA-3-713195: Group = groupname, Username = username, IP = peerIP Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!","The originate-only peer can accept incoming connections only after it brings up the first P2 tunnel. At that point, data from either direction can initiate additional Phase 2 tunnels.","If a different behavior is desired, the originate-only configuration needs to be revised.","3","Error","65","vpn","ipsec"
+"%ASA-5-713196","713196","Group = groupname, Username = username, IP = peerIP Remote L2L Peer IP_address initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!","%ASA-5-713196: Group = groupname, Username = username, IP = peerIP Remote L2L Peer IP_address initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!","The remote L2L peer has initiated a public-public tunnel. The remote L2L peer expects a response from the peer at the other end, but does not receive one, because of a possible misconfiguration.","Check the L2L configuration on both sides.","5","Notification","25","vpn","ipsec"
+"%ASA-5-713197","713197","Group = groupname, Username = username, IP = peerIP The configured Confidence Interval of number seconds is invalid for this tunnel_type connection. Enforcing the second default.","%ASA-5-713197: Group = groupname, Username = username, IP = peerIP The configured Confidence Interval of number seconds is invalid for this tunnel_type connection. Enforcing the second default.","The configured confidence interval in the group is outside of the valid range.","Check the confidence setting in the group to make sure it is within the valid range.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713198","713198","Group = groupname, Username = username, IP = peerIP User Authorization failed: user User authorization failed. Username could not be found in the certificate","%ASA-3-713198: Group = groupname, Username = username, IP = peerIP User Authorization failed: user User authorization failed. Username could not be found in the certificate","A reason string that states that a username cannot be found in the certificate appears.","Check the group configuration and client authorization.","3","Error","65","vpn","ipsec"
+"%ASA-5-713199","713199","Group = groupname, Username = username, IP = peerIP Reaper corrected an SA that has not decremented the concurrent IKE negotiations counter ( counter_value )!","%ASA-5-713199: Group = groupname, Username = username, IP = peerIP Reaper corrected an SA that has not decremented the concurrent IKE negotiations counter ( counter_value )!","The Reaper corrected an internal software error.","If the problem persists, contact the Cisco TAC.","5","Notification","25","vpn","ipsec"
+"%ASA-5-713201","713201","Group = groupname, Username = username, IP = peerIP Duplicate Phase Phase packet detected. Action","%ASA-5-713201: Group = groupname, Username = username, IP = peerIP Duplicate Phase Phase packet detected. Action","The Secure Firewall ASA has received a duplicate of a previous Phase 1 or Phase 2 packet, and will transmit the last message. A network performance or connectivity issue may have occurred, in which the peer is not receiving sent packets in a timely manner. • Phase—Phase 1 or 2 • Action—Retransmitting last packet, or No last packet to transmit.","Verify network performance or connectivity.","5","Notification","35","vpn","ipsec"
+"%ASA-5-713202","713202","IP = IP_address Duplicate IP_addr packet detected.","%ASA-5-713202: IP = IP_address Duplicate IP_addr packet detected.","The Secure Firewall ASA has received a duplicate first packet for a tunnel that the Secure Firewall ASA is already aware of and negotiating, which indicates that the Secure Firewall ASA probably received a retransmission of a packet from the peer. • IP_addr—The IP address of the peer from which the duplicate first packet was received","None required, unless the connection attempt is failing. If this is the case, debug further and diagnose the problem.","5","Notification","5","vpn","ipsec"
+"%ASA-3-713203","713203","IKE Receiver: Error reading from socket.","%ASA-3-713203: IKE Receiver: Error reading from socket.","An error occurred while reading a received IKE packet. This is generally an internal error and might indicate a software problem.","This problem is usually benign, and the system will correct itself. If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-7-713204","713204","Group = groupname, Username = username, IP = peerIP Adding static route for client address: IP_address","%ASA-7-713204: Group = groupname, Username = username, IP = peerIP Adding static route for client address: IP_address","This message indicates that a route to the peer-assigned address or to the networks protected by a hardware client was added to the routing table.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713205","713205","Group = groupname, Username = username, IP = peerIP Could not add static route for client address: IP_address","%ASA-3-713205: Group = groupname, Username = username, IP = peerIP Could not add static route for client address: IP_address","An attempt to add a route to the client-assigned address or to the networks protected by a hardware client failed. This might indicate duplicate routes in the routing table or a corrupted network address. The duplicate routes might be caused by routes that were not cleaned up correctly or by having multiple clients sharing networks or addresses.","Check the IP local pool configuration as well as any other IP address-assigning mechanism being used (for example, DHCP or RADIUS). Make sure that routes are being cleared from the routing table. Also check the configuration of networks and/or addresses on the peer.","3","Error","95","vpn","ipsec"
+"%ASA-3-713206","713206","Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy","%ASA-3-713206: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy","A tunnel was dropped because the allowed tunnel specified in the group policy was different from the allowed tunnel in the tunnel group configuration.","Check the tunnel group and group policy configuration.","3","Error","85","vpn","ipsec"
+"%ASA-4-713207","713207","Group = groupname, Username = username, IP = peerIP Terminating connection: IKE Initiator and tunnel group specifies L2TP Over IPSec","%ASA-4-713207: Group = groupname, Username = username, IP = peerIP Terminating connection: IKE Initiator and tunnel group specifies L2TP Over IPSec","This syslog is displayed for ikev1 while terminating the connection if GW is an initiator and tunnel group type is L2TP over IPSEC.","None required.","4","Warning","5","vpn","ipsec"
+"%ASA-3-713208","713208","Cannot create dynamic rule for Backup L2L entry rule rule_id","%ASA-3-713208: Cannot create dynamic rule for Backup L2L entry rule rule_id","A failure occurred in creating the ACLs that trigger IKE and allow IPsec data to be processed properly. The failure was specific to the backup L2L configuration, which may indicate a configuration error, a capacity error, or an internal software error.","If the Secure Firewall ASA is running the maximum number of connections and VPN tunnels, there may be a memory issue. If not, check the backup L2L and crypto map configurations, specifically the ACLs associated with the crypto maps.","3","Error","75","vpn","ipsec"
+"%ASA-3-713209","713209","Cannot delete dynamic rule for Backup L2L entry rule id","%ASA-3-713209: Cannot delete dynamic rule for Backup L2L entry rule id","A failure occurred in deleting the ACLs that trigger IKE and allow IPsec data to be processed correctly. The failure was specific to the backup L2L configuration. This may indicate an internal software error.","If the problem persists, contact the Cisco TAC.","3","Error","75","vpn","ipsec"
+"%ASA-3-713210","713210","Cannot create dynamic map for Backup L2L entry rule_id","%ASA-3-713210: Cannot create dynamic map for Backup L2L entry rule_id","A failure occurred in creating a run-time instance of the dynamic crypto map associated with backup L2L configuration. This may indicate a configuration error, a capacity error, or an internal software error.","If the Secure Firewall ASA is running the maximum number of connections and VPN tunnels, there may be a memory issue. If not, check the backup L2L and crypto map configurations, and specifically the ACLs associated with the crypto maps.","3","Error","75","vpn","ipsec"
+"%ASA-6-713211","713211","Group = groupname, Username = username, IP = peerIP Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask","%ASA-6-713211: Group = groupname, Username = username, IP = peerIP Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask","The ASA is adding a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713212","713212","Group = groupname, Username = username, IP = peerIP","%ASA-3-713212: Group = groupname, Username = username, IP = peerIP","The Secure Firewall ASA failed while attempting to add a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","75","vpn","ipsec"
+"%ASA-6-713213","713213","Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","%ASA-6-713213: Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","The Secure Firewall ASA is deleting a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713214","713214","Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","%ASA-3-713214: Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","The Secure Firewall ASA experienced a failure while deleting a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. The route may have already been deleted,or an internal software error has occurred.","If the route has already been deleted, the condition is benign and the device will function normally. If the problem persists or can be linked to routing issues over VPN tunnels, then check the routing and addressing portions of the VPN L2L configuration. Check the reverse route injection and the ACLs associated with the appropriate crypto map. If the problem persists, contact the Cisco TAC.","3","Error","75","vpn","ipsec"
+"%ASA-6-713215","713215","Group = groupname, Username = username, IP = peerIP No match against Client Type and Version rules. Client: type version is /is not allowed by default","%ASA-6-713215: Group = groupname, Username = username, IP = peerIP No match against Client Type and Version rules. Client: type version is /is not allowed by default","The client type and the version of a client did not match any of the rules configured on the Secure Firewall ASA. The default action appears.","Determine what the default action and deployment requirements are, and make the applicable changes.","6","Informational","15","vpn","ipsec"
+"%ASA-5-713216","713216","Group = groupname, Username = username, IP = peerIP Rule: action [Client type]: version Client: type version allowed/not allowed","%ASA-5-713216: Group = groupname, Username = username, IP = peerIP Rule: action [Client type]: version Client: type version allowed/not allowed","The client type and the version of a client have matched one of the rules. The results of the match and the rule are displayed.","Determine what the deployment requirements are, and make the appropriate changes.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713217","713217","Group = groupname, Username = username, IP = peerIP Skipping unrecognized rule: action: action client type: client_type client version: client_version","%ASA-3-713217: Group = groupname, Username = username, IP = peerIP Skipping unrecognized rule: action: action client type: client_type client version: client_version","A malformed client type and version rule exist. The required format is action client type | client version action. Either permit or deny client type and client version are displayed under Session Management. Only one wildcard per parameter (*) is supported.","Correct the rule.","3","Error","85","vpn","ipsec"
+"%ASA-3-713218","713218","Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Client Type or Version not allowed.","%ASA-3-713218: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Client Type or Version not allowed.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","vpn","ipsec"
+"%ASA-6-713219","713219","Group = groupname, Username = username, IP = peerIP Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.","%ASA-6-713219: Group = groupname, Username = username, IP = peerIP Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.","Phase 2 messages are being enqueued after Phase 1 completes.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-6-713220","713220","Group = groupname, Username = username, IP = peerIP De-queuing KEY-ACQUIRE messages that were left pending.","%ASA-6-713220: Group = groupname, Username = username, IP = peerIP De-queuing KEY-ACQUIRE messages that were left pending.","Queued Phase 2 messages are being processed.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-7-713221","713221","Group = groupname, Username = username, IP = peerIP Static Crypto Map check, checking map = crypto_map_tag, seq = seq_number...","%ASA-7-713221: Group = groupname, Username = username, IP = peerIP Static Crypto Map check, checking map = crypto_map_tag, seq = seq_number...","The Secure Firewall ASA is iterating through the crypto maps looking for configuration information.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713222","713222","Group = groupname, Username = username, IP = peerIP Group group Username username IP ip Static Crypto Map check, map = crypto_map_tag, seq = seq_number, ACL does not match proxy IDs src:source_address dst:dest_address","%ASA-7-713222: Group = groupname, Username = username, IP = peerIP Group group Username username IP ip Static Crypto Map check, map = crypto_map_tag, seq = seq_number, ACL does not match proxy IDs src:source_address dst:dest_address","While iterating through the configured crypto maps, the Secure Firewall ASA cannot match any of the associated ACLs. This generally means that an ACL was misconfigured.","Check the ACLs associated with this tunnel peer, and make sure that they specify the appropriate private networks from both sides of the VPN tunnel.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713223","713223","Group = groupname, Username = username, IP = peerIP Static Crypto Map check, map = crypto_map_tag, seq = seq_number, no ACL configured","%ASA-7-713223: Group = groupname, Username = username, IP = peerIP Static Crypto Map check, map = crypto_map_tag, seq = seq_number, no ACL configured","The crypto map associated with this peer is not linked to an ACL.","Make sure an ACL associated with this crypto map exists, and that the ACL includes the appropriate private addresses or network from both sides of the VPN tunnel.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713224","713224","Group = groupname, Username = username, IP = peerIP Static Crypto Map Check by-passed: Crypto map entry incomplete!","%ASA-7-713224: Group = groupname, Username = username, IP = peerIP Static Crypto Map Check by-passed: Crypto map entry incomplete!","The crypto map associated with this VPN tunnel is missing critical information.","Verify that the crypto map is configured correctly with both the VPN peer, a transform set, and an associated ACL.","7","Debugging","15","vpn","ipsec"
+"%ASA-7-713225","713225","Group = groupname, Username = username, IP = peerIP [IKEv1], Static Crypto Map check, map map_name, seq = sequence_number is a successful match","%ASA-7-713225: Group = groupname, Username = username, IP = peerIP [IKEv1], Static Crypto Map check, map map_name, seq = sequence_number is a successful match","The Secure Firewall ASA found a valid matching crypto map for this VPN tunnel.","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-3-713226","713226","Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group","%ASA-3-713226: Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group","When the device is configured to use digital certificates, a trustpoint must be specified in the configuration. When the trustpoint is missing from the configuration, this message is generated to flag an error. • IP_address—IP address of the peer • tunnel_group—Tunnel group for which the trustpoint was missing in the configuration","The administrator of the device has to specify a trustpoint in the configuration.","3","Error","75","vpn","ipsec"
+"%ASA-3-713227","713227","IP = IP_address Rejecting new IPsec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_netmask, remote Proxy Remote_address /Remote_netmask","%ASA-3-713227: IP = IP_address Rejecting new IPsec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_netmask, remote Proxy Remote_address /Remote_netmask","When establishing a Phase SA, the Secure Firewall ASA will reject a new Phase 2 matching this proxy.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-6-713228","713228","Group = group, Username = uname, IP = remote_IP_address Assigned private IP","%ASA-6-713228: Group = group, Username = uname, IP = remote_IP_address Assigned private IP","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","vpn","ipsec"
+"%ASA-5-713229","713229","Group = groupname, Username = username, IP = peerIP Auto Update - Notification to client client_ip of update string: message_string .","%ASA-5-713229: Group = groupname, Username = username, IP = peerIP Auto Update - Notification to client client_ip of update string: message_string .","A VPN remote access client is notified that updated software is available for download. The remote client user is responsible for choosing to update the client access software. • client_ip—The IP address of the remote client • message_string—The message text sent to the remote client","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-3-713230","713230","Internal Error, ike_lock trying to lock bit that is already locked for type type","%ASA-3-713230: Internal Error, ike_lock trying to lock bit that is already locked for type type","An internal error occurred, which is reporting that the IKE subsystem is attempting to lock memory that has already been locked. This indicates errors on semaphores that are used to protect memory violations for IKE SAs. This message does not indicate that anything is seriously wrong. However, an unexpected event has occurred, and steps are automatically being taken for recovery. • >type —String that describes the type of semaphore that had a locking issue","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-3-713231","713231","Internal Error, ike_lock trying to unlock bit that is not locked for type type","%ASA-3-713231: Internal Error, ike_lock trying to unlock bit that is not locked for type type","An internal error has occurred, which is reporting that the IKE subsystem is attempting to unlock memory that is not currently locked. This indicates errors on semaphores that are used to protect memory violations for IKE SAs. This message does not indicate that anything is seriously wrong. However, an unexpected event has occurred, and steps are automatically being taken for recovery. • type —String that describes the type of semaphore that had a locking issue","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-3-713232","713232","SA lock refCnt = value , bitmask = hexvalue , p1_decrypt_cb = value , qm_decrypt_cb = value , qm_hash_cb = value , qm_spi_ok_cb = value , qm_dh_cb = value , qm_secret_key_cb = value , qm_encrypt_cb = value","%ASA-3-713232: SA lock refCnt = value , bitmask = hexvalue , p1_decrypt_cb = value , qm_decrypt_cb = value , qm_hash_cb = value , qm_spi_ok_cb = value , qm_dh_cb = value , qm_secret_key_cb = value , qm_encrypt_cb = value","All the IKE SA are locked, and a possible error has been detected. This message reports errors on semaphores that are used to protect memory violations for IKE SAs. • >value —Decimal value • >hexvalue —Hexadecimal value","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-7-713233","713233","(VPN-unit ) Remote network (remote network ) validated for network extension mode.","%ASA-7-713233: (VPN-unit ) Remote network (remote network ) validated for network extension mode.","The remote network received during the Phase 2 negotiation was validated. The message indicates the results of the remote network check during Phase 2 negotiations for Network Extension Mode clients. This is part of an existing feature that prevents users from misconfiguring their hardware client network (for example, configuring overlapping networks or the same network on multiple clients). • remote network —Subnet address and subnet mask from Phase 2 proxy","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713234","713234","(VPN-unit) Remote network (remote network ) from network extension mode client mismatches AAA configuration (aaa network ).","%ASA-7-713234: (VPN-unit) Remote network (remote network ) from network extension mode client mismatches AAA configuration (aaa network ).","The remote network received during the Phase 2 negotiation does not match the framed-ip-address and framed-subnet-mask that were returned from the AAA server for this session. • remote network —Subnet address and subnet mask from Phase 2 proxy • aaa network —Subnet address and subnet mask configured through AAA","Do one of the following: • Check the address assignment for this user and group, then check the network configuration on the HW client, and correct any inconsistencies. • Disable address assignment for this user and group.","7","Debugging","5","vpn","ipsec"
+"%ASA-6-713235","713235","Group = groupname, Username = username, IP = peerIP Attempt to send an IKE packet from standby unit. Dropping the packet!","%ASA-6-713235: Group = groupname, Username = username, IP = peerIP Attempt to send an IKE packet from standby unit. Dropping the packet!","Normally, IKE packets should never be sent from the standby unit to the remote peer. If such an attempt is made, an internal logic error may have occurred. The packet never leaves the standby unit because of protective code. This message facilitates debugging.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-7-713236","713236","IKE_DECODE RECEIVED Message msgid=0) with payloads: HDR + HASH (8) + NOTIFY (11) + VENDOR (13) + VENDOR (13) + NONE (0)","%ASA-7-713236: IKE_DECODE RECEIVED Message msgid=0) with payloads: HDR + HASH (8) + NOTIFY (11) + VENDOR (13) + VENDOR (13) + NONE (0)","IKE sent or received various messages. The following example shows the output when IKE receives a message with an 8-byte hash payload, an 11-byte notify payload, and two 13-byte vendor-specific payloads:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","7","Debugging","5","vpn","ipsec"
+"%ASA-5-713237","713237","Group = groupname, Username = username, IP = peerIP ACL update (access_list ) received during re-key re-authentication will not be applied to the tunnel.","%ASA-5-713237: Group = groupname, Username = username, IP = peerIP ACL update (access_list ) received during re-key re-authentication will not be applied to the tunnel.","The Phase 1 rekey of a remote access IPsec tunnel appears under the following conditions: • The tunnel is configured to reauthenticate the user when the tunnel is rekeyed. • The RADIUS server returns an access list or a reference to a locally configured access list that is different from the one that was returned when the tunnel was first established.","Under these conditions, the Secure Firewall ASA ignores the new access list and this message is generated. • >access_list —Name associated with the static or dynamic access list, as displayed in the output of the show access-list command IPsec users must reconnect for new user-specific access lists to take effect.","5","Notification","25","vpn","ipsec"
+"%ASA-3-713238","713238","Group = groupname, Username = username, IP = peerIP Invalid source proxy address: 0.0.0.0! Check private address on remote client","%ASA-3-713238: Group = groupname, Username = username, IP = peerIP Invalid source proxy address: 0.0.0.0! Check private address on remote client","The private side address of a network extension mode client came across as 0.0.0.0. This usually indicates that no IP address was set on the private interface of the hardware client.","Verify the configuration of the remote client.","3","Error","85","vpn","ipsec"
+"%ASA-5-713239","713239","Group = groupname, Username = username, IP = peerIP IP_Address : Tunnel Rejected: The maximum tunnel count allowed has been reached","%ASA-5-713239: Group = groupname, Username = username, IP = peerIP IP_Address : Tunnel Rejected: The maximum tunnel count allowed has been reached","An attempt to create a tunnel has occurred after the maximum number of tunnels allowed has been reached. • IP_Address—The IP address of the peer","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-5-713240","713240","Received DH key with bad length: received length=<i>rlength</i> expected","%ASA-5-713240: Received DH key with bad length: received length=<i>rlength</i> expected","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","vpn","ipsec"
+"%ASA-4-713241","713241","IE Browser Proxy Method setting_number is Invalid","%ASA-4-713241: IE Browser Proxy Method setting_number is Invalid","An invalid proxy setting was found during ModeCfg processing. P1 negotiation will fail.","Check the msie-proxy method command settings (a subcommand of the group-policy command), which should conform to one of the following: [auto-detect | no-modify | no-proxy | use-server] . Any other value or no value is incorrect. Try resetting the msie-proxy method command settings. If the problem persists, contact the Cisco TAC.","4","Warning","55","vpn","ipsec"
+"%ASA-4-713242","713242","Group = groupname, Username = username, IP = peerIP Remote user is authenticated using Hybrid Authentication. Not starting IKE rekey.","%ASA-4-713242: Group = groupname, Username = username, IP = peerIP Remote user is authenticated using Hybrid Authentication. Not starting IKE rekey.","The Secure Firewall ASA has detected a request to start an IKE rekey for a tunnel configured to use Hybrid Xauth, but the rekey was not started. The Secure Firewall ASA will wait for the client to detect and initiate an IKE rekey.","None required.","4","Warning","5","vpn","ipsec"
+"%ASA-4-713243","713243","META-DATA Unable to find the requested certificate","%ASA-4-713243: META-DATA Unable to find the requested certificate","The IKE peer requested a certificate from the cert-req payload. However, no valid identity certificate issued by the requested DN was found.","Perform the following steps: 1. Check the identity certificates. 2. Enroll or import the desired certificate. 3. Enable certificate debugging for more details.","4","Warning","55","vpn","ipsec"
+"%ASA-4-713244","713244","Group = groupname, Username = username, IP = peerIP META-DATA Received Legacy Authentication Method(LAM) type type is different from the last type received type .","%ASA-4-713244: Group = groupname, Username = username, IP = peerIP META-DATA Received Legacy Authentication Method(LAM) type type is different from the last type received type .","The LAM attribute type received differs from the last type received. The type must be consistent throughout the user authentication process. The user authentication process cannot proceed, and the VPN connection will not be established. • type—The LAM type","If the problem persists, contact the Cisco TAC.","4","Warning","45","vpn","ipsec"
+"%ASA-4-713245","713245","Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) type type received.","%ASA-4-713245: Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) type type received.","An unsupported LAM type was received during the CRACK challenge or response user authentication process. The user authentication process cannot proceed, and the VPN connection will not be established. • type—The LAM type","If the problem persists, contact the Cisco TAC.","4","Warning","45","vpn","ipsec"
+"%ASA-4-713246","713246","Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) attribute type type received.","%ASA-4-713246: Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) attribute type type received.","The Secure Firewall ASA received an unknown LAM attribute type, which should not cause connectivity problems, but might affect the functionality of the peer. • type—The LAM attribute type","None required.","4","Warning","5","vpn","ipsec"
+"%ASA-4-713247","713247","Group = groupname, Username = username, IP = peerIP META-DATA Unexpected error: in Next Card Code mode while not doing SDI.","%ASA-4-713247: Group = groupname, Username = username, IP = peerIP META-DATA Unexpected error: in Next Card Code mode while not doing SDI.","An unexpected error occurred during state processing.","If the problem persists, contact the Cisco TAC.","4","Warning","45","vpn","ipsec"
+"%ASA-5-713248","713248","Group = groupname, Username = username, IP = peerIP META-DATA Rekey initiation is being disabled during CRACK authentication.","%ASA-5-713248: Group = groupname, Username = username, IP = peerIP META-DATA Rekey initiation is being disabled during CRACK authentication.","When an IKE SA is negotiated using the CRACK authentication method, the Phase 1 SA rekey timer at the headend expired before a successful rekey. Because the remote client is always the initiator of the exchange when using the CRACK authentication method, the headend will not initiate the rekey. Unless the remote peer initiates a successful rekey before the IKE SA expires, the connection will come down upon IKE SA expiration.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-4-713249","713249","Group = groupname, Username = username, IP = peerIP META-DATA Received unsupported authentication results: result","%ASA-4-713249: Group = groupname, Username = username, IP = peerIP META-DATA Received unsupported authentication results: result","While negotiating an IKE SA using the CRACK authentication method, the IKE subsystem received a result that is not supported during CRACK authentication from the authentication subsystem. The user authentication fails, and the VPN connection is torn down. • result —The result returned from the authentication subsystem","If the problem persists, contact the Cisco TAC.","4","Warning","45","vpn","ipsec"
+"%ASA-5-713250","713250","Group = groupname, Username = username, IP = peerIP META-DATA Received unknown Internal Address attribute: attribute","%ASA-5-713250: Group = groupname, Username = username, IP = peerIP META-DATA Received unknown Internal Address attribute: attribute","The Secure Firewall ASA received a request for an internal address attribute that is not recognizable. The attribute might be valid, but not currently supported, or the peer might be sending an illegal value. This should not cause connectivity problems, but might affect the functionality of the peer.","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-4-713251","713251","Group = groupname, Username = username, IP = peerIP META-DATA Received authentication failure message","%ASA-4-713251: Group = groupname, Username = username, IP = peerIP META-DATA Received authentication failure message","The Secure Firewall ASA received a notification message that indicated an authentication failure while an IKE SA is negotiated using the CRACK authentication method. The connection is torn down.","None required.","4","Warning","5","vpn","ipsec"
+"%ASA-5-713252","713252","Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. VPN Tunnel creation rejected for client.","%ASA-5-713252: Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. VPN Tunnel creation rejected for client.","When the group policy is configured to require the client to authenticate with a Zonelab Integrity Server, the server might need to be connected to the concentrator depending on the failure policy configured. If the fail policy is to reject the client connection, this message is generated when a Zonelab Integrity Server is not connected to the Secure Firewall ASA at the time the client is connecting. • group —The tunnel group to which the remote access user is connecting • user —The remote access user • ip —The IP address of the remote access user","Check that the configurations on the concentrator and the Zonelab Integrity Server match. Then verify that communication exists between the concentrator and the Zonelab Integrity Server.","5","Notification","45","vpn","ipsec"
+"%ASA-5-713253","713253","Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. Entering ALLOW mode. VPN Tunnel created for client.","%ASA-5-713253: Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. Entering ALLOW mode. VPN Tunnel created for client.","When the group policy is configured to require a client to authenticate with a Zonelab Integrity Server, the server might need to be connected to the concentrator, depending on the failure policy configured. If the failure policy is to accept the client connection, and provide unrestricted network access, this message is generated when a Zonelab Integrity Server is not connected to the Secure Firewall ASA at the time the client is connecting. • group —The tunnel group to which the remote access user is connecting • user —The remote access user","Check that the configurations on the Secure Firewall ASA and the Zonelab Integrity Server match, and verify that communication exists between the Secure Firewall ASA and the Zonelab Integrity Server.","5","Notification","45","vpn","ipsec"
+"%ASA-3-713254","713254","Group = groupname, Username = username, IP = peerip Group = groupname, Username = username, IP = peerip, Invalid IPsec/UDP port = portnum, valid range is minport - maxport, except port 4500, which is reserved for IPsec/NAT-T","%ASA-3-713254: Group = groupname, Username = username, IP = peerip Group = groupname, Username = username, IP = peerip, Invalid IPsec/UDP port = portnum, valid range is minport - maxport, except port 4500, which is reserved for IPsec/NAT-T","You cannot use UDP port 4500 for IPsec/UDP connections, because it is reserved for IPsec or NAT-T connections. The CLI does not allow this configuration for local groups. This message should only occur for externally defined groups. • groupname —The name of the user group • username —The name of the user • peerip —The IP address of the client • portnum —The IPsec/UDP port number on the external server • minport —The minimum valid port number for a user-configurable port, which is 4001 • maxport —The maximum valid port number for a user-configurable port, which is 49151","Change the IPsec or UDP port number on the external server to another port number. Valid port numbers are 4001 to 49151.","3","Error","65","vpn","ipsec"
+"%ASA-4-713255","713255","IP = peer-IP IP = peer-IP, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name group-name","%ASA-4-713255: IP = peer-IP IP = peer-IP, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name group-name","An unknown tunnel group was specified in ISAKMP Aggressive Mode message 1. • peer-ip —The address of the peer • group-name —The group name specified by the peer","Check the tunnel group and client configurations to make sure that they are valid.","4","Warning","45","vpn","ipsec"
+"%ASA-6-713256","713256","IP = peer-IP , Sending spoofed ISAKMP Aggressive Mode message 2 due to receipt of unknown tunnel group. Aborting connection.","%ASA-6-713256: IP = peer-IP , Sending spoofed ISAKMP Aggressive Mode message 2 due to receipt of unknown tunnel group. Aborting connection.","When the peer specifies an invalid tunnel group, the Secure Firewall ASA will still send message 2 to prevent the peer from gleaning tunnel group information. • peer-ip —The address of the peer","None required.","6","Informational","45","vpn","ipsec"
+"%ASA-5-713257","713257","Phase var1 failure: Mismatched attribute types for class var2 : Rcv'd: var3 Cfg'd: var4","%ASA-5-713257: Phase var1 failure: Mismatched attribute types for class var2 : Rcv'd: var3 Cfg'd: var4","An Secure Firewall ASA has acted as the responder in a LAN-to-LAN connection. It indicates that the Secure Firewall ASA crypto configuration does not match the configuration of the initiator. The message specifies during which phase the mismatch occurred, and which attributes both the responder and the initiator had that were different. • var1 —The phase during which the mismatch occurred • var2 —The class to which the attributes that do not match belong • var3 —The attribute received from the initiator • var4 —The attribute configured","Check the crypto configuration on both of the LAN-to-LAN devices for inconsistencies. In particular, if a mismatch between UDP-Tunnel (NAT-T) and something else is reported, check the crypto maps. If one configuration has NAT-T disabled on the matched crypto map and the other does not, this will cause a failure.","5","Notification","35","vpn","ipsec"
+"%ASA-3-713258","713258","IP = var1 IP = var1, Attempting to establish a phase2 tunnel on var2 interface but phase1 tunnel is on var3 interface. Tearing down old phase1 tunnel due to a potential routing change.","%ASA-3-713258: IP = var1 IP = var1, Attempting to establish a phase2 tunnel on var2 interface but phase1 tunnel is on var3 interface. Tearing down old phase1 tunnel due to a potential routing change.","The Secure Firewall ASA tries to establish a Phase 2 tunnel on an interface, and a Phase 1 tunnel already exists on a different interface. The existing Phase 1 tunnel is torn down to allow the establishment of a new tunnel on the new interface. • var1 —The IP address of the peer • var2 —The interface on which the Secure Firewall ASA is trying to establish a Phase 2 tunnel • var3 —The interface on which the Phase 1 tunnel exists","Check whether or not the route of the peer has changed. If the route has not changed, a possible misconfiguration may exist.","3","Error","65","vpn","ipsec"
+"%ASA-5-713259","713259","Group = groupname, Username = username, IP = peerIP Group = groupname, Username = username, IP = peerIP, Session is being torn down. Reason: reason","%ASA-5-713259: Group = groupname, Username = username, IP = peerIP Group = groupname, Username = username, IP = peerIP, Session is being torn down. Reason: reason","The termination reason for the ISAKMP session appears, which occurs when the session is torn down through session management. • groupname —The tunnel group of the session being terminated • username —The username of the session being terminated • peerIP —The peer address of the session being terminated • reason —The RADIUS termination reason of the session being terminated. Reasons include the following: - Port Preempted (simultaneous logins) - Idle Timeout","None required.","5","Notification","5","vpn","ipsec"
+"%ASA-3-713260","713260","Output interface %d to peer was not found","%ASA-3-713260: Output interface %d to peer was not found","When trying to create a Phase 1 SA, the interface database could not be found for the interface ID.","If the problem persists, contact the Cisco TAC.","3","Error","65","vpn","ipsec"
+"%ASA-4-713261","713261","IPV6 address on output interface interface_number was not found","%ASA-4-713261: IPV6 address on output interface interface_number was not found","When trying to create a Phase 1 SA, no IPv6 address is specified on the local interface.","For information about how to set up an IPv6 address on a desired interface, see the “Configuring IPv6 Addressing” section in the CLI configuration guide.","4","Warning","45","vpn","ipsec"
+"%ASA-3-713262","713262","IP = IP_address Rejecting new IPSec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_prefix_len, remote Proxy Remote_address /Remote_prefix_len","%ASA-3-713262: IP = IP_address Rejecting new IPSec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_prefix_len, remote Proxy Remote_address /Remote_prefix_len","When establishing a Phase SA, the Secure Firewall ASA will reject a new Phase 2 SA matching this proxy. • Peer_address —The new address attempting to intiate Phase 2 with a proxy matching an existing negotiation • Local_address —The address of the previous local peer currently negotiating Phase 2 • Local_prefix_len —The length of the subnet prefix according to CIDR notation • Remote_address —The address of the proxy • Remote_prefix_len —The length of the subnet prefix according to CIDR notation","None required.","3","Error","5","vpn","ipsec"
+"%ASA-7-713263","713263","Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask /prefix_len, Protocol protocol, Port port","%ASA-7-713263: Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask /prefix_len, Protocol protocol, Port port","The Secure Firewall ASA is adding a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-713264","713264","Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask/prefix_len, Protocol protocol, Port port {“Received remote IP Proxy Subnet data in ID Payload: Address IP address, Mask/mask, Protocol protocol_name, Port port_number ”}","%ASA-7-713264: Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask/prefix_len, Protocol protocol, Port port {“Received remote IP Proxy Subnet data in ID Payload: Address IP address, Mask/mask, Protocol protocol_name, Port port_number ”}","The Secure Firewall ASA is adding a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation • protocol — The proxy protocol • port —The proxy port","None required.","7","Debugging","5","vpn","ipsec"
+"%ASA-6-713265","713265","Group = groupname, Username = username, IP = peerIP Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","%ASA-6-713265: Group = groupname, Username = username, IP = peerIP Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall ASA is adding a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713266","713266","Group = groupname, Username = username, IP = peerIP Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","%ASA-3-713266: Group = groupname, Username = username, IP = peerIP Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall ASA failed while attempting to add a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. This might indicate duplicate routes, a full IPv6 routing table, or a failure of the Secure Firewall ASA to remove previously used routes. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","Check the IPv6 routing table to make sure there is room for additional routes, and that obsolete routes are not present. If the table is full or includes obsolete routes, remove the routes and try again. If the problem persists, contact the Cisco TAC.","3","Error","75","vpn","ipsec"
+"%ASA-6-713267","713267","Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","%ASA-6-713267: Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall ASA failed while attempting to add a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713268","713268","Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","%ASA-3-713268: Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall ASA experienced a failure while deleting a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. The route may have already been deleted, or an internal software error has occurred. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","If the route has already been deleted, the condition is benign and the device will function normally. If the problem persists or can be linked to routing issues over VPN tunnels, then check the routing and addressing portions of the VPN L2L configuration. Also check the reverse route injection and the ACLs associated with the appropriate crypto map. If the problem persists, contact the Cisco TAC.","3","Error","75","vpn","ipsec"
+"%ASA-6-713269","713269","Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: /prefix_len","%ASA-6-713269: Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: /prefix_len","A tunnel with a hardware client in network extension mode has been negotiated, and a static route is being added for the private network behind the hardware client. This configuration enables the Secure Firewall ASA to make the remote network known to all the routers on the private side of the headend. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713270","713270","Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: /prefix_len","%ASA-3-713270: Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: /prefix_len","An internal software error has occurred. A tunnel with a hardware client in network extension mode has been negotiated, and an attempt to add the static route for the private network behind the hardware client failed. The IPv6 routing table may be full, or a possible addressing error has occurred. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","If the problem persists, contact the Cisco TAC.","3","Error","75","vpn","ipsec"
+"%ASA-6-713271","713271","Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask:/prefix_len","%ASA-6-713271: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask:/prefix_len","A tunnel to a hardware client in network extension mode is being removed, and the static route for the private network is being deleted behind the hardware client. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-5-713272","713272","Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: /prefix_len","%ASA-5-713272: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: /prefix_len","While a tunnel to a hardware client in network extension mode was being removed, a route to the private network behind the hardware client cannot be deleted. This might indicate an addressing or software problem. • IP_address —The base IP address of the destination network of the peer • prefix_len —The length of the subnet prefix according to CIDR notation","Check the IPv6 routing table to ensure that the route is not there. If it is, it may have to be removed manually, but only if the tunnel to the hardware client has been completely removed.","5","Notification","25","vpn","ipsec"
+"%ASA-6-713273","713273","Group = groupname, Username = username, IP = peerIP Deleting static route for client address: IP_Address IP_Address address of client whose route is being removed","%ASA-6-713273: Group = groupname, Username = username, IP = peerIP Deleting static route for client address: IP_Address IP_Address address of client whose route is being removed","A route to the peer-assigned address or the networks protected by a hardware client were removed from the routing table.","None required.","6","Informational","5","vpn","ipsec"
+"%ASA-3-713274","713274","Group = groupname, Username = username, IP = peerIP Could not delete static route for client address: IP_Address IP_Address address of client whose route is being removed","%ASA-3-713274: Group = groupname, Username = username, IP = peerIP Could not delete static route for client address: IP_Address IP_Address address of client whose route is being removed","While a tunnel to an IPsec client was being removed, its entry in the routing table could not be removed. This condition may indicate a networking or software problem.","Check the routing table to make sure that the route does not exist. If it does, it may need to be removed manually, but only if the tunnel has been closed successfully.","3","Error","65","vpn","ipsec"
+"%ASA-3-713275","713275","IKEv1 Unsupported certificate keytype %s found at trustpoint %s","%ASA-3-713275: IKEv1 Unsupported certificate keytype %s found at trustpoint %s","This syslog is displayed for ikev1 when certificate key type is not of type ECDSA. Ensure that certificates of valid KEY type is installed on the GW.","None required.","3","Error","5","vpn","ipsec"
+"%ASA-3-713276","713276","IP = IP_address Dropping new negotiation - IKEv1 in-negotiation context limit of %u reached","%ASA-3-713276: IP = IP_address Dropping new negotiation - IKEv1 in-negotiation context limit of %u reached","This syslog message is displayed for ikev1 in multi context when maximum in negotiation limit is reached.","None required.","3","Error","85","vpn","ipsec"
+"%ASA-1-713900","713900","Descriptive_event_string.","%ASA-1-713900: Descriptive_event_string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","1","Alert","75","vpn","ipsec"
+"%ASA-2-713901","713901","Descriptive_text_string.","%ASA-2-713901: Descriptive_text_string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","2","Critical","85","vpn","ipsec"
+"%ASA-3-713902","713902","Descriptive_event_string.","%ASA-3-713902: Descriptive_event_string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","vpn","ipsec"
+"%ASA-4-713903","713903","Group = group policy, Username = user name, IP = remote IP, ERROR: Failed to","%ASA-4-713903: Group = group policy, Username = user name, IP = remote IP, ERROR: Failed to","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","55","vpn","ipsec"
+"%ASA-5-713904","713904","Descriptive_event_string.","%ASA-5-713904: Descriptive_event_string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","vpn","ipsec"
+"%ASA-6-713905","713905","Descriptive_event_string.","%ASA-6-713905: Descriptive_event_string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","vpn","ipsec"
+"%ASA-7-713906","713906","Descriptive_event_string.","%ASA-7-713906: Descriptive_event_string.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","7","Debugging","5","vpn","ipsec"
+"%ASA-7-714001","714001","description_of_event_or_packet","%ASA-7-714001: description_of_event_or_packet","A description of an IKE protocol event or packet was provided.","None required.","7","Debugging","5","network","general"
+"%ASA-7-714002","714002","Group = groupname, Username = username, IP = IP_address IKE Initiator starting QM: msg id = message_number","%ASA-7-714002: Group = groupname, Username = username, IP = IP_address IKE Initiator starting QM: msg id = message_number","The Secure Firewall ASA has sent the first packet of the Quick mode exchange as the Phase 2 initiator.","None required.","7","Debugging","5","network","general"
+"%ASA-7-714003","714003","IP = IP_address IKE Responder starting QM: msg id = message_number","%ASA-7-714003: IP = IP_address IKE Responder starting QM: msg id = message_number","The Secure Firewall ASA has received the first packet of the Quick mode exchange as the Phase 2 responder.","None required.","7","Debugging","5","network","general"
+"%ASA-7-714004","714004","Group = groupname, Username = username, IP = IP_address IKE Initiator sending 1st QM pkt: msg id = message_number","%ASA-7-714004: Group = groupname, Username = username, IP = IP_address IKE Initiator sending 1st QM pkt: msg id = message_number","The protocol of the first Quick Mode packet was decoded.","None required.","7","Debugging","5","network","general"
+"%ASA-7-714005","714005","Group = groupname, Username = username, IP = IP_address IKE Responder sending 2nd QM pkt: msg id = message_number","%ASA-7-714005: Group = groupname, Username = username, IP = IP_address IKE Responder sending 2nd QM pkt: msg id = message_number","The protocol of the second Quick Mode packet was decoded.","None required.","7","Debugging","5","network","general"
+"%ASA-7-714006","714006","Group = groupname, Username = username, IP = IP_address IKE Initiator sending 3rd QM pkt: msg id = message_number","%ASA-7-714006: Group = groupname, Username = username, IP = IP_address IKE Initiator sending 3rd QM pkt: msg id = message_number","The protocol of the third Quick Mode packet was decoded.","None required.","7","Debugging","5","network","general"
+"%ASA-7-714007","714007","IKE Initiator sending Initial Contact","%ASA-7-714007: IKE Initiator sending Initial Contact","The Secure Firewall ASA is building and sending the initial contact payload.","None required.","7","Debugging","5","network","general"
+"%ASA-7-714011","714011","Group = groupname, Username = username, IP = IP_address Description of received ID values","%ASA-7-714011: Group = groupname, Username = username, IP = IP_address Description of received ID values","The Secure Firewall ASA received the displayed ID information during the negotiation.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715001","715001","Descriptive statement","%ASA-7-715001: Descriptive statement","A description of an event or problem encountered by the Secure Firewall ASA appears.","The action depends on the description.","7","Debugging","5","network","general"
+"%ASA-7-715004","715004","subroutine name () Q Send failure: RetCode (return_code )","%ASA-7-715004: subroutine name () Q Send failure: RetCode (return_code )","An internal error occurred when attempting to put messages in a queue.","This is often a benign condition. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-715005","715005","subroutine name() Bad message code: Code (message_code )","%ASA-7-715005: subroutine name() Bad message code: Code (message_code )","An internal subroutine received a bad message code.","This is often a benign condition. If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715006","715006","Group = groupname, Username = username, IP = IP_address IKE got SPI from key engine: SPI = SPI_value","%ASA-7-715006: Group = groupname, Username = username, IP = IP_address IKE got SPI from key engine: SPI = SPI_value","The IKE subsystem received an SPI value from IPsec.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715007","715007","Group = groupname, Username = username, IP = IP_address IKE got a KEY_ADD msg for SA: SPI = SPI_value","%ASA-7-715007: Group = groupname, Username = username, IP = IP_address IKE got a KEY_ADD msg for SA: SPI = SPI_value","IKE has completed tunnel negotiation and has successfully loaded the appropriate encryption and hashing keys for IPsec use.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715008","715008","Could not delete SA SA_address, refCnt = number, caller = calling_subroutine_address","%ASA-7-715008: Could not delete SA SA_address, refCnt = number, caller = calling_subroutine_address","The calling subroutine cannot delete the IPsec SA. This might indicate a reference count problem.","If the number of stale SAs grows as a result of this event, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715009","715009","Group = groupname, Username = username, IP = IP_address IKE Deleting SA: Remote Proxy IP_address, Local Proxy IP_address","%ASA-7-715009: Group = groupname, Username = username, IP = IP_address IKE Deleting SA: Remote Proxy IP_address, Local Proxy IP_address","SA is being deleted with the listed proxy addresses.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715013","715013","Group = groupname, Username = username, IP = IP_address Tunnel negotiation in progress for destination IP_address, discarding data","%ASA-7-715013: Group = groupname, Username = username, IP = IP_address Tunnel negotiation in progress for destination IP_address, discarding data","IKE is in the process of establishing a tunnel for this data. All packets to be protected by this tunnel will be dropped until the tunnel is fully established.","None required.","7","Debugging","25","network","general"
+"%ASA-7-715018","715018","Group = groupname, Username = username, IP = IP_address IP Range type id was loaded: Direction %s, From: %a, Through: %a","%ASA-7-715018: Group = groupname, Username = username, IP = IP_address IP Range type id was loaded: Direction %s, From: %a, Through: %a","This syslog message is generated while updating IPSEC SA details.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715019","715019","Group = group, Username = username, IP = ip Group group Username username IP ip IKEGetUserAttributes: Attribute name = name","%ASA-7-715019: Group = group, Username = username, IP = ip Group group Username username IP ip IKEGetUserAttributes: Attribute name = name","The modecfg attribute name and value pair being processed by the Secure Firewall ASA appear.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715020","715020","Group = group, Username = username, IP = ip construct_cfg_set: Attribute name = name","%ASA-7-715020: Group = group, Username = username, IP = ip construct_cfg_set: Attribute name = name","The modecfg attribute name and value pair being transmitted by the Secure Firewall ASA appear.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715021","715021","Group = group, Username = username, IP = ip Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress","%ASA-7-715021: Group = group, Username = username, IP = ip Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress","Quick mode processing is being delayed until all Phase 1 processing has been completed (for transaction mode).","None required.","7","Debugging","5","network","general"
+"%ASA-7-715022","715022","Group = group, Username = username, IP = ip Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed","%ASA-7-715022: Group = group, Username = username, IP = ip Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed","Phase 1 processing has completed, and quick mode is being resumed.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715027","715027","Group = group, Username = username, IP = ip IPsec SA Proposal # chosen_proposal, Transform # chosen_transform acceptable Matches global IPsec SA entry # crypto_map_index","%ASA-7-715027: Group = group, Username = username, IP = ip IPsec SA Proposal # chosen_proposal, Transform # chosen_transform acceptable Matches global IPsec SA entry # crypto_map_index","The indicated IPsec SA proposal and transform were selected from the payloads that the responder received. This data can be useful when attempting to debug IKE negotiation issues.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715028","715028","Group = group, Username = username, IP = ip IKE SA Proposal # 1, Transform # chosen_transform acceptable Matches global IKE entry # crypto_map_index","%ASA-7-715028: Group = group, Username = username, IP = ip IKE SA Proposal # 1, Transform # chosen_transform acceptable Matches global IKE entry # crypto_map_index","The indicated IKE SA transform was selected from the payloads that the responder received. This data can be useful when attempting to debug IKE negotiation issues.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715031","715031","Obtained IP addr (%s) prior to initiating Mode Cfg (XAuth %s)","%ASA-7-715031: Obtained IP addr (%s) prior to initiating Mode Cfg (XAuth %s)","This syslog is generated when the IP address is assigned by the IP util subsystem.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715032","715032","Sending subnet mask (%s) to remote client","%ASA-7-715032: Sending subnet mask (%s) to remote client","This syslog is generated when the IP address is assigned by the IP util subsystem.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715033","715033","Group = group, Username = username, IP = ip Processing CONNECTED notify (MsgId message_number )","%ASA-7-715033: Group = group, Username = username, IP = ip Processing CONNECTED notify (MsgId message_number )","The Secure Firewall ASA is processing a message containing a notify payload with the notify type CONNECTED (16384). The CONNECTED notify type is used to complete the commit bit processing and should be included in the fourth overall quick mode packet, which is sent from the responder to the initiator.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715034","715034","IP = ip action IOS keep alive payload: proposal=time 1 /time 2 sec.","%ASA-7-715034: IP = ip action IOS keep alive payload: proposal=time 1 /time 2 sec.","Processing for sending or receiving a keepalive payload message is being performed.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715035","715035","IP = ip Starting IOS keepalive monitor: seconds sec.","%ASA-7-715035: IP = ip Starting IOS keepalive monitor: seconds sec.","The keepalive timer will monitor for a variable number of seconds for keepalive messages.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715036","715036","Group = group, Username = username, IP = ip Sending keep-alive of type notify_type (seq number number )","%ASA-7-715036: Group = group, Username = username, IP = ip Sending keep-alive of type notify_type (seq number number )","Processing for sending a keepalive notify message is being performed.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715037","715037","Group = group, Username = username, IP = ip Unknown IOS Vendor ID version: major.minor.variance","%ASA-7-715037: Group = group, Username = username, IP = ip Unknown IOS Vendor ID version: major.minor.variance","The capabilities of this version of the Cisco IOS are not known.","There may be interoperability issues with features such as IKE keepalives. If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715038","715038","Group = group, Username = username, IP = ip action Spoofing_information Vendor ID payload (version: major.minor.variance, capabilities: value )","%ASA-7-715038: Group = group, Username = username, IP = ip action Spoofing_information Vendor ID payload (version: major.minor.variance, capabilities: value )","Processing for the Cisco IOS vendor ID payload has been performed. The action being performed might be Altiga spoofing the Cisco IOS.","None required.","7","Debugging","25","network","general"
+"%ASA-7-715039","715039","Group = group, Username = username, IP = ip Unexpected cleanup of tunnel table entry during SA delete.","%ASA-7-715039: Group = group, Username = username, IP = ip Unexpected cleanup of tunnel table entry during SA delete.","An entry in the IKE tunnel table was never removed when the SA was freed. This indicates a defect in the state machine.","If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715040","715040","Deleting active auth handle during SA deletion: handle = internal_authentication_handle","%ASA-7-715040: Deleting active auth handle during SA deletion: handle = internal_authentication_handle","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715041","715041","Group = group, Username = username, IP = ip Received keep-alive of type keepalive_type, not the negotiated type","%ASA-7-715041: Group = group, Username = username, IP = ip Received keep-alive of type keepalive_type, not the negotiated type","A keepalive of the type indicated in the message was received unexpectedly.","Check the keepalive configuration on both peers.","7","Debugging","5","network","general"
+"%ASA-7-715042","715042","Group = group, Username = username, IP = ip IKE received response of type failure_type to a request from the IP_address utility","%ASA-7-715042: Group = group, Username = username, IP = ip IKE received response of type failure_type to a request from the IP_address utility","A request for an IP address for a remote access client from the internal utility that provides these addresses cannot be satisfied. Variable text in the message string indicates more specifically what went wrong.","Check the IP address assignment configuration and adjust accordingly.","7","Debugging","5","network","general"
+"%ASA-7-715044","715044","IP = ip Ignoring Keepalive payload from vendor not support KeepAlive capability","%ASA-7-715044: IP = ip Ignoring Keepalive payload from vendor not support KeepAlive capability","A Cisco IOS keepalive payload from a vendor was received without keepalive capabilities being set. The payload is ignored.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715045","715045","ERROR: malformed Keepalive payload","%ASA-7-715045: ERROR: malformed Keepalive payload","A malformed keepalive payload has been received. The payload is ignored.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715046","715046","Group = groupname, Username = username, IP = IP_address Group = groupname, Username = username, IP = IP_address, constructing payload_description payload","%ASA-7-715046: Group = groupname, Username = username, IP = IP_address Group = groupname, Username = username, IP = IP_address, constructing payload_description payload","An IP address from a remote client for a specific group and user shows details about the IKE payload being constructed.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715047","715047","Group = groupname, Username = username, IP = IP_address processing payload_description payload","%ASA-7-715047: Group = groupname, Username = username, IP = IP_address processing payload_description payload","Details of the IKE payload received and being processed appear.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715048","715048","Group = groupname, Username = username, IP = IP_address Send VID_type VID","%ASA-7-715048: Group = groupname, Username = username, IP = IP_address Send VID_type VID","The type of vendor ID payload being sent appears.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715049","715049","Group = groupname, Username = username, IP = IP_address Received VID_type VID","%ASA-7-715049: Group = groupname, Username = username, IP = IP_address Received VID_type VID","The type of vendor ID payload received appears.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715050","715050","Group = groupname, Username = username, IP = IP_address Claims to be IOS but failed authentication","%ASA-7-715050: Group = groupname, Username = username, IP = IP_address Claims to be IOS but failed authentication","The vendor ID received looks like a Cisco IOS VID, but does not match hmac_sha.","Check the vendor ID configuration on both peers. If this issue affects interoperability and the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715051","715051","IP = IP_address Received unexpected TLV type TLV_type while processing FWTYPE ModeCfg Reply","%ASA-7-715051: IP = IP_address Received unexpected TLV type TLV_type while processing FWTYPE ModeCfg Reply","An unknown TLV was received in an Secure Firewall ASA record while an FWTYPE ModeCfg Reply was being processed. The TLV will be discarded. This might occur either because of packet corruption or because the connecting client supports a later version of the Secure Firewall ASA protocol.","Check the personal FW installed on the Cisco VPN client and the personal firewall configuration on the Secure Firewall ASA. This may also indicate a version mismatch between the VPN client and the Secure Firewall ASA.","7","Debugging","35","network","general"
+"%ASA-7-715052","715052","Group = groupname, Username = username, IP = IP_address Old P1 SA is being deleted but new SA is DEAD, cannot transition centries","%ASA-7-715052: Group = groupname, Username = username, IP = IP_address Old P1 SA is being deleted but new SA is DEAD, cannot transition centries","The old P1 SA is being deleted, but has no new SA to transition to because it was marked for deletion as well. This generally indicates that the two IKE peers are out-of-sync with each other and may be using different rekey times. The problem should correct itself, but there may be some small amount of data loss until a fresh P1 SA is reestablished.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715053","715053","Group = groupname, Username = username, IP = IP_address MODE_CFG: Received request for attribute_info !","%ASA-7-715053: Group = groupname, Username = username, IP = IP_address MODE_CFG: Received request for attribute_info !","The Secure Firewall ASA received a mode configuration message requesting the specified attribute.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715054","715054","MODE_CFG: Received attribute_name reply: value","%ASA-7-715054: MODE_CFG: Received attribute_name reply: value","The Secure Firewall ASA received a mode configuration reply message from the remote peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715055","715055","Group = groupname, Username = username, IP = IP_address Send attribute_name","%ASA-7-715055: Group = groupname, Username = username, IP = IP_address Send attribute_name","The Secure Firewall ASA sent a mode configuration message to the remote peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715056","715056","Group = groupname, Username = username, IP = IP_address Client is configured for TCP_transparency","%ASA-7-715056: Group = groupname, Username = username, IP = IP_address Client is configured for TCP_transparency","Because the remote end (client) is configured for IPsec over TCP, the headend Secure Firewall ASA must not negotiate IPsec over UDP or IPsec over NAT-T with the client.","The NAT transparency configuration may require adjustment of one of the peers if the tunnel does not come up.","7","Debugging","5","network","general"
+"%ASA-7-715057","715057","Group = groupname, Username = username, IP = IP_address Auto-detected a NAT device with NAT-Traversal. Ignoring IPsec-over-UDP configuration.","%ASA-7-715057: Group = groupname, Username = username, IP = IP_address Auto-detected a NAT device with NAT-Traversal. Ignoring IPsec-over-UDP configuration.","IPsec-over-UDP mode configuration information will not be exchanged because NAT-Traversal was detected.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715058","715058","Group = groupname, Username = username, IP = IP_address NAT-Discovery payloads missing. Aborting NAT-Traversal.","%ASA-7-715058: Group = groupname, Username = username, IP = IP_address NAT-Discovery payloads missing. Aborting NAT-Traversal.","The remote end did not provide NAT-Discovery payloads required for NAT-Traversal after exchanging NAT-Traversal VIDs. At least two NAT-Discovery payloads must be received.","This may indicate a nonconforming NAT-T implementation. If the offending peer is a Cisco product and the problem persists, contact the Cisco TAC. If the offending peer is not a Cisco product, then contact the manufacturer support team.","7","Debugging","5","network","general"
+"%ASA-7-715059","715059","Group = groupname, Username = username, IP = IP_address Proposing/Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal","%ASA-7-715059: Group = groupname, Username = username, IP = IP_address Proposing/Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal","You need to use these modes instead of the usual transport and tunnel modes defined in the SA to successfully negotiate NAT-Traversal.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715060","715060","Group = groupname, Username = username, IP = IP_address Dropped received IKE fragment. Reason: reason","%ASA-7-715060: Group = groupname, Username = username, IP = IP_address Dropped received IKE fragment. Reason: reason","The reason for dropping the fragment appears.","The recommended action depends on the drop reason, but might indicate a problem with an intervening NAT device or a nonconforming peer.","7","Debugging","25","network","general"
+"%ASA-7-715061","715061","Group = groupname, Username = username, IP = IP_address Rcv'd fragment from a new fragmentation set. Deleting any old fragments.","%ASA-7-715061: Group = groupname, Username = username, IP = IP_address Rcv'd fragment from a new fragmentation set. Deleting any old fragments.","A resend of the same packet occurred, but fragmented to a different MTU, or another packet altogether.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715062","715062","Group = groupname, Username = username, IP = IP_address Error assembling fragments! Fragment numbers are non-continuous.","%ASA-7-715062: Group = groupname, Username = username, IP = IP_address Error assembling fragments! Fragment numbers are non-continuous.","There is a gap in fragment numbers.","This might indicate a network problem. If the condition persists and results in dropped tunnels or prevents certain peers from negotiating with the Secure Firewall ASA, contact the Cisco TAC.","7","Debugging","25","network","general"
+"%ASA-7-715063","715063","Group = groupname, Username = username, IP = IP_address Successfully assembled an encrypted pkt from rcv'd fragments!","%ASA-7-715063: Group = groupname, Username = username, IP = IP_address Successfully assembled an encrypted pkt from rcv'd fragments!","Assembly for a fragmented packet that was received was successful.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715064","715064","IKE Peer included IKE fragmentation capability flags: Main Mode: true /false Aggressive Mode: true /false","%ASA-7-715064: IKE Peer included IKE fragmentation capability flags: Main Mode: true /false Aggressive Mode: true /false","The peer supports IKE fragmentation based on the information provided in the message.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715065","715065","Group = groupname, Username = username, IP = IP_address IKE state_machine subtype FSM error history (struct data_structure_address ) state, event : state /event pairs","%ASA-7-715065: Group = groupname, Username = username, IP = IP_address IKE state_machine subtype FSM error history (struct data_structure_address ) state, event : state /event pairs","A Phase 1 error occurred and the state, event history pairs will be displayed in reverse chronological order.","Most of these errors are benign. If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715066","715066","Group = groupname, Username = username, IP = IP_address Can't load an IPsec SA! The corresponding IKE SA contains an invalid logical ID.","%ASA-7-715066: Group = groupname, Username = username, IP = IP_address Can't load an IPsec SA! The corresponding IKE SA contains an invalid logical ID.","The logical ID in the IKE SA is NULL. The Phase II negotiation will be torn down.","An internal error has occurred. If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715067","715067","QM IsRekeyed: existing sa from different peer, rejecting new sa","%ASA-7-715067: QM IsRekeyed: existing sa from different peer, rejecting new sa","The LAN-TO-LAN SA that is being established already exists, that is, an SA with the same remote network, but is sourced from a different peer. This new SA will be deleted, because this is not a legal configuration.","Check the LAN-TO-LAN configuration on all associated peers. Specifically, multiple peers should not be sharing private networks.","7","Debugging","5","network","general"
+"%ASA-7-715068","715068","Group = groupname, Username = username, IP = IP_address QM IsRekeyed: duplicate sa found by address, deleting old sa","%ASA-7-715068: Group = groupname, Username = username, IP = IP_address QM IsRekeyed: duplicate sa found by address, deleting old sa","The remote access SA that is being established already exists, that is, an SA with the same remote network, but is sourced from a different peer. The old SA will be deleted, because the peer may have changed its IP address.","This may be a benign condition, especially if a client tunnel was terminated abruptly. If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715069","715069","Group = groupname, Username = username, IP = IP_address Invalid ESP SPI size of SPI_size","%ASA-7-715069: Group = groupname, Username = username, IP = IP_address Invalid ESP SPI size of SPI_size","The Secure Firewall ASA received an IPsec SA proposal with an invalid ESP SPI size. This proposal will be skipped.","Generally, this is a benign condition but might indicate that a peer may be nonconforming. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-715070","715070","Group = groupname, Username = username, IP = IP_address Invalid IPComp SPI size of SPI_size","%ASA-7-715070: Group = groupname, Username = username, IP = IP_address Invalid IPComp SPI size of SPI_size","The Secure Firewall ASA received an IPsec SA proposal with an invalid IPComp SPI size. This proposal will be skipped.","Generally, this is a benign condition but might indicate that a peer is nonconforming. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-715071","715071","Group = groupname, Username = username, IP = IP_address AH proposal not supported","%ASA-7-715071: Group = groupname, Username = username, IP = IP_address AH proposal not supported","The IPsec AH proposal is not supported. This proposal will be skipped.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715072","715072","Group = groupname, Username = username, IP = IP_address Received proposal with unknown protocol ID protocol_ID","%ASA-7-715072: Group = groupname, Username = username, IP = IP_address Received proposal with unknown protocol ID protocol_ID","The Secure Firewall ASA received an IPsec SA proposal with an unknown protocol ID. This proposal will be skipped.","Generally, this is a benign condition, but might indicate that a peer is nonconforming. If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715074","715074","Group = groupname, Username = username, IP = IP_address Could not retrieve authentication attributes for peer IP_address","%ASA-7-715074: Group = groupname, Username = username, IP = IP_address Could not retrieve authentication attributes for peer IP_address","The Secure Firewall ASA cannot get authorization information for the remote user.","Make sure that authentication and authorization settings have been configured correctly. If the problem persists, contact the Cisco TAC.","7","Debugging","5","network","general"
+"%ASA-7-715075","715075","Group = group_name, Username = username, IP = IP_address Group = group_name, IP = IP_address Received keep-alive of type message_type (seq number number )","%ASA-7-715075: Group = group_name, Username = username, IP = IP_address Group = group_name, IP = IP_address Received keep-alive of type message_type (seq number number )","This message is paired with DPD R-U-THERE message 715036, which logs the DPD sending messages. • group_name—The VPN group name of the peer • IP_address—IP address of the VPN peer • message_type—The message type (DPD R-U-THERE or DPD R-U-THERE-ACK) • number—The DPD sequence number Two possible cases: • Received peer sending DPD R-U-THERE message • Received peer reply DPD R-U-THERE-ACK message Be aware of the following: • The DPD R-U-THERE message is received and its sequence number matches the outgoing DPD reply messages. If the Secure Firewall ASA sends a DPD R-U-THERE-ACK message without first receiving a DPD R-U-THERE message from the peer, it is likely experiencing a security breech. • The received DPD R-U-THERE-ACK message's sequence number is matched with previously sent DPD messages. If the Secure Firewall ASA did not receive a DPD R-U-THERE-ACK message within a reasonable amount of time after sending a DPD R-U-THERE message to the peer, the tunnel is most likely down.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715076","715076","Group = group_name, Username = username, IP = IP_address Computing hash for ISAKMP","%ASA-7-715076: Group = group_name, Username = username, IP = IP_address Computing hash for ISAKMP","IKE computed various hash values. This object will be prepended as follows: Group = >groupname , Username = >username , IP = >ip_address ...","None required.","7","Debugging","5","network","general"
+"%ASA-7-715077","715077","Pitcher: msg string, spi spi","%ASA-7-715077: Pitcher: msg string, spi spi","Various messages have been sent to IKE. msg_string can be one of the following: • Received a key acquire message • Received SPI for nonexistent SA • Received key delete msg • Received KEY_UPDATE • Received KEY_REKEY_IB • Received KEY_REKEY_OB • Received KEY_SA_ACTIVE • Could not find IKE SA to activate IPSEC (OB) • Could not find IKE SA to rekey IPSEC (OB) • KEY_SA_ACTIVE no centry found • KEY_ADD centry not found • KEY_UPDATE centry not found This object will be prepended as follows: Group = >groupname , Username = >username , IP = >ip_address ,...","None required.","7","Debugging","5","network","general"
+"%ASA-7-715078","715078","Group = group_name, Username = username, IP = IP_address Received %s LAM attribute","%ASA-7-715078: Group = group_name, Username = username, IP = IP_address Received %s LAM attribute","This syslog is generated during parsing of challenge/response payload.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715079","715079","Group = group_name, Username = username, IP = IP_address INTERNAL_ADDRESS: Received request for %s","%ASA-7-715079: Group = group_name, Username = username, IP = IP_address INTERNAL_ADDRESS: Received request for %s","This syslog is generated during processing of internal address payload.","None required.","7","Debugging","5","network","general"
+"%ASA-7-715080","715080","Group = group_name, Username = username, IP = IP_address VPN: Starting P2 rekey timer: 28800 seconds.","%ASA-7-715080: Group = group_name, Username = username, IP = IP_address VPN: Starting P2 rekey timer: 28800 seconds.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","None required.","7","Debugging","5","network","general"
+"%ASA-6-716001","716001","Group group User user IP ip WebVPN session started.","%ASA-6-716001: Group group User user IP ip WebVPN session started.","The WebVPN session has started for the user in this group at the specified IP address. When the user logs in via the WebVPN login page, the WebVPN session starts.","None required.","6","Informational","5","vpn","webvpn"
+"%ASA-6-716002","716002","Group GroupPolicy User username IP ip WebVPN session terminated: User_Requested.","%ASA-6-716002: Group GroupPolicy User username IP ip WebVPN session terminated: User_Requested.","The WebVPN session has been terminated by a user request. Possible reasons include: • Lost carrier • Lost service • Idle timeout • Max time exceeded • Administrator reset • Administrator reboot • Administrator shutdown • Port error • NAS error • NAS request • NAS reboot • Port unneeded • Port preempted. This reason indicates that the allowed number of simultaneous (same user) logins has been exceeded. To resolve this problem, increase the number of simultaneous logins or have users only log in once with a given username and password. • Port suspended • Service unavailable • Callback • User error • Host requested • Bandwidth management error • ACL parse error • VPN simultaneous logins limit specified in the group policy • Unknown","Unless the reason indicates a problem, then no action is required.","6","Informational","25","vpn","webvpn"
+"%ASA-6-716003","716003","Group group User user IP ip WebVPN access GRANTED: url://string/string","%ASA-6-716003: Group group User user IP ip WebVPN access GRANTED: url://string/string","The WebVPN user in this group at the specified IP address has been granted access to this URL. The user access to various locations can be controlled using WebVPN-specific ACLs.","None required.","6","Informational","5","vpn","webvpn"
+"%ASA-6-716004","716004","Group group User user IP ip WebVPN access DENIED to specified location: url://string/string","%ASA-6-716004: Group group User user IP ip WebVPN access DENIED to specified location: url://string/string","The WebVPN user in this group has been denied access to this URL. The WebVPN user access to various locations can be controlled using WebVPN-specific ACLs. In this case, a particular entry is denying access to this URL.","None required.","6","Informational","35","vpn","webvpn"
+"%ASA-6-716005","716005","Group group User user IP ip WebVPN ACL Parse Error: reason string","%ASA-6-716005: Group group User user IP ip WebVPN ACL Parse Error: reason string","The ACL for the WebVPN user in the specified group failed to parse correctly.","Correct the WebVPN ACL.","6","Informational","25","vpn","webvpn"
+"%ASA-6-716006","716006","Group name User user IP iP WebVPN session not allowed. WebVPN protocol is disabled for this user.","%ASA-6-716006: Group name User user IP iP WebVPN session not allowed. WebVPN protocol is disabled for this user.","The WebVPN session was not created for the user in the specified group because the VPN tunnel protocol is not set to WebVPN.","None required.","6","Informational","5","vpn","webvpn"
+"%ASA-4-716007","716007","Group group User user IP IP WebVPN Unable to create session.","%ASA-4-716007: Group group User user IP IP WebVPN Unable to create session.","The WebVPN session was not created for the user in the specified group because of resource issues. For example, the user may have reached the maximum login limit.","None required.","4","Warning","5","vpn","webvpn"
+"%ASA-7-716008","716008","WebVPN ACL: action string","%ASA-7-716008: WebVPN ACL: action string","The WebVPN ACL has begun performing an action (for example, begin parsing).","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-6-716009","716009","Group group User user IP IP WebVPN session not allowed. ACL parse error.","%ASA-6-716009: Group group User user IP IP WebVPN session not allowed. ACL parse error.","The WebVPN session for the specified user in this group is not allowed because the associated ACL did not parse. The user will not be allowed to log in via WebVPN until this error has been corrected.","Correct the WebVPN ACL.","6","Informational","15","vpn","webvpn"
+"%ASA-7-716010","716010","Group group User user IP ip Browse network.","%ASA-7-716010: Group group User user IP ip Browse network.","The WebVPN user in the specified group browsed the network.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716011","716011","Group group User user IP ip Browse domain domain.","%ASA-7-716011: Group group User user IP ip Browse domain domain.","The WebVPN specified user in this group browsed the specified domain.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716012","716012","Group group User user IP ip Browse directory directory.","%ASA-7-716012: Group group User user IP ip Browse directory directory.","The specified WebVPN user browsed the specified directory.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716013","716013","Group group User user IP ip Close file filename.","%ASA-7-716013: Group group User user IP ip Close file filename.","The specified WebVPN user closed the specified file.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716014","716014","Group group User user IP ip View file filename.","%ASA-7-716014: Group group User user IP ip View file filename.","The specified WebVPN user viewed the specified file.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716015","716015","Group group User user IP ip Remove file filename.","%ASA-7-716015: Group group User user IP ip Remove file filename.","The WebVPN user in the specified group removed the specified file.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716016","716016","Group group User user IP ip Rename file old_filename to new_filename.","%ASA-7-716016: Group group User user IP ip Rename file old_filename to new_filename.","The specified WebVPN user renamed the specified file.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716017","716017","Group group User user IP ip Modify file filename.","%ASA-7-716017: Group group User user IP ip Modify file filename.","The specified WebVPN user modified the specified file.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716018","716018","Group group User user IP ip Create file filename.","%ASA-7-716018: Group group User user IP ip Create file filename.","The specified WebVPN user created the specified file.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716019","716019","Group group User user IP ip Create directory directory.","%ASA-7-716019: Group group User user IP ip Create directory directory.","The specified WebVPN user created the specified directory.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716020","716020","Group group User user IP ip Remove directory directory.","%ASA-7-716020: Group group User user IP ip Remove directory directory.","The specified WebVPN user removed the specified directory.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716021","716021","File access DENIED, filename.","%ASA-7-716021: File access DENIED, filename.","The specified WebVPN user was denied access to the specified file.","None required.","7","Debugging","25","vpn","webvpn"
+"%ASA-4-716022","716022","Unable to connect to proxy server reason.","%ASA-4-716022: Unable to connect to proxy server reason.","The WebVPN HTTP/HTTPS redirect failed for the specified reason.","Check the HTTP/HTTPS proxy configuration.","4","Warning","55","vpn","webvpn"
+"%ASA-4-716023","716023","Group name User user IP ip Session could not be established: session limit of maximum_sessions reached.","%ASA-4-716023: Group name User user IP ip Session could not be established: session limit of maximum_sessions reached.","The user session cannot be established because the current number of sessions exceeds the maximum session load.","Increase the configured limit, if possible, to create a load-balanced cluster.","4","Warning","45","vpn","webvpn"
+"%ASA-7-716024","716024","Group name User user IP ip Unable to browse the network.Error: description","%ASA-7-716024: Group name User user IP ip Unable to browse the network.Error: description","The user was unable to browse the Windows network using the CIFS protocol, as indicated by the description. For example, “Unable to contact necessary server” indicates that the remote server is unavailable or unreachable. This might be a transient condition or may require further troubleshooting.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716025","716025","Group name User user IP ip Unable to browse domain domain.Error: description","%ASA-7-716025: Group name User user IP ip Unable to browse domain domain.Error: description","The user was unable to browse the remote domain using the CIFS protocol.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Check the NetBIOS name server configuration on the Secure Firewall ASA.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716026","716026","Group name User user IP ip Unable to browse directory directory.Error: description","%ASA-7-716026: Group name User user IP ip Unable to browse directory directory.Error: description","The user was unable to browse the remote directory using the CIFS protocol.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716027","716027","Group name User user IP ip Unable to view file filename.Error: description.","%ASA-7-716027: Group name User user IP ip Unable to view file filename.Error: description.","The user was unable to view the remote file using the CIFS protocol.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716028","716028","Group name User user IP ip Unable to remove file filename.Error: description","%ASA-7-716028: Group name User user IP ip Unable to remove file filename.Error: description","The user was unable to remove the remote file using the CIFS protocol, probably caused by a lack of file permissions.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA and the file permissions.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716029","716029","Group name User user IP ip Unable to rename file filename.Error: description","%ASA-7-716029: Group name User user IP ip Unable to rename file filename.Error: description","The user was unable to rename the remote file using the CIFS protocol, probably caused by lack of file permissions.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA and the file permissions.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716030","716030","Group name User user IP ip Unable to modify file filename.Error: description","%ASA-7-716030: Group name User user IP ip Unable to modify file filename.Error: description","A problem occurred when a user attempted to modify an existing file using the CIFS protocol, probably caused by a lack of file permissions.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA and the file permissions.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716031","716031","Group name User user IP ip Unable to create file filename.Error: description","%ASA-7-716031: Group name User user IP ip Unable to create file filename.Error: description","A problem occurred when a user attempted to create a file using the CIFS protocol, probably caused by a file permissions problem.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA and the file permissions.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716032","716032","Group name User user IP ip Unable to create folder folder.Error: description","%ASA-7-716032: Group name User user IP ip Unable to create folder folder.Error: description","A problem occurred when a user attempted to create a folder using the CIFS protocol, probably caused by a file permissions problem.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA and the file permissions.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716033","716033","Group name User user IP ip Unable to remove folder folder.Error: description","%ASA-7-716033: Group name User user IP ip Unable to remove folder folder.Error: description","A problem occurred when a user of the CIFS protocol attempted to remove a folder, which probably occurred because of a permissions problem or a problem communicating with the server on which the file resides.","Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall ASA.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716034","716034","Group name User user IP ip Unable to write to file filename.","%ASA-7-716034: Group name User user IP ip Unable to write to file filename.","A problem occurred when a user attempted to write to a file using the CIFS protocol, probably caused by a permissions problem or a problem communicating with the server on which the file resides.","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716035","716035","Group name User user IP ip Unable to read file filename.","%ASA-7-716035: Group name User user IP ip Unable to read file filename.","A problem occurred when a user of the CIFS protocol tried to read a file, probably caused by a file permissions problem.","Check the file permissions.","7","Debugging","15","vpn","webvpn"
+"%ASA-7-716036","716036","Group name User user IP ip File Access: User user logged into the server server.","%ASA-7-716036: Group name User user IP ip File Access: User user logged into the server server.","A user successfully logged into the server using the CIFS protocol","None required.","7","Debugging","5","vpn","webvpn"
+"%ASA-7-716037","716037","Group name User user IP ip File Access: User user failed to login into the server server.","%ASA-7-716037: Group name User user IP ip File Access: User user failed to login into the server server.","A user attempted to log in to a server using the CIFS protocol, but was unsuccessful.","Verify that the user entered the correct username and password.","7","Debugging","25","vpn","webvpn"
+"%ASA-6-716038","716038","Group group User user IP ip Authentication: successful, Session Type: WebVPN.","%ASA-6-716038: Group group User user IP ip Authentication: successful, Session Type: WebVPN.","Before a WebVPN session can start, the user must be authenticated successfully by a local or remote server (for example, RADIUS or TACACS+).","None required.","6","Informational","5","vpn","webvpn"
+"%ASA-6-716039","716039","Group name User user IP ip Authentication: rejected, Session Type: session-type.","%ASA-6-716039: Group name User user IP ip Authentication: rejected, Session Type: session-type.","Before a WebVPN session starts, the user must be authenticated successfully by a local or remote server (for example, RADIUS or TACACS+). In this case, the user credentials (username and password) either did not match, or the user does not have permission to start a WebVPN session. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured. • %s—The session type, which can be either WebVPN or admin","Verify the user credentials on the local or remote server and that WebVPN is configured for the user.","6","Informational","35","vpn","webvpn"
+"%ASA-6-716040","716040","Reboot pending, new sessions disabled. Denied user login.","%ASA-6-716040: Reboot pending, new sessions disabled. Denied user login.","A user was unable to log in to WebVPN because the Secure Firewall ASA is in the process of rebooting. • user—The session user","None required.","6","Informational","45","vpn","webvpn"
+"%ASA-6-716041","716041","access-list acl_ID action url url hit-cnt count","%ASA-6-716041: access-list acl_ID action url url hit-cnt count","The WebVPN URL named acl_ID has been hit count times for location url, whose action is permitted or denied.","None required.","6","Informational","35","vpn","webvpn"
+"%ASA-6-716042","716042","access-list acl_ID action tcp source_interface/source_address(source_port) -&gt; dest_interface/dest_address(dest_port) hit-cnt count","%ASA-6-716042: access-list acl_ID action tcp source_interface/source_address(source_port) -&gt; dest_interface/dest_address(dest_port) hit-cnt count","The WebVPN TCP named acl_ID has been hit count times for packet received on the source interface source_interface/source_address and source port source_port forwarded to dest_interface/dest_address destination dest_port, whose action is permitted or denied. • count —The number of times the ACL was accessed • source_interface —The source interface • source_address —The source IP address • source_port —The source port • dest_interface —The destination interface • dest_address —The destination IP address • action —The user action","None required.","6","Informational","35","vpn","webvpn"
+"%ASA-6-716043","716043","Group &lt;group-name&gt; User &lt;user-name&gt; IP &lt;IP_address&gt; WebVPN Port Forwarding Java applet started. Created new hosts file mappings.","%ASA-6-716043: Group &lt;group-name&gt; User &lt;user-name&gt; IP &lt;IP_address&gt; WebVPN Port Forwarding Java applet started. Created new hosts file mappings.","The user has launched a TCP port-forwarding applet from a WebVPN session. • group-name—Group name associated with the session • user-name—Username associated with the session • IP_address—Source IP address associated with the session","None required.","6","Informational","5","vpn","webvpn"
+"%ASA-4-716044","716044","Group group-name User user-name IP IP_address AAA parameter param-name value param-value out of range.","%ASA-4-716044: Group group-name User user-name IP IP_address AAA parameter param-name value param-value out of range.","The given parameter has a bad value. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address • param-name—The name of the parameter • param-value—The value of the parameter","Modify the configuration to correct the indicated parameter. If the parameter is vlan or nac-settings, verify that it is correctly configured on the AAA server and the Secure Firewall ASA.","4","Warning","55","vpn","webvpn"
+"%ASA-4-716045","716045","Group group-name User user-name IP IP_address AAA parameter param-name value invalid.","%ASA-4-716045: Group group-name User user-name IP IP_address AAA parameter param-name value invalid.","The given parameter has a bad value. The value is not shown because it might be very long. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address • param-name—The name of the parameter","Modify the configuration to correct the indicated parameter.","4","Warning","45","vpn","webvpn"
+"%ASA-4-716046","716046","Group group-name User user-name IP IP_address User ACL access-list-name from AAA doesn't exist on the device, terminating connection.","%ASA-4-716046: Group group-name User user-name IP IP_address User ACL access-list-name from AAA doesn't exist on the device, terminating connection.","The specified ACL was not found on the Secure Firewall ASA. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address • access-list-name—The name of the ACL","Modify the configuration to add the specified ACL or to correct the ACL name.","4","Warning","45","vpn","webvpn"
+"%ASA-4-716047","716047","Group group-name User user-name IP IP_address User ACL access-list-name from AAA ignored, AV-PAIR ACL used instead.","%ASA-4-716047: Group group-name User user-name IP IP_address User ACL access-list-name from AAA ignored, AV-PAIR ACL used instead.","The specified ACL was not used because a Cisco AV-PAIR ACL was used. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address • access-list-name—The name of the ACL","Determine the correct ACL to use and correct the configuration.","4","Warning","45","vpn","webvpn"
+"%ASA-4-716048","716048","Group group-name User user-name IP IP_address No memory to parse ACL.","%ASA-4-716048: Group group-name User user-name IP IP_address No memory to parse ACL.","There was not enough memory to parse the ACL. • group-name—The name of the group","Purchase more memory, upgrade the Secure Firewall ASA, or reduce the load on it.","4","Warning","55","vpn","webvpn"
+"%ASA-6-716049","716049","Group group-name User user-name IP IP_address Empty SVC ACL.","%ASA-6-716049: Group group-name User user-name IP IP_address Empty SVC ACL.","The ACL to be used by the client was empty. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address","Determine the correct ACL to use and modify the configuration.","6","Informational","15","vpn","webvpn"
+"%ASA-6-716050","716050","Error adding to ACL: ace_command_line","%ASA-6-716050: Error adding to ACL: ace_command_line","The ACL entry had a syntax error. • ace_command_line—The ACL entry that is causing the error","Correct the downloadable ACL configuration.","6","Informational","15","vpn","webvpn"
+"%ASA-6-716051","716051","Group group-name User user-name IP IP_address Error adding dynamic ACL for user.","%ASA-6-716051: Group group-name User user-name IP IP_address Error adding dynamic ACL for user.","There is not enough memory to perform the action. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address","Purchase more memory, upgrade the Secure Firewall ASA, or reduce the load on it.","6","Informational","25","vpn","webvpn"
+"%ASA-4-716052","716052","Group group-name User user-name IP IP_address Pending session terminated.","%ASA-4-716052: Group group-name User user-name IP IP_address Pending session terminated.","A user did not complete login and the pending session was terminated. This may be due to an SVC that was unable to connect. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address","Check the user PC for SVC compatibility.","4","Warning","55","vpn","webvpn"
+"%ASA-5-716053","716053","SAML Server added: Name: name Type: SP","%ASA-5-716053: SAML Server added: Name: name Type: SP","A SAML IDP server entry has been added to the webvpn configuration. • name—The entityID of the SAML IDP","None required.","5","Notification","5","vpn","webvpn"
+"%ASA-5-716054","716054","SAML Server deleted: Name: name Type: SP","%ASA-5-716054: SAML Server deleted: Name: name Type: SP","A SAML IDP server entry has been removed from the webvpn configuration. . • name—The entityID of the SAML IDP","None required.","5","Notification","5","vpn","webvpn"
+"%ASA-6-716055","716055","Group group-name User user-name IP IP_address Authentication to SSO server name:","%ASA-6-716055: Group group-name User user-name IP IP_address Authentication to SSO server name:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","vpn","webvpn"
+"%ASA-3-716056","716056","Group group-name User user-name IP IP_address Authentication to SSO server name:","%ASA-3-716056: Group group-name User user-name IP IP_address Authentication to SSO server name:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","3","Error","65","vpn","webvpn"
+"%ASA-3-716057","716057","Group group User user IP ip Session terminated, no type license available","%ASA-3-716057: Group group User user IP ip Session terminated, no type license available","A user has attempted to connect to the Secure Firewall ASA using a client that is not licensed. This message may also occur if a temporary license has expired. • group —The group policy that the user logged in with • user —The name of the user • IP —The IP address of the user • type —The type of license requested, which can be one of the following: - AnyConnect Mobile - LinkSys Phone - The type of license requested by the client (if other than the AnyConnect Mobile or LinkSys Phone) - Unknown","A permanent license with the appropriate feature should be purchased and installed.","3","Error","65","vpn","webvpn"
+"%ASA-6-716058","716058","Group group User user IP ip AnyConnect session lost connection. Waiting to resume.","%ASA-6-716058: Group group User user IP ip AnyConnect session lost connection. Waiting to resume.","The SSL tunnel was dropped and the AnyConnect session enters the inactive state, which can be caused by a hibernating host, a standby host, or a loss of network connectivity. • group —The tunnel group name associated with the AnyConnect session • user —The name of the user associated with the session • ip —The source IP address of the session","None required.","6","Informational","35","vpn","webvpn"
+"%ASA-6-716059","716059","Group group User user IP ip AnyConnect session resumed connection from IP ip2.","%ASA-6-716059: Group group User user IP ip AnyConnect session resumed connection from IP ip2.","An AnyConnect session resumed from the inactive state. • group —The tunnel group name associated with the AnyConnect session • user —The name of the user associated with the session • ip —The source IP address of the session • ip2 —The source IP address of the host on which the session is resumed","None required.","6","Informational","5","vpn","webvpn"
+"%ASA-6-716060","716060","Group group User user IP ip Terminated AnyConnect session in inactive state to accept a new connection: License limit reached.","%ASA-6-716060: Group group User user IP ip Terminated AnyConnect session in inactive state to accept a new connection: License limit reached.","An AnyConnect session in the inactive state was logged out to allow a new incoming SSL VPN (AnyConnect or clientless) connection. • group —The tunnel group name associated with the AnyConnect session • user —The name of the user associated with the session • ip —The source IP address of the session","None required.","6","Informational","5","vpn","webvpn"
+"%ASA-3-716061","716061","Group DfltGrpPolicy User user IP ip_addr IPv6 User Filter tempipv6 configured for AnyConnect. This setting has been deprecated, terminating connection","%ASA-3-716061: Group DfltGrpPolicy User user IP ip_addr IPv6 User Filter tempipv6 configured for AnyConnect. This setting has been deprecated, terminating connection","The IPv6 VPN filter has been deprecated and if it is configured instead of a unified filter for IPv6 traffic access control, the connection will be terminated.","Configure a unified filter with IPv6 entries to control IPv6 traffic for the user.","3","Error","65","vpn","webvpn"
+"%ASA-3-716158","716158","Failed to create SAML logout request, initiated by user. reason: reason.","%ASA-3-716158: Failed to create SAML logout request, initiated by user. reason: reason.","The device was unable to inform the SAML IDP of a user logout because it encountered an error while creating the SAML Logout request. The reasons could be profile is empty, could not create logout object, and so on.","","3","Error","75","vpn","webvpn"
+"%ASA-3-716159","716159","Failed to process SAML logout request. reason: reason.","%ASA-3-716159: Failed to process SAML logout request. reason: reason.","The device encountered an error while processing a SAML logout request initiated by the IDP. The reasons could be NameID is invalid, could not create logout object, and so on.","","3","Error","75","vpn","webvpn"
+"%ASA-3-716160","716160","Failed to create SAML authentication request. reason: reason.","%ASA-3-716160: Failed to create SAML authentication request. reason: reason.","The device was unable to authenticate a user with the SAML IDP because it encountered an error while creating the SAML authn request. The reasons could be NameIDPolicy is invalid, could not create new login instance, and so on.","","3","Error","75","vpn","webvpn"
+"%ASA-3-716162","716162","Failed to consume SAML assertion. reason: reason.","%ASA-3-716162: Failed to consume SAML assertion. reason: reason.","The device encountered an error while processing an authentication response from a SAML IDP. The reasons could be response or assertion is empty, could not create new login instance, assertion is expired or not valid, assertion is empty, issuer is empty, subject is empty, issuer content is empty, name_id or content is empty, and so on.","","3","Error","75","vpn","webvpn"
+"%ASA-3-716163","716163","SAML response relay state failed data integrity check. Client IP: IP address. Local-base-url: Local-base URL.","%ASA-3-716163: SAML response relay state failed data integrity check. Client IP: IP address. Local-base-url: Local-base URL.","This syslog is generated when the relay state failed the data integrity validation. The local-base-url from SAML response RelayState helps to differentiate between the device that originally generated the SAML request from the device that received the response. If the local-base-url is not specified in the response, the message displays 'not received'.","","3","Error","75","vpn","webvpn"
+"%ASA-3-716164","716164","SAML response relay state missing data integrity hash. Client IP: IP address. Local-base-url: Local-base URL.","%ASA-3-716164: SAML response relay state missing data integrity hash. Client IP: IP address. Local-base-url: Local-base URL.","This syslog is generated when the relay state is missing the data integrity hash. The local-base-url from SAML response RelayState helps to differentiate between the device that originally generated the SAML request from the device that received the response. If the local-base-url is not specified in the response, the message displays 'not received'.","","3","Error","65","vpn","webvpn"
+"%ASA-4-716165","716165","SAML assertion cannot be replay protected because it does not contain time constraints.","%ASA-4-716165: SAML assertion cannot be replay protected because it does not contain time constraints.","SAML assertions need to contain time constraints in order for the firewall device to be able to guarantee replay detection. SAML assertions that do not contain time constraints are still accepted and cached for 10 minutes (default) or for the time specified by the timeout assertion CLI in the config-webvpn-saml-idp submode. After the assertion is removed from the cache, the assertion will again become valid when it is received again.","None. This needs to be addressed within the IDP product.","4","Warning","55","vpn","webvpn"
+"%ASA-2-716500","716500","internal error in: function : Fiber library cannot locate AK47 instance","%ASA-2-716500: internal error in: function : Fiber library cannot locate AK47 instance","The fiber library cannot locate the application kernel layer 4 to 7 instance.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716501","716501","internal error in: function : Fiber library cannot attach AK47 instance","%ASA-2-716501: internal error in: function : Fiber library cannot attach AK47 instance","The fiber library cannot attach the application kernel layer 4 to 7 instance.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716502","716502","internal error in: function : Fiber library cannot allocate default arena","%ASA-2-716502: internal error in: function : Fiber library cannot allocate default arena","The fiber library cannot allocate the default arena.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716503","716503","internal error in: function : Fiber library cannot allocate fiber descriptors pool","%ASA-2-716503: internal error in: function : Fiber library cannot allocate fiber descriptors pool","The fiber library cannot allocate the fiber descriptors pool.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716504","716504","internal error in: function : Fiber library cannot allocate fiber stacks pool","%ASA-2-716504: internal error in: function : Fiber library cannot allocate fiber stacks pool","The fiber library cannot allocate the fiber stack pool.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716505","716505","internal error in: function : Fiber has joined fiber in unfinished state","%ASA-2-716505: internal error in: function : Fiber has joined fiber in unfinished state","The fiber has joined fiber in an unfinished state.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716506","716506","UNICORN_SYSLOGID_JOINED_UNEXPECTED_FIBER","%ASA-2-716506: UNICORN_SYSLOGID_JOINED_UNEXPECTED_FIBER","An internal fiber library was generated.","Contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-1-716507","716507","Fiber scheduler has reached unreachable code. Cannot continue, terminating.","%ASA-1-716507: Fiber scheduler has reached unreachable code. Cannot continue, terminating.","The Secure Firewall ASA has experienced an unexpected error and has recovered.","Check for high CPU usage or CPU hogs, and potential memory leaks. If the problem persists, contact the Cisco TAC.","1","Alert","75","vpn","webvpn"
+"%ASA-1-716508","716508","internal error in: function : Fiber scheduler is scheduling rotten fiber. Cannot continuing terminating","%ASA-1-716508: internal error in: function : Fiber scheduler is scheduling rotten fiber. Cannot continuing terminating","The fiber scheduler is scheduling rotten fiber, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.","1","Alert","75","vpn","webvpn"
+"%ASA-1-716509","716509","internal error in: function : Fiber scheduler is scheduling alien fiber. Cannot continue terminating","%ASA-1-716509: internal error in: function : Fiber scheduler is scheduling alien fiber. Cannot continue terminating","The fiber scheduler is scheduling alien fiber, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.","1","Alert","75","vpn","webvpn"
+"%ASA-1-716510","716510","internal error in: function : Fiber scheduler is scheduling finished fiber. Cannot continue terminating","%ASA-1-716510: internal error in: function : Fiber scheduler is scheduling finished fiber. Cannot continue terminating","The fiber scheduler is scheduling finished fiber, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.","1","Alert","75","vpn","webvpn"
+"%ASA-2-716512","716512","internal error in: function : Fiber has joined fiber waited upon by someone else","%ASA-2-716512: internal error in: function : Fiber has joined fiber waited upon by someone else","The fiber has joined fiber that is waited upon by someone else.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716513","716513","internal error in: function : Fiber in callback blocked on other channel","%ASA-2-716513: internal error in: function : Fiber in callback blocked on other channel","The fiber in the callback was blocked on the other channel.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","100","vpn","webvpn"
+"%ASA-2-716515","716515","internal error in: function : OCCAM failed to allocate memory for AK47 instance","%ASA-2-716515: internal error in: function : OCCAM failed to allocate memory for AK47 instance","The OCCAM failed to allocate memory for the AK47 instance.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","95","vpn","webvpn"
+"%ASA-1-716516","716516","internal error in: function : OCCAM has corrupted ROL array. Cannot continue terminating","%ASA-1-716516: internal error in: function : OCCAM has corrupted ROL array. Cannot continue terminating","The OCCAM has a corrupted ROL array, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.","1","Alert","95","vpn","webvpn"
+"%ASA-2-716517","716517","internal error in: function : OCCAM cached block has no associated arena","%ASA-2-716517: internal error in: function : OCCAM cached block has no associated arena","The OCCAM cached block has no associated arena.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716518","716518","internal error in: function : OCCAM pool has no associated arena","%ASA-2-716518: internal error in: function : OCCAM pool has no associated arena","The OCCAM pool has no associated arena.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-1-716519","716519","internal error in: function : OCCAM has corrupted pool list. Cannot continue terminating","%ASA-1-716519: internal error in: function : OCCAM has corrupted pool list. Cannot continue terminating","The OCCAM has a corrupted pool list, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.","1","Alert","95","vpn","webvpn"
+"%ASA-2-716520","716520","internal error in: function : OCCAM pool has no block list","%ASA-2-716520: internal error in: function : OCCAM pool has no block list","The OCCAM pool has no block list.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716521","716521","internal error in: function : OCCAM no realloc allowed in named pool","%ASA-2-716521: internal error in: function : OCCAM no realloc allowed in named pool","The OCCAM did not allow reallocation in the named pool.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716522","716522","internal error in: function : OCCAM corrupted standalone block","%ASA-2-716522: internal error in: function : OCCAM corrupted standalone block","The OCCAM has a corrupted standalone block.","To determine the cause of the problem, contact the Cisco TAC.","2","Critical","100","vpn","webvpn"
+"%ASA-2-716525","716525","UNICORN_SYSLOGID_SAL_CLOSE_PRIVDATA_CHANGED","%ASA-2-716525: UNICORN_SYSLOGID_SAL_CLOSE_PRIVDATA_CHANGED","An internal SAL error has occurred.","Contact the Cisco TAC.","2","Critical","85","vpn","webvpn"
+"%ASA-2-716526","716526","UNICORN_SYSLOGID_PERM_STORAGE_SERVER_LOAD_FAIL","%ASA-2-716526: UNICORN_SYSLOGID_PERM_STORAGE_SERVER_LOAD_FAIL","A failure in the mounting of the permanent storage server directory occurred.","Contact the Cisco TAC.","2","Critical","95","vpn","webvpn"
+"%ASA-2-716527","716527","UNICORN_SYSLOGID_PERM_STORAGE_SERVER_STORE_FAIL","%ASA-2-716527: UNICORN_SYSLOGID_PERM_STORAGE_SERVER_STORE_FAIL","A failure in the mounting of the permanent storage file occurred.","Contact the Cisco TAC.","2","Critical","95","vpn","webvpn"
+"%ASA-1-716528","716528","Unexpected fiber scheduler error; possible out-of-memory condition","%ASA-1-716528: Unexpected fiber scheduler error; possible out-of-memory condition","The Secure Firewall ASA has experienced an unexpected error and has recovered.","Check for high CPU usage or CPU hogs, and potential memory leaks. If the problem persists, contact the Cisco TAC.","1","Alert","75","vpn","webvpn"
+"%ASA-3-716600","716600","Rejected size-recv Hostscan data from IP src-ip. Hostscan results exceed default limit of configured.","%ASA-3-716600: Rejected size-recv Hostscan data from IP src-ip. Hostscan results exceed default limit of configured.","When the size of the received Hostscan data exceeds the limit configured on the Secure Firewall ASA, the data is discarded. • size-recv —Size of received Hostscan data in kilobytes • src-ip —Source IP address • default | configured —Keyword specifying whether the value of the Hostscan data limit is the default or configured by the administrator • size-conf —Configured upper limit on the size of the Hostscan data that the Secure Firewall ASA accepts from clients","Contact Cisco TAC to increase the upper limit on the size of Hostscan data that the Secure Firewall ASA accepts from clients.","3","Error","85","vpn","webvpn"
+"%ASA-3-716601","716601","Rejected size-recv Hostscan data from IP src-ip. System-wide limit on the amount of Hostscan data stored on default reached the limit of configured","%ASA-3-716601: Rejected size-recv Hostscan data from IP src-ip. System-wide limit on the amount of Hostscan data stored on default reached the limit of configured","When the amount of Hostscan data stored on the Secure Firewall ASA exceeds the limit, new Hostscan results are rejected. • size-recv —Size of received Hostscan data in kilobytes • src-ip —Source IP address • data-max —Limit on the amount of Hostscan results to be stored by the Secure Firewall ASA in kilobytes","Contact Cisco TAC to change the limit on stored Hostscan data.","3","Error","85","vpn","webvpn"
+"%ASA-3-716602","716602","Memory allocation error. Rejected size-recv Hostscan data from IP src-ip.","%ASA-3-716602: Memory allocation error. Rejected size-recv Hostscan data from IP src-ip.","An error occurred while memory was being allocated for Hostscan data. • size-recv —Size of received Hostscan data in kilobytes • src-ip —Source IP address","Set the Hostscan limit to the default value if it is configured. If the problem persists, contact Cisco TAC.","3","Error","85","vpn","webvpn"
+"%ASA-7-716603","716603","Received size-recv KB Hostscan data from IP src-ip.","%ASA-7-716603: Received size-recv KB Hostscan data from IP src-ip.","The Hostscan data of a specified size was successfully received. • size-recv —Size of received Hostscan data in kilobytes • src-ip —Source IP address","None required. Messages 717001 to 717070 This section includes messages from 717001 to 717070.","7","Debugging","25","vpn","webvpn"
+"%ASA-3-717001","717001","Querying keypair failed.","%ASA-3-717001: Querying keypair failed.","A required keypair was not found during an enrollment request.","Verify that a valid keypair exists in the trustpoint configuration, then resubmit the enrollment request.","3","Error","85","network","general"
+"%ASA-3-717002","717002","Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.","%ASA-3-717002: Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.","An enrollment request for this trustpoint has failed. • trustpoint name —Trustpoint name that the enrollment request was for • reason_string —The reason the enrollment request failed","Check the CA server for the failure reason.","3","Error","75","network","general"
+"%ASA-6-717003","717003","Certificate received from Certificate Authority for trustpoint trustpoint_name.","%ASA-6-717003: Certificate received from Certificate Authority for trustpoint trustpoint_name.","A certificate was successfully received from the CA for this trustpoint. • trustpoint_name —Trustpoint name","None required","6","Informational","5","network","general"
+"%ASA-6-717004","717004","PKCS #12 export failed for trustpoint trustpoint_name.","%ASA-6-717004: PKCS #12 export failed for trustpoint trustpoint_name.","The trustpoint failed to export, because of one of the following: only a CA certificate exists, and an identity certificate does not exist for the trustpoint, or a required keypair is missing. • trustpoint_name —Trustpoint name","Make sure that required certificates and keypairs are present for the given trustpoint.","6","Informational","25","network","general"
+"%ASA-6-717005","717005","PKCS #12 export succeeded for trustpoint trustpoint_name.","%ASA-6-717005: PKCS #12 export succeeded for trustpoint trustpoint_name.","The trustpoint was successfully exported. • trustpoint_name —Trustpoint name","None required","6","Informational","5","network","general"
+"%ASA-6-717006","717006","PKCS #12 import failed for trustpoint trustpoint_name.","%ASA-6-717006: PKCS #12 import failed for trustpoint trustpoint_name.","Import of the requested trustpoint failed to be processed. • trustpoint_name —Trustpoint name","Verify the integrity of the imported data. Then make sure that the entire pkcs12 record is correctly pasted, and reimport the data.","6","Informational","35","network","general"
+"%ASA-6-717007","717007","PKCS #12 import succeeded for trustpoint trustpoint_name.","%ASA-6-717007: PKCS #12 import succeeded for trustpoint trustpoint_name.","Import of the requested trustpoint was successfully completed. • trustpoint_name —Trustpoint name","None required.","6","Informational","5","network","general"
+"%ASA-2-717008","717008","Insufficient memory to process_requiring_memory.","%ASA-2-717008: Insufficient memory to process_requiring_memory.","An internal error occurred while attempting to allocate memory for the process that reqires memory. Other processes may experience problems allocating memory and prevent further processing. • process_requiring_memory—The specified process that requires memoryr","Collect memory statistics and logs for further debugging and reload the Secure Firewall ASA.","2","Critical","100","network","general"
+"%ASA-3-717009","717009","Certificate validation failed. reason_string.","%ASA-3-717009: Certificate validation failed. reason_string.","A certificate validation failed, which might be caused by a validation attempt of a revoked certificate, invalid certificate attributes, or configuration issues. • reason_string —The reason that the certificate validation failed","Make sure the configuration has a valid trustpoint configured for validation if the reason indicates that no suitable trustpoints were found. Check the Secure Firewall ASA time to ensure that it is accurate relative to the certificate authority time. Check the reason for the failure and correct any issues that are indicated. If certificate validation fails due to the CA key size being too small or a weak crypto being used, you can use the crypto ca permit-weak-crypto command to override these restrictions.","3","Error","75","network","general"
+"%ASA-3-717010","717010","CRL polling failed for trustpoint trustpoint_name.","%ASA-3-717010: CRL polling failed for trustpoint trustpoint_name.",".CRL polling has failed and may cause connections to be denied if CRL checking is required. • trustpoint_name—The name of the trustpoint that requested the CRL","Verify that connectivity exists with the configured CRL distribution point and make sure that manual CRL retrieval also functions correctly.","3","Error","100","network","general"
+"%ASA-2-717011","717011","Unexpected event: event event_ID","%ASA-2-717011: Unexpected event: event event_ID","An event that is not expected under normal conditions has occurred.","If the problem persists, contact the Cisco TAC.","2","Critical","85","network","general"
+"%ASA-3-717012","717012","Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure","%ASA-3-717012: Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure","An attempt to refresh a cached CRL entry has failed for the specified trustpoint at the indicated time of failure. This may result in obsolete CRLs on the Secure Firewall ASA, which may cause connections that require a valid CRL to be denied.","Check connectivity issues to the server, such as a downed network or server. Try to retrieve the CRL manually using the crypto ca crl retrieve command.","3","Error","95","network","general"
+"%ASA-5-717013","717013","Removing a cached CRL to accommodate an incoming CRL Issuer: issuer","%ASA-5-717013: Removing a cached CRL to accommodate an incoming CRL Issuer: issuer","When the device is configured to authenticate IPsec tunnels using digital certificates, CRLs may be cached in memory to avoid requiring a CRL download during each connection. If the cache fills to the point where an incoming CRL cannot be accommodated, older CRLs will be removed until the required space is made available. This message is generated for each purged CRL. • issuer—The name of the device that removes cached CRLs","None required.","5","Notification","5","network","general"
+"%ASA-5-717014","717014","Unable to cache a CRL received from CDP due to size limitations(CRL size = size, available cache space = space)","%ASA-5-717014: Unable to cache a CRL received from CDP due to size limitations(CRL size = size, available cache space = space)","When the device is configured to authenticate IPsec tunnels using digital certificates, CRLs may be cached in memory to avoid requiring a CRL download during each connection. This message is generated if a received CRL is too large to fit in the cache. Large CRLs are still supported even though they are not cached. This means that the CRL will be downloaded with each IPsec connection, which may affect performance during IPsec connection bursts.","None required.","5","Notification","5","network","general"
+"%ASA-3-717015","717015","CRL received from issuer is too large to process (CRL size = crl_size , maximum CRL size = max_crl_size )","%ASA-3-717015: CRL received from issuer is too large to process (CRL size = crl_size , maximum CRL size = max_crl_size )","An IPsec connection caused a CRL that is larger than the maximum permitted CRL size to be downloaded. This error condition causes the connection to fail. This message is rate limited to one message every 10 seconds.","Scalability is perhaps the most significant drawback to the CRL method of revocation checking. To solve this problem, the only options are to investigate a CA-based solution to reduce the CRL size or configure the Secure Firewall ASA not to require CRL validation.","3","Error","75","network","general"
+"%ASA-6-717016","717016","Removing expired CRL from the CRL cache. Issuer: issuer","%ASA-6-717016: Removing expired CRL from the CRL cache. Issuer: issuer","When the Secure Firewall ASA is configured to authenticate IPsec tunnels using digital certificates, CRLs may be cached in memory to avoid requiring a CRL download during each connection.","None required.","6","Informational","5","network","general"
+"%ASA-3-717017","717017","Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url.","%ASA-3-717017: Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url.","An error occurred when an attempt was made to authenticate a trustpoint by requesting a CA certificate from a certificate authority.","Make sure that an enrollment URL is configured with this trustpoint, ensure connectivity with the CA server, then retry the request.","3","Error","75","network","general"
+"%ASA-3-717018","717018","CRL received from issuer has too many entries to process (number of entries = number_of_entries , maximum number allowed = max_allowed )","%ASA-3-717018: CRL received from issuer has too many entries to process (number of entries = number_of_entries , maximum number allowed = max_allowed )","An IPsec connection caused a CRL that includes more revocation entries than can be supported to be downloaded. This is an error condition that will cause the connection to fail. This message is rate limited to one message every 10 seconds. • issuer—The X.500 name of the CRLs issuer • number_of_entries—The number of revocation entries in the received CRL • max_allowed—The maximum number of CRL entries that the Secure Firewall ASA supports","Scalability is perhaps the most significant drawback to the CRL method of revocation checking. The only options to solve this problem are to investigate a CA-based solution to reduce the CRL size or configure the Secure Firewall ASA not to require CRL validation.","3","Error","75","network","general"
+"%ASA-3-717019","717019","Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.","%ASA-3-717019: Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.","A CRL is retrieved, but found to be invalid and cannot be inserted into the cache because of the failure_reason. • trustpoint_name—The name of the trustpoint that requested the CRL • failure_reason—The reason that the CRL failed to be inserted into cache","Make sure that the current Secure Firewall ASA time is correct relative to the CA time. If the NextUpdate field is missing, configure the trustpoint to ignore the NextUpdate field.","3","Error","75","network","general"
+"%ASA-3-717020","717020","Failed to install device certificate for trustpoint label. Reason: reason_string.","%ASA-3-717020: Failed to install device certificate for trustpoint label. Reason: reason_string.","A failure occurred while trying to enroll or import an enrolled certificate into a trustpoint.","Use the failure reason to remedy the cause of failure and retry the enrollment. Common failures are due to invalid certificates being imported into the Secure Firewall ASA or a mismatch of the public key included in the enrolled certificate with the keypair referenced in the trustpoint.","3","Error","75","network","general"
+"%ASA-3-717021","717021","Certificate data could not be verified. Reason: reason_string, key length in certificate: serial_number bits.","%ASA-3-717021: Certificate data could not be verified. Reason: reason_string, key length in certificate: serial_number bits.","An attempt to verify the certificate that is identified by the serial number and subject name was unsuccessful for the specified reason. When verifying certificate data using the signature, several errors can occur that should be logged, including invalid key types and unsupported key size. • reason_string —The reason that the certificate cannot be verified • serial number —Serial number of the certificate that is being verified • subject name —Subject name included in the certificate that is being verified • key length —The number of bits in the key used to sign this certificate","Check the specified certificate to ensure that it is valid, that it includes a valid key type, and that it does not exceed the maximum supported key size.","3","Error","85","network","general"
+"%ASA-6-717022","717022","Certificate was successfully validated. certificate_identifiers.","%ASA-6-717022: Certificate was successfully validated. certificate_identifiers.","The identified certificate was successfully validated. • certificate_identifiers —Information to identify the certificate that was validated successfully, which might include a reason, serial number, subject name, and additional information","None required.","6","Informational","5","network","general"
+"%ASA-3-717023","717023","SSL failed to set device certificate for trustpoint trustpoint_name. Reason: reason_string.","%ASA-3-717023: SSL failed to set device certificate for trustpoint trustpoint_name. Reason: reason_string.","A failure occurred while trying to set an Secure Firewall ASA certificate for the given trustpoint for authenticating the SSL connection. • trustpoint name —Name of the trustpoint for which SSL failed to set an Secure Firewall ASA certificate • reason_string —Reason indicating why the Secure Firewall ASA certificate cannot be set","Resolve the issue indicated by the reason reported for the failure by doing the following: • Make sure that the specified trustpoint is enrolled and has an Secure Firewall ASA certificate. • Make sure the Secure Firewall ASA certificate is valid. • Reenroll the trustpoint, if required.","3","Error","75","network","general"
+"%ASA-7-717024","717024","Checking CRL from trustpoint: trustpoint name for purpose","%ASA-7-717024: Checking CRL from trustpoint: trustpoint name for purpose","A CRL is being retrieved. • trustpoint name —Name of the trustpoint for which the CRL is being retrieved • purpose —Reason that the CRL is being retrieved","None required.","7","Debugging","5","network","general"
+"%ASA-7-717025","717025","Validating certificate chain containing number_of_certs certificate(s).","%ASA-7-717025: Validating certificate chain containing number_of_certs certificate(s).","A certificate chain is being validated. • >number of certs— Number of certificates in the chain","None required.","7","Debugging","5","network","general"
+"%ASA-4-717026","717026","Name lookup failed for hostname hostname during PKI operation.","%ASA-4-717026: Name lookup failed for hostname hostname during PKI operation.","The given hostname cannot be resolved while attempting a PKI operation. • >hostname —The hostname that failed to resolve","Check the configuration and the DNS server entries for the given hostname to make sure that it can be resolved. Then retry the operation.","4","Warning","55","network","general"
+"%ASA-3-717027","717027","Certificate chain failed validation. reason_string.","%ASA-3-717027: Certificate chain failed validation. reason_string.","A certificate chain cannot be validated. • reason_string—Reason for the failure to validate the certificate chain. The reasons could be non reacheability of a CA server, trustpoint not being available, the validity period for the certificate identity has elapsed, or when the certificate is revoked.","Resolve the issue noted by the reason and retry the validation attempt by performing any of the following actions: • Make sure that connectivity to a CA is available if CRL checking is required. • Make sure that a trustpoint is authenticated and available for validation. • Make sure that the identity certificate within the chain is valid based on the validity dates. • Make sure that the certificate is not revoked.","3","Error","75","network","general"
+"%ASA-6-717028","717028","Certificate chain was successfully validated additional_info.","%ASA-6-717028: Certificate chain was successfully validated additional_info.","A certificate chain was successfully validated. • >additional info —More information for how the certificate chain was validated (for example, “with warning” indicates that a CRL check was not performed)","None required.","6","Informational","5","network","general"
+"%ASA-7-717029","717029","Identified client certificate within certificate chain. serial_number.","%ASA-7-717029: Identified client certificate within certificate chain. serial_number.","The certificate specified as the client certificate is identified. • serial_number—Serial number of the certificate that is identified as the client certificate • subject_name—Subject name included in the certificate that is identified as the client certificate","None required.","7","Debugging","5","network","general"
+"%ASA-7-717030","717030","Found a suitable trustpoint trustpoint_name to validate certificate.","%ASA-7-717030: Found a suitable trustpoint trustpoint_name to validate certificate.","A suitable or usable trustpoint is found that can be used to validate the certificate. • trustpoint name —Trustpoint that will be used to validate the certificate","None required.","7","Debugging","5","network","general"
+"%ASA-4-717031","717031","Failed to find a suitable trustpoint for the issuer: issuer Reason: reason_string","%ASA-4-717031: Failed to find a suitable trustpoint for the issuer: issuer Reason: reason_string","A usable trustpoint cannot be found. During certificate validation, a suitable trustpoint must be available in order to validate a certificate. • >issuer —Issuer of the certificate that was being validated • reason_string —The reason that a suitable trustpoint cannot be found","Resolve the issue indicated in the reason by checking the configuration to make sure that a trustpoint is configured, authenticated, and enrolled. Also make sure that the configuration allows for specific types of certificates, such as identity certificates.","4","Warning","55","network","general"
+"%ASA-3-717032","717032","OCSP status check failed. Reason: reason_string.","%ASA-3-717032: OCSP status check failed. Reason: reason_string.","When the OCSP status check fails, this message is generated with the reason for the failure. The following list mentions the failure reasons: • HTTP transaction failed for OCSP request.","None.","3","Error","75","network","general"
+"%ASA-6-717033","717033","OCSP response received.","%ASA-6-717033: OCSP response received.","An OCSP status check response was received successfully.","None required.","6","Informational","5","network","general"
+"%ASA-7-717034","717034","No-check extension found in certificate. CRL check bypassed.","%ASA-7-717034: No-check extension found in certificate. CRL check bypassed.","An OCSP responder certificate was received that includes an “id-pkix-ocsp-nocheck” extension, which allows this certificate to be validated without an OCSP status check.","None required.","7","Debugging","5","network","general"
+"%ASA-4-717035","717035","OCSP status is being checked for certificate. certificate_identifier..","%ASA-4-717035: OCSP status is being checked for certificate. certificate_identifier..","The certificate for which an OCSP status check occurs is identified. • certificate_identifier —Information that identifies the certificate being processed by the certificate map rules","None required.","4","Warning","5","network","general"
+"%ASA-7-717036","717036","Looking for a tunnel group match based on certificate maps for peer certificate with certificate_identifier.","%ASA-7-717036: Looking for a tunnel group match based on certificate maps for peer certificate with certificate_identifier.","The peer certificate identified by the certificate identifier is being processed through the configured certificate maps to attempt a possible tunnel group match. • certificate_identifier —Information that identifies the certificate being processed by the certificate map rules","None required.","7","Debugging","5","network","general"
+"%ASA-4-717037","717037","Tunnel group search using certificate maps failed for peer certificate: certificate_identifier.","%ASA-4-717037: Tunnel group search using certificate maps failed for peer certificate: certificate_identifier.","The peer certificate identified by the certificate identifier was processed through the configured certificate maps to attempt a possible tunnel group match, but no match can be found. • certificate_identifier —Information that identifies the certificate being processed by the certificate map rules","Make sure that the warning is expected based on the received peer certificate and the configured crypto CA certificate map rules.","4","Warning","55","network","general"
+"%ASA-7-717038","717038","Tunnel group match found. Tunnel Group: tunnel_group_name, Peer certificate: certificate_identifier.","%ASA-7-717038: Tunnel group match found. Tunnel Group: tunnel_group_name, Peer certificate: certificate_identifier.","The peer certificate identified by the certificate identifier was processed by the configured certificate maps, and a match was found to the tunnel group. • certificate_identifier —Information that identifies the certificate being processed by the certificate map rules • tunnel_group_name —The name of the tunnel group matched by the certificate map rules","None required.","7","Debugging","5","network","general"
+"%ASA-3-717039","717039","Local CA Server internal error detected: error..","%ASA-3-717039: Local CA Server internal error detected: error..","An internal processing error has occurred with the local CA server. • error —Error string","Based on the error, take the necessary steps to resolve the issue. Currently, the possible errors include: • CA key does not exist—Make sure that the CA key is present, or restore the key from a backup, if necessary.","3","Error","65","network","general"
+"%ASA-2-717040","717040","Local CA Server has failed and is being disabled. Reason: reason..","%ASA-2-717040: Local CA Server has failed and is being disabled. Reason: reason..","The local CA server is being disabled because of an error. • reason —Reason string Currently, the possible errors include: • Storage down—Make sure that storage is accessible, and reenable the CA server by using the no shut command.","Based on the reason, take the necessary steps to resolve the issue.","2","Critical","95","network","general"
+"%ASA-7-717041","717041","Local CA Server event: event_info.","%ASA-7-717041: Local CA Server event: event_info.","Event details that have occurred on the CA server are reported to allow you to track or debug the CA server health, including when the CA server is created, enabled, or disabled, or when the CA server certificate is rolled over. • event info —Details of the event that occurred","None required.","7","Debugging","5","network","general"
+"%ASA-3-717042","717042","Failed to enable Local CA Server. Reason: reason.","%ASA-3-717042: Failed to enable Local CA Server. Reason: reason.","Errors occurred when an attempt was made to enable the local CA server. • reason —Reason that the local CA server failed to enable","Resolve the issue encountered that is reported in the reason string. Currently, the possible reasons include: • Failed to create server trustpoint • Failed to create server keypair • Time has not been set • Failed to init storage • Storage not accessible • Failed to validate self-signed CA certificate","3","Error","75","network","general"
+"%ASA-6-717043","717043","Local CA Server certificate enrollment related info for user: user. Info: info.","%ASA-6-717043: Local CA Server certificate enrollment related info for user: user. Info: info.","Enrollment-related activities for a user are being monitored. The username and specific enrollment information are reported so that enrollments, e-mail invitation generation, and renewal reminder generation can be monitored. • user —Username about whom the enrollment information log is being generated • info —Enrollment information string","None required.","6","Informational","5","network","general"
+"%ASA-3-717044","717044","Local CA Server certificate enrollment related error for user: user. Error: error.","%ASA-3-717044: Local CA Server certificate enrollment related error for user: user. Error: error.","Errors that occur in the processing of certificate enrollment are reported, which may include errors in notifying users via e-mail for renewal reminders, errors during issuance of a certificate to complete enrollment, invalid username or OTP, and expired enrollment attempts. • user —Username for whom the enrollment error log is being generated • error —Enrollment error","If the error does not provide enough information to diagnose and resolve the issue, turn on debugging and try enrollment again.","3","Error","75","network","general"
+"%ASA-7-717045","717045","Local CA Server CRL info: info.","%ASA-7-717045: Local CA Server CRL info: info.","The CRL file is monitored when it is generated and regenerated. • info —Informational string of the CRL event","None required.","7","Debugging","5","network","general"
+"%ASA-3-717046","717046","Local CA Server CRL error: error.","%ASA-3-717046: Local CA Server CRL error: error.","Errors that are encountered while trying to generate and reissue the local CA server CRL file are reported.","Take appropriate action to resolve the reported issue, which may include verifying that storage is accessible, and that the CRL file is valid in storage and signed by the existing local CA server.","3","Error","75","network","general"
+"%ASA-6-717047","717047","Revoked certificate issued to user: username, with serial number serial_number.","%ASA-6-717047: Revoked certificate issued to user: username, with serial number serial_number.","Any certificates issued by the local CA server that have been revoked are being monitored. • username —Username of the owner of the certificate that is being revoked • serial number —Serial number of the certificate that has been revoked","None required.","6","Informational","5","network","general"
+"%ASA-6-717048","717048","Unrevoked certificate issued to user: username, with serial number serial_number.","%ASA-6-717048: Unrevoked certificate issued to user: username, with serial number serial_number.","Any certificates that were issued by the local CA server that were previously revoked, and that are now being unrevoked and removed from the CRL are being monitored. • username —Username of the owner of the certificate that is being unrevoked • serial number —Serial number of the certificate that has been unrevoked","None required.","6","Informational","5","network","general"
+"%ASA-1-717049","717049","Local CA Server certificate is due to expire in number days and a replacement certificate is available for export.","%ASA-1-717049: Local CA Server certificate is due to expire in number days and a replacement certificate is available for export.","The administrator is alerted to an upcoming CA certificate expiration so that the administrator can take action to export the replacement certificate to all ASAs that will require the new certificate. • number —The number of days before the local CA server certificate expires","To avoid certificate validation failures on any ASAs that require the local CA server certificate, action should be taken before the actual expiration of the current local CA server certificate, which is indicated by the number value. Note that the local CA server does not require any action because the CA certificate will be replaced automatically. Use the show crypto ca server certificate command to view the replacement or rollover local CA server certificate and copy it for import into any ASA that will require the new certificate.","1","Alert","95","network","general"
+"%ASA-5-717050","717050","SCEP Proxy: Processed request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group-policy_name to CA ca_ip_address","%ASA-5-717050: SCEP Proxy: Processed request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group-policy_name to CA ca_ip_address","The SCEP proxy received a message and relayed it to the CA. The response from the CA is relayed back to the client. • type —The request type string that is received by the SCEP proxy, which can be one of the following SCEP message types: PKIOperation, GetCACaps, GetCACert, GetNextCACert, and GetCACertChain. • client ip address —The source IP address of the request received • username —The username that is associated with the VPN session in which the SCEP request is received • tunnel-group name —The tunnel group that is associated with the VPN session in which the SCEP request is received • group-policy name —The group policy that is associated with the VPN session in which the SCEP request is received • ca ip address —The IP address of the CA that is configured in the group policy","None required.","5","Notification","5","network","general"
+"%ASA-3-717051","717051","SCEP Proxy: Denied processing the request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group_policy_name to CA ca_ip_address. Reason: msg","%ASA-3-717051: SCEP Proxy: Denied processing the request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group_policy_name to CA ca_ip_address. Reason: msg","The SCEP proxy denied processing of the request, which may be caused by a misconfiguration, an error condition in the proxy, or an invalid request. • type —The request type string that is received by the SCEP proxy, which can be one of the following SCEP message types: PKIOperation, GetCACaps, GetCACert, GetNextCACert, and GetCACertChain. • client ip address —The source IP address of the request received • username —The username that is associated with the VPN session in which the SCEP request is received • tunnel-group name —The tunnel group that is associated with the VPN session in which the SCEP request is received • group-policy name —The group policy that is associated with the VPN session in which the SCEP request is received • ca ip address —The IP address of the CA that is configured in the group policy • msg—The reason string that explains the reason or error for why the request processing is denied","Identify the cause from the reason printed. If the reason indicates that the request is invalid, check the CA URL configuration. Otherwise, confirm that the tunnel group is enabled for SCEP enrollment and debug further by using the debug crypto ca scep-proxy command.","3","Error","95","network","general"
+"%ASA-4-717052","717052","Group group_name User user_name IP IP_Address Session disconnected due to periodic certificate authentication failure. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number","%ASA-4-717052: Group group_name User user_name IP IP_Address Session disconnected due to periodic certificate authentication failure. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number","Periodic certificate authentication failed, and the session was disconnected. • group name —The name of the group policy to which the session belongs • user name —The username of the session • IP —The public IP address of the session • id subject name —The subject name in the ID certificate of the session • id issuer name —The issuer name in the ID certificate of the session","None required. 717053 SSP-whole topic Error Message","4","Warning","75","network","general"
+"%ASA-5-717053","717053","Group group_name User user_name IP IP_Address Periodic certificate authentication succeeded. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number","%ASA-5-717053: Group group_name User user_name IP IP_Address Periodic certificate authentication succeeded. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number","Periodic certificate authentication succeeded. • group name —The name of the group policy to which the session belongs • user name —The username of the session • id subject name —The subject name in the ID certificate of the session • id issuer name —The issuer name in the ID certificate of the session • id serial number —The serial number in the ID certificate of the session","None required. 717054 SSP-whole topic Error Message","5","Notification","5","network","general"
+"%ASA-1-717054","717054","The type certificate in the trustpoint tp_name is due to expire in number days. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number","%ASA-1-717054: The type certificate in the trustpoint tp_name is due to expire in number days. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number","The specified certificate in the trustpoint is about to expire. • type —The type of certificate: CA or ID • tp name —The name of the trustpoint to which the certificate belongs • number —The number of days until expiration • date and time : The expiration date and time • subject name —The subject name in the certificate • issuer name —The issuer name in the certificate • serial number —The serial number in the certificate","Renew the certificate.","1","Alert","75","network","general"
+"%ASA-1-717055","717055","The type certificate in the trustpoint tp_name has expired. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number","%ASA-1-717055: The type certificate in the trustpoint tp_name has expired. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number","The specified certificate in the trustpoint has expired. • type —The type of certificate: CA or ID • tp name —The name of the trustpoint to which the certificate belongs • date and time : The expiration date and time","Renew the certificate. 717056 Only heading title SSP Error Message","1","Alert","75","network","general"
+"%ASA-6-717056","717056","Attempting type revocation check from Src:Interface/Src to IP/Src_Port using Dst_IP.","%ASA-6-717056: Attempting type revocation check from Src:Interface/Src to IP/Src_Port using Dst_IP.","The CA was attempting to download a CRL or send an OCSP revocation check request. • type —Type of revocation check, which can be OCSP or CRL • Src Interface —Name of the interface from which the revocation checking is being done • Src IP —IP address from which the revocation checking is being done • Src Port —Port number from which the revocation checking is being done • Dst IP —IP address of the server to which the revocation checking request is being sent • Dst Port —Port number of the server to which the revocation checking request is being sent • Protocol —Protocol being used for revocation checking, which can be HTTP, LDAP, or SCEP","None required.","6","Informational","5","network","general"
+"%ASA-3-717057","717057","Automatic import of trustpool certificate bundle has failed. Maximum_retry_attempts_reached.Failed_to_reach_CA_server|Cisco_root_bundle_signature_validation_failed|Failed_to_update_trustpool_bundle_in_flash|Failed_to_install_trustpool_bundle_in_memory","%ASA-3-717057: Automatic import of trustpool certificate bundle has failed. Maximum_retry_attempts_reached.Failed_to_reach_CA_server|Cisco_root_bundle_signature_validation_failed|Failed_to_update_trustpool_bundle_in_flash|Failed_to_install_trustpool_bundle_in_memory","This syslog is generated with one of these error messages. This syslog is meant to update the user with results of the auto import operation and steer them towards the right debug messages especially in cases of failure. Details of each error are present in the debug output.","Verify CA accessibility and make space on flash CA root certificate.","3","Error","85","network","general"
+"%ASA-6-717058","717058","Automatic import of trustpool certificate bundle is successful: No_change_in_trustpool_bundle|Trustpool_updated_in_flash","%ASA-6-717058: Automatic import of trustpool certificate bundle is successful: No_change_in_trustpool_bundle|Trustpool_updated_in_flash","This syslog is generated with one of these success messages. This syslog is meant to update the user with results of the auto import operation and steer them towards the right debug messages, especially in cases of failure. Details of each error are present in the debug output.","None.","6","Informational","25","network","general"
+"%ASA-6-717059","717059","Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name matched the configured certificate map map_name","%ASA-6-717059: Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name matched the configured certificate map map_name","This log is generated when an ASDM connection is authenticated via certificates and allowed based on the configured certificate map rules.","None required.","6","Informational","5","network","general"
+"%ASA-3-717060","717060","Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name failed to match the configured certificate map map_name","%ASA-3-717060: Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name failed to match the configured certificate map map_name","This log is generated when an ASDM connection is authenticated via certificates and not allowed based on the configured certificate map rules.","If the peer certificate referenced in the log is supposed to be allowed, check certificate map configuration for the referenced map_name and correct the map to allow the connection as needed. 717061 SSP-only heading title Error Message","3","Error","65","network","general"
+"%ASA-5-717061","717061","Starting protocol certificate enrollment for the trustpoint tpname with the CA ca_name. Request Type type Mode mode","%ASA-5-717061: Starting protocol certificate enrollment for the trustpoint tpname with the CA ca_name. Request Type type Mode mode","A CMP enrollment request has been triggered. • tpname —Name of the trustpoint being enrolled • ca —CA hostname or IP address as provided in the CMP configuration • type —CMP request type: Initialization Request, Certification Request, and Key Update Request • mode —Enrollment trigger: Manual or Automatic • protocol —Enrollment protocol: CMP","None required.","5","Notification","5","network","general"
+"%ASA-5-717062","717062","protocol Certificate enrollment succeeded for the trustpoint tpname with the CA ca using CMP. Received a new certificate with Subject Name subject Issuer Name issuer Serial Number serial","%ASA-5-717062: protocol Certificate enrollment succeeded for the trustpoint tpname with the CA ca using CMP. Received a new certificate with Subject Name subject Issuer Name issuer Serial Number serial","CMP enrollment request succeeded. New certificate received. • tpname —Name of the trustpoint being enrolled • ca —CA hostname or IP address as provided in the CMP configuration • subject —Subject Name from the received certificate • issuer —Issuer Name from the received certificate • serial—Serial Number from the received certificate • protocol —Enrollment protocol: CMP","None required.","5","Notification","5","network","general"
+"%ASA-3-717063","717063","protocol Certificate enrollment failed for the trustpoint tpname with the CA ca","%ASA-3-717063: protocol Certificate enrollment failed for the trustpoint tpname with the CA ca","CMP enrollment request failed. • tpname —Name of the trustpoint being enrolled • ca —CA hostname or IP address as provided in the CMP configuration • protocol —Enrollment protocol: CMP","Use the CMP debug traces to fix the enrollment failure. 717064 SSP - only heading Error Message","3","Error","75","network","general"
+"%ASA-5-717064","717064","Keypair keyname in the trustpoint tpname is regenerated for mode protocol certificate enrollment","%ASA-5-717064: Keypair keyname in the trustpoint tpname is regenerated for mode protocol certificate enrollment","The keypair in the trustpoint is regenerated for certificate enrollment using CMP. • tpname —Name of the trustpoint being enrolled • keyname —Name of the keypair in the trustpoint • mode—Enrollment trigger: Manual or Automatic • protocol —Enrollment protocol: CMP","None required.","5","Notification","5","network","general"
+"%ASA-5-717067","717067","Starting ACME certificate enrollment for trustpoint tpname with CA ca_name. Mode mode.​","%ASA-5-717067: Starting ACME certificate enrollment for trustpoint tpname with CA ca_name. Mode mode.​","The enrollment is triggered for ACME trustpoint. • tpname —Name of the trustpoint being enrolled • ca_name —CA hostname or IP address as provided in the ACME configuration • mode—Enrollment trigger: Manual or Automatic","None required.","5","Notification","5","network","general"
+"%ASA-5-717068","717068","ACME Certificate enrollment succeeded for trustpoint tpname with CA ca. Received a new certificate with Subject Name subject, Issuer Name issuer, Serial Number serial ​","%ASA-5-717068: ACME Certificate enrollment succeeded for trustpoint tpname with CA ca. Received a new certificate with Subject Name subject, Issuer Name issuer, Serial Number serial ​","The ACME certificate enrollment is sucessful for the trustpoint. • tpname —Name of the trustpoint being enrolled","None required.","5","Notification","5","network","general"
+"%ASA-3-717069","717069","ACME Certificate enrollment failed for trustpoint tpname with CA ca.","%ASA-3-717069: ACME Certificate enrollment failed for trustpoint tpname with CA ca.","The ACME certificate enrollment failed for the trustpoint. • tpname —Name of the trustpoint being enrolled • ca —CA hostname or IP address as provided in the ACME configuration","Use the debug crypto ca acme <1-255>command to identify the failure reasons from the debug traces.","3","Error","75","network","general"
+"%ASA-5-717070","717070","Keypair keyname in trustpoint tpname is regenerated for mode ACME certificate renewal","%ASA-5-717070: Keypair keyname in trustpoint tpname is regenerated for mode ACME certificate renewal","Sucessful regeneration of the ACME keypair for the trustpoint. • keyname —Name of the keypair in the trustpoint • tpname —Name of the trustpoint being enrolled • mode—Enrollment trigger: Manual or Automatic","None required.","5","Notification","5","network","general"
+"%ASA-3-717071","717071","CRL signature validation failed. Issuer: issuer name. Last Update: date and time. Next Update: date and time.","%ASA-3-717071: CRL signature validation failed. Issuer: issuer name. Last Update: date and time. Next Update: date and time.","This syslog is generated during the X509 certificate verification process when an error is detected, where the message displays a certificate revocation list (CRL) information for the failed signature validation.","None required.","3","Error","5","network","general"
+"%ASA-5-717072","717072","A CRL with an older version than the currently cached one was downloaded.","%ASA-5-717072: A CRL with an older version than the currently cached one was downloaded.","This syslog is generated when the current CRL in the cache is replaced by the one that has an older version. This message appears during the certificate revocation list verification and CRL insertion process.","None required. Messages 718001 to 719026 This section includes messages from 718001 to 719026.","5","Notification","5","network","general"
+"%ASA-7-718001","718001","Internal interprocess communication queue send failure: code [error_code].","%ASA-7-718001: Internal interprocess communication queue send failure: code [error_code].","An internal software error has occurred while attempting to enqueue a message on the VPN load balancing queue.","This is generally a benign condition. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-5-718002","718002","Create peer IP_address failure, already at maximum of [number_of_peers]","%ASA-5-718002: Create peer IP_address failure, already at maximum of [number_of_peers]","The maximum number of load-balancing peers has been exceeded. The new peer is ignored.","Check your load balancing and network configuration to ensure that the number of load-balancing peers does not exceed the maximum allowed.","5","Notification","35","network","general"
+"%ASA-6-718003","718003","Got unknown peer message [message_number] from [IP_address], local version [version_number], remote version [version_number]","%ASA-6-718003: Got unknown peer message [message_number] from [IP_address], local version [version_number], remote version [version_number]","An unrecognized load-balancing message was received from one of the load-balancing peers. This may indicate a version mismatch between peers, but is most likely caused by an internal software error.","Verify that all load-balancing peers are compatible. If they are and this condition persists or is linked to undesirable behavior, contact the Cisco TAC.","6","Informational","35","network","general"
+"%ASA-6-718004","718004","Got unknown internal message [message_number]","%ASA-6-718004: Got unknown internal message [message_number]","An internal software error occurred.","This is generally a benign condition. If the problem persists, contact the Cisco TAC.","6","Informational","15","network","general"
+"%ASA-5-718005","718005","Fail to send to IP_address, port port","%ASA-5-718005: Fail to send to IP_address, port port","An internal software error occurred during packet transmission on the load-balancing socket. This mght indicate a network problem.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-5-718006","718006","Invalid load balancing state transition [cur=state_number][event=event_number]","%ASA-5-718006: Invalid load balancing state transition [cur=state_number][event=event_number]","A state machine error has occurred. This might indicate an internal software error.","This is generally a benign condition. If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-5-718007","718007","Socket open failure [failure_code]: failure_text","%ASA-5-718007: Socket open failure [failure_code]: failure_text","An error occurred when the load-balancing socket tried to open. This might indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","45","network","general"
+"%ASA-5-718008","718008","Socket bind failure [failure_code]: failure_text","%ASA-5-718008: Socket bind failure [failure_code]: failure_text","An error occurred when the Secure Firewall ASA tried to bind to the load-balancing socket. This might indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","45","network","general"
+"%ASA-5-718009","718009","Send HELLO response failure to [IP_address]","%ASA-5-718009: Send HELLO response failure to [IP_address]","An error occurred when the Secure Firewall ASA tried to send a hello response message to one of the load-balancing peers. This might indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","45","network","general"
+"%ASA-5-718010","718010","Sent HELLO response to [IP_address]","%ASA-5-718010: Sent HELLO response to [IP_address]","The Secure Firewall ASA transmitted a hello response message to a load-balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-5-718011","718011","Send HELLO request failure to [IP_address]","%ASA-5-718011: Send HELLO request failure to [IP_address]","An error occurred when the Secure Firewall ASA tried to send a hello request message to one of the load-balancing peers. This may indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","45","network","general"
+"%ASA-5-718012","718012","Sent HELLO request to [IP_address]","%ASA-5-718012: Sent HELLO request to [IP_address]","The Secure Firewall ASA transmitted a hello request message to a load-balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-6-718013","718013","Peer[IP_address] is not answering HELLO","%ASA-6-718013: Peer[IP_address] is not answering HELLO","The load-balancing peer is not answering a hello request message.","Check the status of the load-balancing SSF peer and the network connections.","6","Informational","15","network","general"
+"%ASA-5-718014","718014","Master peer[IP_address] is not answering HELLO","%ASA-5-718014: Master peer[IP_address] is not answering HELLO","The load balancing director peer is not answering the hello request message.","Check the status of the load balancing SSF director peer and the network connections.","5","Notification","25","network","general"
+"%ASA-5-718015","718015","Received HELLO request from [IP_address]","%ASA-5-718015: Received HELLO request from [IP_address]","The Secure Firewall ASA received a hello request message from the load balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-5-718016","718016","Received HELLO response from [IP_address]","%ASA-5-718016: Received HELLO response from [IP_address]","The Secure Firewall ASA received a Hello Response packet from a load balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-7-718017","718017","Got timeout for unknown peer[IP_address] msg type[message_type]","%ASA-7-718017: Got timeout for unknown peer[IP_address] msg type[message_type]","The Secure Firewall ASA processed a timeout for an unknown peer. The message was ignored because the peer may have already been removed from the active list.","If the message persists or is linked to undesirable behavior, check the load balancing peers and verify that all are configured correctly.","7","Debugging","25","network","general"
+"%ASA-7-718018","718018","Send KEEPALIVE request failure to [IP_address]","%ASA-7-718018: Send KEEPALIVE request failure to [IP_address]","An error has occurred while attempting to send a Keepalive Request message to one of the load balancing peers. This t indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","7","Debugging","25","network","general"
+"%ASA-7-718019","718019","Sent KEEPALIVE request to [IP_address]","%ASA-7-718019: Sent KEEPALIVE request to [IP_address]","The Secure Firewall ASA transmitted a Keepalive Request message to a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718020","718020","Send KEEPALIVE response failure to [IP_address]","%ASA-7-718020: Send KEEPALIVE response failure to [IP_address]","An error has occurred while attempting to send a Keepalive Response message to one of the load balancing peers. This may indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","7","Debugging","25","network","general"
+"%ASA-7-718021","718021","Sent KEEPALIVE response to [IP_address]","%ASA-7-718021: Sent KEEPALIVE response to [IP_address]","The Secure Firewall ASA transmitted a Keepalive Response message to a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718022","718022","Received KEEPALIVE request from [IP_address]","%ASA-7-718022: Received KEEPALIVE request from [IP_address]","The Secure Firewall ASA received a Keepalive Request message from a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718023","718023","Received KEEPALIVE response from [IP_address]","%ASA-7-718023: Received KEEPALIVE response from [IP_address]","The Secure Firewall ASA received a Keepalive Response message from a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-5-718024","718024","Send CFG UPDATE failure to [IP_address]","%ASA-5-718024: Send CFG UPDATE failure to [IP_address]","An error has occurred while attempting to send a Configuration Update message to one of the load balancing peers. This might indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","45","network","general"
+"%ASA-7-718025","718025","Sent CFG UPDATE to [IP_address]","%ASA-7-718025: Sent CFG UPDATE to [IP_address]","The Secure Firewall ASA transmitted a Configuration Update message to a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718026","718026","Received CFG UPDATE from [IP_address]","%ASA-7-718026: Received CFG UPDATE from [IP_address]","The Secure Firewall ASA received a Configuration Update message from a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-6-718027","718027","Received unexpected KEEPALIVE request from [IP_address]","%ASA-6-718027: Received unexpected KEEPALIVE request from [IP_address]","The Secure Firewall ASA received an unexpected Keepalive request message from a load balancing peer.","If the problem persists or is linked with undesirable behavior, verify that all load balancing peers are configured and discovered correctly.","6","Informational","25","network","general"
+"%ASA-5-718028","718028","Send OOS indicator failure to [IP_address]","%ASA-5-718028: Send OOS indicator failure to [IP_address]","An error has occurred while attempting to send an OOS indicator message to one of the load balancing peers. This might indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA and verify that interfaces are active and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","45","network","general"
+"%ASA-7-718029","718029","Sent OOS indicator to [IP_address]","%ASA-7-718029: Sent OOS indicator to [IP_address]","The Secure Firewall ASA transmitted an OOS indicator message to a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-6-718030","718030","Received planned OOS from [IP_address]","%ASA-6-718030: Received planned OOS from [IP_address]","The Secure Firewall ASA received a planned OOS message from a load balancing peer.","None required.","6","Informational","5","network","general"
+"%ASA-5-718031","718031","Received OOS obituary for [IP_address]","%ASA-5-718031: Received OOS obituary for [IP_address]","The Secure Firewall ASA received an OOS obituary message from a load balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-5-718032","718032","Received OOS indicator from [IP_address]","%ASA-5-718032: Received OOS indicator from [IP_address]","The Secure Firewall ASA received an OOS indicator message from a load balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-5-718033","718033","Send TOPOLOGY indicator failure to [IP_address]","%ASA-5-718033: Send TOPOLOGY indicator failure to [IP_address]","An error has occurred while attempting to send a Topology indicator message to one of the load balancing peers. This might indicate a network problem or an internal software error.","Check the network-based configuration on the Secure Firewall ASA. Verify that interfaces are active, and protocol data is flowing through the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","5","Notification","45","network","general"
+"%ASA-7-718034","718034","Sent TOPOLOGY indicator to [IP_address]","%ASA-7-718034: Sent TOPOLOGY indicator to [IP_address]","The Secure Firewall ASA sent a Topology indicator message to a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718035","718035","Received TOPOLOGY indicator from [IP_address]","%ASA-7-718035: Received TOPOLOGY indicator from [IP_address]","The Secure Firewall ASA received a Topology indicator message from a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718036","718036","Process timeout for req-type[type_value], exid[exchange_ID], peer[IP_address]","%ASA-7-718036: Process timeout for req-type[type_value], exid[exchange_ID], peer[IP_address]","The Secure Firewall ASA processed a peer timeout.","Verify that the peer should have been timed out. If not, check the load balancing peer configuration and the network connection between the peer and the Secure Firewall ASA.","7","Debugging","25","network","general"
+"%ASA-6-718037","718037","Master processed number_of_timeouts timeouts","%ASA-6-718037: Master processed number_of_timeouts timeouts","The Secure Firewall ASA in the director role processed the specified number of peer timeouts.","Verify that the timeouts are legitimate. If not, check the peer load balancing configuration and the network connection between the peer and the Secure Firewall ASA.","6","Informational","35","network","general"
+"%ASA-6-718038","718038","Slave processed number_of_timeouts timeouts","%ASA-6-718038: Slave processed number_of_timeouts timeouts","The Secure Firewall ASA in the member role processed the specified number of peer timeouts.","Verify that the timeouts are legitimate. If not, check the peer load balancing configuration and the network connection between the peer and the Secure Firewall ASA.","6","Informational","35","network","general"
+"%ASA-6-718039","718039","Process dead peer[IP_address]","%ASA-6-718039: Process dead peer[IP_address]","The Secure Firewall ASA has detected a dead peer.","Verify that the dead peer detection is legitimate. If not, check the peer load balancing configuration and the network connection between the peer and the Secure Firewall ASA.","6","Informational","25","network","general"
+"%ASA-6-718040","718040","Timed-out exchange ID[exchange_ID] not found","%ASA-6-718040: Timed-out exchange ID[exchange_ID] not found","The Secure Firewall ASA has detected a dead peer, but the exchange ID is not recognized.","None required.","6","Informational","5","network","general"
+"%ASA-7-718041","718041","Timeout [msgType=type] processed with no callback","%ASA-7-718041: Timeout [msgType=type] processed with no callback","The Secure Firewall ASA has detected a dead peer, but a call back was not used in the processing.","None required.","7","Debugging","5","network","general"
+"%ASA-5-718042","718042","Unable to ARP for [IP_address].","%ASA-5-718042: Unable to ARP for [IP_address].","The Secure Firewall ASA experienced an ARP failure when attempting to contact a peer.","Verify that the network is operational and that all peers can communicate with each other.","5","Notification","45","network","general"
+"%ASA-5-718043","718043","Updating/removing duplicate peer entry [IP_address]","%ASA-5-718043: Updating/removing duplicate peer entry [IP_address]","The Secure Firewall ASA found and is removing a duplicate peer entry.","None required.","5","Notification","5","network","general"
+"%ASA-5-718044","718044","Deleted peer[IP_address]","%ASA-5-718044: Deleted peer[IP_address]","The Secure Firewall ASA is deleting a load balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-5-718045","718045","Created peer[IP_address]","%ASA-5-718045: Created peer[IP_address]","The Secure Firewall ASA has detected a load balancing peer.","None required.","5","Notification","5","network","general"
+"%ASA-7-718046","718046","Create group policy [policy_name]","%ASA-7-718046: Create group policy [policy_name]","The Secure Firewall ASA has created a group policy to securely communicate with the load balancing peers.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718047","718047","Fail to create group policy [policy_name]","%ASA-7-718047: Fail to create group policy [policy_name]","The Secure Firewall ASA experienced a failure when attempting to create a group policy for securing the communication between load balancing peers.","Verify that the load balancing configuration is correct.","7","Debugging","25","network","general"
+"%ASA-5-718048","718048","Create of secure tunnel failure for peer [IP_address]","%ASA-5-718048: Create of secure tunnel failure for peer [IP_address]","The Secure Firewall ASA experienced a failure when attempting to establish an IPsec tunnel to a load balancing peer.","Verify that the load balancing configuration is correct and that the network is operational.","5","Notification","45","network","general"
+"%ASA-7-718049","718049","Created secure tunnel to peer[IP_address]","%ASA-7-718049: Created secure tunnel to peer[IP_address]","The Secure Firewall ASA successfully established an IPsec tunnel to a load balancing peer.","None required.","7","Debugging","5","network","general"
+"%ASA-5-718050","718050","Delete of secure tunnel failure for peer [IP_address]","%ASA-5-718050: Delete of secure tunnel failure for peer [IP_address]","The Secure Firewall ASA experienced a failure when attempting to terminate an IPsec tunnel to a load balancing peer.","Verify that the load balancing configuration is correct and that the network is operational.","5","Notification","45","network","general"
+"%ASA-6-718051","718051","Deleted secure tunnel to peer[IP_address]","%ASA-6-718051: Deleted secure tunnel to peer[IP_address]","The Secure Firewall ASA successfully terminated an IPsec tunnel to a load balancing peer.","None required.","6","Informational","5","network","general"
+"%ASA-5-718052","718052","Received GRAT-ARP from duplicate control node[MAC_address]","%ASA-5-718052: Received GRAT-ARP from duplicate control node[MAC_address]","The Secure Firewall ASA received a gratuitous ARP from a duplicate director.","Check the load balancing configuration and verify that the network is operational.","5","Notification","35","network","general"
+"%ASA-5-718053","718053","Detected duplicate control node, mastership stolen[MAC_address]","%ASA-5-718053: Detected duplicate control node, mastership stolen[MAC_address]","The Secure Firewall ASA detected a duplicate director and a stolen director.","Check the load balancing configuration and verify that the network is operational.","5","Notification","35","network","general"
+"%ASA-5-718054","718054","Detected duplicate control node[MAC_address] and going to SLAVE","%ASA-5-718054: Detected duplicate control node[MAC_address] and going to SLAVE","The Secure Firewall ASA detected a duplicate director and is switching to member mode.","Check the load balancing configuration and verify that the network is operational.","5","Notification","35","network","general"
+"%ASA-5-718055","718055","Detected duplicate control node[MAC_address] and staying MASTER","%ASA-5-718055: Detected duplicate control node[MAC_address] and staying MASTER","The Secure Firewall ASA detected a duplicate director and is staying in member mode.","Check the load balancing configuration and verify that the network is operational.","5","Notification","35","network","general"
+"%ASA-7-718056","718056","Deleted Master peer, IP IP_address","%ASA-7-718056: Deleted Master peer, IP IP_address","The Secure Firewall ASA deleted the load balancing director from its internal tables.","None required.","7","Debugging","5","network","general"
+"%ASA-5-718057","718057","Queue send failure from ISR, msg type failure_code","%ASA-5-718057: Queue send failure from ISR, msg type failure_code","An internal software error has occurred while attempting to enqueue a message on the VPN load balancing queue from an Interrupt Service Routing.","This is generally a benign condition. If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-7-718058","718058","State machine return code: action_routine, return_code","%ASA-7-718058: State machine return code: action_routine, return_code","The return codes of action routines belonging to the load balancing finite state machine are being traced.","None required.","7","Debugging","5","network","general"
+"%ASA-7-718059","718059","State machine function trace: state=state_name, event=event_name, func=action_routine.","%ASA-7-718059: State machine function trace: state=state_name, event=event_name, func=action_routine.","The events and states of the load balancing finite state machine are being traced.","None required.","7","Debugging","5","network","general"
+"%ASA-5-718060","718060","Inbound socket select fail: context=context_ID.","%ASA-5-718060: Inbound socket select fail: context=context_ID.","The socket select call returned an error and the socket cannot be read. This might indicate an internal software error.","If the problem persists, contact the Cisco TAC.","5","Notification","25","network","general"
+"%ASA-5-718061","718061","Inbound socket read fail: context=context_ID.","%ASA-5-718061: Inbound socket read fail: context=context_ID.","The socket read failed after data was detected through the select call. This might indicate an internal software error.","If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-5-718062","718062","Inbound thread is awake (context=context_ID).","%ASA-5-718062: Inbound thread is awake (context=context_ID).","The load balancing process is awakened and begins processing.","None required.","5","Notification","5","network","general"
+"%ASA-5-718063","718063","Interface interface_name is down.","%ASA-5-718063: Interface interface_name is down.","The load balancing process found the interface down.","Check the interface configuration to make sure that the interface is operational.","5","Notification","25","network","general"
+"%ASA-5-718064","718064","Admin. interface interface_name is down.","%ASA-5-718064: Admin. interface interface_name is down.","The load balancing process found the administrative interface down.","Check the administrative interface configuration to make sure that the interface is operational.","5","Notification","25","network","general"
+"%ASA-5-718065","718065","Cannot continue to run (public=up, private=down, enable=up, control node=down, session=LB_state).","%ASA-5-718065: Cannot continue to run (public=up, private=down, enable=up, control node=down, session=LB_state).","The load balancing process can not run because all prerequisite conditions have not been met. The prerequisite conditions are two active interfaces and load balancing enabled.","Check the interface configuration to make sure at least two interfaces are operational and load balancing is enabled.","5","Notification","25","network","general"
+"%ASA-5-718066","718066","Cannot add secondary address to interface interface_name, ip IP_address.","%ASA-5-718066: Cannot add secondary address to interface interface_name, ip IP_address.","Load balancing requires a secondary address to be added to the outside interface. A failure occurred in adding that secondary address.","Check the address being used as the secondary address and make sure that it is valid and unique. Check the configuration of the outside interface.","5","Notification","35","network","general"
+"%ASA-5-718067","718067","Cannot delete secondary address to interface interface_name, ip IP_address.","%ASA-5-718067: Cannot delete secondary address to interface interface_name, ip IP_address.","The deletion of the secondary address failed, which might indicate an addressing problem or an internal software error.","Check the addressing information of the outside interface and make sure that the secondary address is valid and unique. If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-5-718068","718068","Start VPN Load Balancing in context context_ID.","%ASA-5-718068: Start VPN Load Balancing in context context_ID.","The load balancing process has been started and initialized.","None required.","5","Notification","5","network","general"
+"%ASA-5-718069","718069","Stop VPN Load Balancing in context context_ID.","%ASA-5-718069: Stop VPN Load Balancing in context context_ID.","The load balancing process has been stopped.","None required.","5","Notification","5","network","general"
+"%ASA-5-718070","718070","Reset VPN Load Balancing in context context_ID.","%ASA-5-718070: Reset VPN Load Balancing in context context_ID.","The LB process has been reset.","None required.","5","Notification","5","network","general"
+"%ASA-5-718071","718071","Terminate VPN Load Balancing in context context_ID.","%ASA-5-718071: Terminate VPN Load Balancing in context context_ID.","The LB process has been terminated.","None required.","5","Notification","5","network","general"
+"%ASA-5-718072","718072","Becoming control node of Load Balancing in context context_ID.","%ASA-5-718072: Becoming control node of Load Balancing in context context_ID.","The Secure Firewall ASA has become the LB director.","None required.","5","Notification","5","network","general"
+"%ASA-5-718073","718073","Becoming data node of Load Balancing in context context_ID.","%ASA-5-718073: Becoming data node of Load Balancing in context context_ID.","The Secure Firewall ASA has become the LB member.","None required.","5","Notification","5","network","general"
+"%ASA-5-718074","718074","Fail to create access list for peer context_ID.","%ASA-5-718074: Fail to create access list for peer context_ID.","ACLs are used to create secure tunnels over which the LB peers can communicate. The Secure Firewall ASA was unable to create one of these ACLs. This might indicate an addressing problem or an internal software problem.","Check the addressing information of the inside interface on all peers and ensure that all peers are discovered correctly. If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-5-718075","718075","Peer IP_address access list not set.","%ASA-5-718075: Peer IP_address access list not set.","While removing a secure tunnel, the Secure Firewall ASA detected a peer entry that did not have an associated ACL.","None required.","5","Notification","5","network","general"
+"%ASA-5-718076","718076","Fail to create tunnel group for peer IP_address.","%ASA-5-718076: Fail to create tunnel group for peer IP_address.","The Secure Firewall ASA experienced a failure when trying to create a tunnel group for securing the communication between load balancing peers.","Verify that the load balancing configuration is correct.","5","Notification","45","network","general"
+"%ASA-5-718077","718077","Fail to delete tunnel group for peer IP_address.","%ASA-5-718077: Fail to delete tunnel group for peer IP_address.","The Secure Firewall ASA experienced a failure when attempting to delete a tunnel group for securing the communication between load balancing peers.","None required.","5","Notification","5","network","general"
+"%ASA-5-718078","718078","Fail to create crypto map for peer IP_address.","%ASA-5-718078: Fail to create crypto map for peer IP_address.","The Secure Firewall ASA experienced a failure when attempting to create a crypto map for securing the communication between load balancing peers.","Verify that the load balancing configuration is correct.","5","Notification","45","network","general"
+"%ASA-5-718079","718079","Fail to delete crypto map for peer IP_address.","%ASA-5-718079: Fail to delete crypto map for peer IP_address.","The Secure Firewall ASA experienced a failure when attempting to delete a crypto map for securing the communication between load balancing peers.","None required.","5","Notification","5","network","general"
+"%ASA-5-718080","718080","Fail to create crypto policy for peer IP_address.","%ASA-5-718080: Fail to create crypto policy for peer IP_address.","The Secure Firewall ASA experienced a failure when attempting to create a transform set to be used in securing the communication between load balancing peers. This might indicate an internal software problem.","If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-5-718081","718081","Fail to delete crypto policy for peer IP_address.","%ASA-5-718081: Fail to delete crypto policy for peer IP_address.","The Secure Firewall ASA experienced a failure when attempting to delete a transform set used in securing the communication between load balancing peers.","None required.","5","Notification","5","network","general"
+"%ASA-5-718082","718082","Fail to create crypto ipsec for peer IP_address.","%ASA-5-718082: Fail to create crypto ipsec for peer IP_address.","When cluster encryption for VPN load balancing is enabled, the VPN load balancing device creates a set of site-to-site tunnels for every other device in the load balancing cluster. For each tunnel, a set of crypto parameters (access list, crypto maps, and transform set) is created dynamically. One or more crypto parameters failed to be created or configured. • IP_address—The IP address of the remote peer","Examine the message for other entries specific to the type of crypto parameters that failed to be created.","5","Notification","35","network","general"
+"%ASA-5-718083","718083","Fail to delete crypto ipsec for peer IP_address.","%ASA-5-718083: Fail to delete crypto ipsec for peer IP_address.","When the local VPN load balancing device is removed from the cluster, crypto parameters are removed. One or more crypto parameters failed to be deleted. • IP_address—The IP address of the remote peer","Examine the message for other entries specific to the type of crypto parameters that failed to be deleted.","5","Notification","35","network","general"
+"%ASA-5-718084","718084","Public/cluster IP not on the same subnet: public IP_address, mask netmask, cluster IP_address","%ASA-5-718084: Public/cluster IP not on the same subnet: public IP_address, mask netmask, cluster IP_address","The cluster IP address is not on the same network as the outside interface of the Secure Firewall ASA.","Make sure that both the cluster (or virtual) IP address and the outside interface address are on the same network.","5","Notification","25","network","general"
+"%ASA-5-718085","718085","Interface interface_name has no IP address defined.","%ASA-5-718085: Interface interface_name has no IP address defined.","The interface does not have an IP address configured.","Configure an IP address for the interface.","5","Notification","25","network","general"
+"%ASA-5-718086","718086","Fail to install LB NP rules: type rule_type, dst interface_name, port port.","%ASA-5-718086: Fail to install LB NP rules: type rule_type, dst interface_name, port port.","The Secure Firewall ASA experienced a failure when attempting to create a SoftNP ACL rule to be used in securing the communication between load balancing peers. This may indicate an internal software problem.","If the problem persists, contact the Cisco TAC.","5","Notification","35","network","general"
+"%ASA-5-718087","718087","Fail to delete LB NP rules: type rule_type, rule rule_ID.","%ASA-5-718087: Fail to delete LB NP rules: type rule_type, rule rule_ID.","The Secure Firewall ASA experienced a failure when attempting to delete the SoftNP ACL rule used in securing the communication between load balancing peers.","None required.","5","Notification","5","network","general"
+"%ASA-7-718088","718088","Possible VPN LB misconfiguration. Offending device MAC [MAC_address].","%ASA-7-718088: Possible VPN LB misconfiguration. Offending device MAC [MAC_address].","The presence of a duplicate director indicates that one of the load balancing peers may be misconfigured.","Check the load balancing configuration on all peers, but pay special attention to the peer identified.","7","Debugging","5","network","general"
+"%ASA-6-719001","719001","Email Proxy session could not be established: session limit of maximum_sessions has been reached.","%ASA-6-719001: Email Proxy session could not be established: session limit of maximum_sessions has been reached.","The incoming e-mail proxy session cannot be established because the maximum session limit has been reached. • maximum_sessions—The maximum session number","None required.","6","Informational","5","network","general"
+"%ASA-3-719002","719002","Email Proxy session pointer from source_address has been terminated due to reason error.","%ASA-3-719002: Email Proxy session pointer from source_address has been terminated due to reason error.","The session has been terminated because of an error. The possible errors are failure to add a session to the session database, failure to allocate memory, and failure to write data to a channel. • pointer—The session pointer • source_address—The e-mail proxy client IP address • reason—The error type","None required.","3","Error","5","network","general"
+"%ASA-6-719003","719003","Email Proxy session pointer resources have been freed for source_address .","%ASA-6-719003: Email Proxy session pointer resources have been freed for source_address .","The dynamic allocated session structure has been freed and set to NULL after the session terminated.","None required.","6","Informational","5","network","general"
+"%ASA-6-719004","719004","Email Proxy session pointer has been successfully established for source_address .","%ASA-6-719004: Email Proxy session pointer has been successfully established for source_address .","A new incoming e-mail client session has been established.","None required.","6","Informational","5","network","general"
+"%ASA-7-719005","719005","FSM NAME has been created using protocol for session pointer from source_address .","%ASA-7-719005: FSM NAME has been created using protocol for session pointer from source_address .","The FSM has been created for an incoming new session. • NAME—The FSM instance name for the session • protocol—The e-mail protocol type (for example, POP3, IMAP, and SMTP) • pointer—The session pointer • source_address—The e-mail proxy client IP address","None required.","7","Debugging","5","network","general"
+"%ASA-7-719006","719006","Email Proxy session pointer has timed out for source_address because of network congestion.","%ASA-7-719006: Email Proxy session pointer has timed out for source_address because of network congestion.","Network congestion is occurring, and data cannot be sent to either an e-mail client or an e-mail server. This condition starts the block timer. After the block timer is timed out, the session expires. • pointer—The session pointer • source_address—The e-mail proxy client IP address","Retry the operation after a few minutes.","7","Debugging","5","network","general"
+"%ASA-7-719007","719007","Email Proxy session pointer cannot be found for source_address .","%ASA-7-719007: Email Proxy session pointer cannot be found for source_address .","A matching session cannot be found in the session database. The session pointer is bad. • pointer—The session pointer • source_address—The e-mail proxy client IP address","None required.","7","Debugging","5","network","general"
+"%ASA-3-719008","719008","Email Proxy service is shutting down.","%ASA-3-719008: Email Proxy service is shutting down.","The e-mail proxy is disabled. All resources are cleaned up, and all threads are terminated.","None required.","3","Error","5","network","general"
+"%ASA-7-719009","719009","Email Proxy service is starting.","%ASA-7-719009: Email Proxy service is starting.","The e-mail proxy is enabled.","None required.","7","Debugging","5","network","general"
+"%ASA-6-719010","719010","protocol Email Proxy feature is disabled on interface interface_name .","%ASA-6-719010: protocol Email Proxy feature is disabled on interface interface_name .","The e-mail proxy feature is disabled on a specific entry point, invoked from the CLI. This is the main off switch for the user. When all protocols are turned off for all interfaces, the main shut-down routine is invoked to clean up global resources and threads. • protocol—The e-mail proxy protocol type (for example, POP3, IMAP, and SMTP) • interface_name —The Secure Firewall ASA interface name","None required.","6","Informational","5","network","general"
+"%ASA-6-719011","719011","Protocol Email Proxy feature is enabled on interface interface_name .","%ASA-6-719011: Protocol Email Proxy feature is enabled on interface interface_name .","The e-mail proxy feature is enabled on a specific entry point, invoked from the CLI. This is the main on switch for the user. When it is first used, the main startup routine is invoked to allocate global resources and threads. Subsequent calls only need to start listening threads for the particular protocol. • protocol—The e-mail proxy protocol type (for example, POP3, IMAP, and SMTP) • interface_name —The Secure Firewall ASA interface name","None required.","6","Informational","5","network","general"
+"%ASA-6-719012","719012","Email Proxy server listening on port port for mail protocol protocol .","%ASA-6-719012: Email Proxy server listening on port port for mail protocol protocol .","A listening channel is opened for a specific protocol on a configured port and has added it to a TCP select group. • port—The configured port number • protocol—The e-mail proxy protocol type (for example, POP3, IMAP, and SMTP)","None required.","6","Informational","5","network","general"
+"%ASA-6-719013","719013","Email Proxy server closing port port for mail protocol protocol .","%ASA-6-719013: Email Proxy server closing port port for mail protocol protocol .","A listening channel is closed for a specific protocol on a configured port and has removed it from the TCP select group. • port—The configured port number • protocol—The e-mail proxy protocol type (for example, POP3, IMAP, and SMTP)","None required.","6","Informational","5","network","general"
+"%ASA-5-719014","719014","Email Proxy is changing listen port from old_port to new_port for mail protocol protocol .","%ASA-5-719014: Email Proxy is changing listen port from old_port to new_port for mail protocol protocol .","A change is signaled in the listening port for the specified protocol. All enabled interfaces for that port have their listening channels closed and have restarted listening on the new port. This action is invoked from the CLI. • old_port—The previously configured port number • new_port —The newly configured port number • protocol—The e-mail proxy protocol type (for example, POP3, IMAP, and SMTP)","None required.","5","Notification","5","network","general"
+"%ASA-7-719015","719015","Parsed emailproxy session pointer from source_address username: mailuser = mail_user , vpnuser = VPN_user , mailserver = server","%ASA-7-719015: Parsed emailproxy session pointer from source_address username: mailuser = mail_user , vpnuser = VPN_user , mailserver = server","The username string is received from the client in the format vpnuser (name delimiter) mailuser (server delimiter) mailserver (for example: xxx:yyy@cisco.com). The name delimiter is optional. When the delimiter is not there, the VPN username and mail username are the same. The server delimiter is optional. When it is not present, the default configured mail server will be used. • pointer—The session pointer • source_address—The e-mail proxy client IP address • mail_user—The e-mail account username • VPN_user—The WebVPN username • server—The e-mail server","None required.","7","Debugging","5","network","general"
+"%ASA-7-719016","719016","Parsed emailproxy session pointer from source_address password: mailpass = ******, vpnpass= ******","%ASA-7-719016: Parsed emailproxy session pointer from source_address password: mailpass = ******, vpnpass= ******","The password string is received from the client in the format, vpnpass (name delimiter) mailpass (for example: xxx:yyy). The name delimiter is optional. When it is not present, the VPN password and mail password are the same. • pointer—The session pointer • source_address—The e-mail proxy client IP address","None required.","7","Debugging","5","network","general"
+"%ASA-6-719017","719017","WebVPN user: vpnuser invalid dynamic ACL.","%ASA-6-719017: WebVPN user: vpnuser invalid dynamic ACL.","The WebVPN session is aborted because the ACL has failed to parse for this user. The ACL determines what the user restrictions are on e-mail account access. The ACL is downloaded from the AAA server. Because of this error, it is unsafe to proceed with login. • vpnuser—The WebVPN username","Check the AAA server and fix the dynamic ACL for this user.","6","Informational","25","network","general"
+"%ASA-6-719018","719018","WebVPN user: vpnuser ACL ID acl_ID not found","%ASA-6-719018: WebVPN user: vpnuser ACL ID acl_ID not found","The ACL cannot be found at the local maintained ACL list. The ACL determines what the user restrictions are on e-mail account access. The ACL is configured locally. Because of this error, you cannot be authorized to proceed. • vpnuser—The WebVPN username • acl_ID—The local configured ACL identification string","Check the local ACL configuration.","6","Informational","15","network","general"
+"%ASA-6-719019","719019","WebVPN user: vpnuser authorization failed.","%ASA-6-719019: WebVPN user: vpnuser authorization failed.","The ACL determines what the user restrictions are on e-mail account access. The user cannot access the e-mail account because the authorization check fails. • vpnuser—The WebVPN username","None required.","6","Informational","5","network","general"
+"%ASA-6-719020","719020","WebVPN user vpnuser authorization completed successfully.","%ASA-6-719020: WebVPN user vpnuser authorization completed successfully.","The ACL determines what the user restrictions are on e-mail account access. The user is authorized to access the e-mail account. • vpnuser—The WebVPN username","None required.","6","Informational","5","network","general"
+"%ASA-6-719021","719021","WebVPN user: vpnuser is not checked against ACL.","%ASA-6-719021: WebVPN user: vpnuser is not checked against ACL.","The ACL determines what the user restrictions are on e-mail account access. The authorization checking using the ACL is not enabled. • vpnuser—The WebVPN username","Enable the ACL checking feature, if necessary.","6","Informational","15","network","general"
+"%ASA-6-719022","719022","WebVPN user vpnuser has been authenticated.","%ASA-6-719022: WebVPN user vpnuser has been authenticated.","The username is authenticated by the AAA server. • vpnuser—The WebVPN username","None required.","6","Informational","5","network","general"
+"%ASA-6-719023","719023","WebVPN user vpnuser has not been successfully authenticated. Access denied.","%ASA-6-719023: WebVPN user vpnuser has not been successfully authenticated. Access denied.","The username is denied by the AAA server. The session will be aborted. The user is not allowed to access the e-mail account. • vpnuser—The WebVPN username","None required.","6","Informational","35","network","general"
+"%ASA-6-719024","719024","Email Proxy piggyback auth fail: session = pointer user=vpnuser addr=source_address","%ASA-6-719024: Email Proxy piggyback auth fail: session = pointer user=vpnuser addr=source_address","The Piggyback authentication is using an established WebVPN session to verify the username and IP address matching in the WebVPN session database. This is based on the assumption that the WebVPN session and e-mail proxy session are initiated by the same user, and a WebVPN session is already established. Because the authentication has failed, the session will be aborted. The user is not allowed to access the e-mail account. • pointer—The session pointer • vpnuser—The WebVPN username • source_address—The client IP address","None required.","6","Informational","5","network","general"
+"%ASA-6-719025","719025","Email Proxy DNS name resolution failed for hostname .","%ASA-6-719025: Email Proxy DNS name resolution failed for hostname .","The hostname cannot be resolved with the IP address because it is not valid, or no DNS server is available. • hostname—The hostname that needs to be resolved","Check DNS server availability and whether or not the configured mail server name is valid.","6","Informational","25","network","general"
+"%ASA-6-719026","719026","Email Proxy DNS name hostname resolved to IP_address .","%ASA-6-719026: Email Proxy DNS name hostname resolved to IP_address .","The hostname has successfully been resolved with the IP address. • hostname—The hostname that needs to be resolved • IP_address—The IP address resolved from the configured mail server name","None required. Messages 720001 to 721019 This section includes messages from 720001 to 721019.","6","Informational","5","network","general"
+"%ASA-4-720001","720001","(VPN-unit ) Failed to initialize with Chunk Manager.","%ASA-4-720001: (VPN-unit ) Failed to initialize with Chunk Manager.","The VPN failover subsystem fails to initialize with the memory buffer management subsystem. A system-wide problem has occurred, and the VPN failover subsystem cannot be started. • unit—Either Primary or Secondary","Examine the messages for any sign of system-level initialization problems.","4","Warning","55","vpn","tunnel"
+"%ASA-6-720002","720002","(VPN-unit ) Starting VPN Stateful Failover Subsystem...","%ASA-6-720002: (VPN-unit ) Starting VPN Stateful Failover Subsystem...","The VPN failover subsystem is starting and booting up. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720003","720003","(VPN-unit ) Initialization of VPN Stateful Failover Component completed successfully","%ASA-6-720003: (VPN-unit ) Initialization of VPN Stateful Failover Component completed successfully","The VPN failover subsystem initialization is completed at boot time. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720004","720004","(VPN-unit ) VPN failover main thread started.","%ASA-6-720004: (VPN-unit ) VPN failover main thread started.","The VPN failover main processing thread is started at boot time. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720005","720005","(VPN-unit ) VPN failover timer thread started.","%ASA-6-720005: (VPN-unit ) VPN failover timer thread started.","The VPN failover timer processing thread is started at boot time. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720006","720006","(VPN-unit ) VPN failover sync thread started.","%ASA-6-720006: (VPN-unit ) VPN failover sync thread started.","The VPN failover bulk synchronization processing thread is started at boot time. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-4-720007","720007","(VPN-unit ) Failed to allocate chunk from Chunk Manager.","%ASA-4-720007: (VPN-unit ) Failed to allocate chunk from Chunk Manager.","The set of preallocated memory buffers is running out. The Secure Firewall ASA has a resource issue. The Secure Firewall ASA may be under heavy load when too many messages are being processed. • unit—Either Primary or Secondary","This condition may be improved later when the VPN failover subsystem processes outstanding messages and frees up previously allocated memory.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720008","720008","(VPN-unit ) Failed to register to High Availability Framework.","%ASA-4-720008: (VPN-unit ) Failed to register to High Availability Framework.","The VPN failover subsystem failed to register to the core failover subsystem. The VPN failover subsystem cannot be started, which may be caused by initialization problems of other subsystems. • unit—Either Primary or Secondary","Search the message for any sign of system-wide initialization problems.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720009","720009","(VPN-unit ) Failed to create version control block.","%ASA-4-720009: (VPN-unit ) Failed to create version control block.","The VPN failover subsystem failed to create a version control block. This step is required for the VPN failover subsystem to find out the backward compatible firmware versions for the current release. The VPN failover subsystem cannot be started, which may be caused by initialization problems of other subsystems. • unit—Either Primary or Secondary","Search the message for any sign of system-wide initialization problems.","4","Warning","55","vpn","tunnel"
+"%ASA-6-720010","720010","(VPN-unit ) VPN failover client is being disabled","%ASA-6-720010: (VPN-unit ) VPN failover client is being disabled","An operator enabled failover without defining a failover key. In order to use a VPN failover, a failover key must be defined. • unit—Either Primary or Secondary","Use the failover key command to define a shared secret key between the active and standby units.","6","Informational","15","vpn","tunnel"
+"%ASA-4-720011","720011","(VPN-unit ) Failed to allocate memory","%ASA-4-720011: (VPN-unit ) Failed to allocate memory","The VPN failover subsystem cannot allocate a memory buffer, which indicates a system-wide resource problem. The Secure Firewall ASA may be under heavy load. • unit—Either Primary or Secondary","This condition may be improved later when you reduce the load on the Secure Firewall ASA by reducing incoming traffic. By reducing incoming traffic, memory allocated for processing the existing work load will be available, and the Secure Firewall ASA may return to normal operation.","4","Warning","55","vpn","tunnel"
+"%ASA-6-720012","720012","(VPN-unit ) Failed to update IPsec failover runtime data on the standby unit.","%ASA-6-720012: (VPN-unit ) Failed to update IPsec failover runtime data on the standby unit.","The VPN failover subsystem cannot update IPsec-related runtime data because the corresponding IPsec tunnel has been deleted on the standby unit. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-4-720013","720013","(VPN-unit ) Failed to insert certificate in trustpoint trustpoint_name","%ASA-4-720013: (VPN-unit ) Failed to insert certificate in trustpoint trustpoint_name","The VPN failover subsystem tried to insert a certificate in the trustpoint. • unit—Either Primary or Secondary • trustpoint_name—The name of the trustpoint","Check the certificate content to determine if it is invalid.","4","Warning","55","vpn","tunnel"
+"%ASA-6-720014","720014","(VPN-unit ) Phase 2 connection entry (msg_id=message_number , my cookie=mine , his cookie=his ) contains no SA list.","%ASA-6-720014: (VPN-unit ) Phase 2 connection entry (msg_id=message_number , my cookie=mine , his cookie=his ) contains no SA list.","No security association is linked to the Phase 2 connection entry. • unit—Either Primary or Secondary • message_number—The message ID of the Phase 2 connection entry • mine—The My Phase 1 cookie • his—The peer Phase 1 cookie","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720015","720015","(VPN-unit ) Cannot found Phase 1 SA for Phase 2 connection entry (msg_id=message_number ,my cookie=mine , his cookie=his ).","%ASA-6-720015: (VPN-unit ) Cannot found Phase 1 SA for Phase 2 connection entry (msg_id=message_number ,my cookie=mine , his cookie=his ).","The corresponding Phase 1 security association for the given Phase 2 connection entry cannot be found. • unit—Either Primary or Secondary • message_number—The message ID of the Phase 2 connection entry • mine—The My Phase 1 cookie • his—The peer Phase 1 cookie","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-5-720016","720016","(VPN-unit) Failed to initialize default timer #index .","%ASA-5-720016: (VPN-unit) Failed to initialize default timer #index .","The VPN failover subsystem failed to initialize the given timer event. The VPN failover subsystem cannot be started at boot time. • unit—Either Primary or Secondary • index—The internal index of the timer event","Search the message for any sign of system-wide initialization problems.","5","Notification","35","vpn","tunnel"
+"%ASA-5-720017","720017","(VPN-unit ) Failed to update LB runtime data","%ASA-5-720017: (VPN-unit ) Failed to update LB runtime data","The VPN failover subsystem failed to update the VPN load balancing runtime data.","None required.","5","Notification","5","vpn","tunnel"
+"%ASA-5-720018","720018","(VPN-unit ) Failed to get a buffer from the underlying core high availability subsystem. Error code code.","%ASA-5-720018: (VPN-unit ) Failed to get a buffer from the underlying core high availability subsystem. Error code code.","The Secure Firewall ASA may be under heavy load. The VPN failover subsystem failed to obtain a failover buffer. • unit—Either Primary or Secondary • code—The error code returned by the high-availability subsystem","Decrease the amount of incoming traffic to improve the current load condition. With decreased incoming traffic, the Secure Firewall ASA will free up memory allocated for processing the incoming load.","5","Notification","35","vpn","tunnel"
+"%ASA-5-720019","720019","(VPN-unit ) Failed to update cTCP statistics.","%ASA-5-720019: (VPN-unit ) Failed to update cTCP statistics.","The VPN failover subsystem failed to update the IPsec/cTCP-related statistics. • unit—Either Primary or Secondary","None required. Updates are sent periodically, so the standby unit IPsec/cTCP statistics should be updated with the next update message.","5","Notification","5","vpn","tunnel"
+"%ASA-5-720020","720020","(VPN-unit ) Failed to send type timer message.","%ASA-5-720020: (VPN-unit ) Failed to send type timer message.","The VPN failover subsystem failed to send a periodic timer message to the standby unit. • unit—Either Primary or Secondary • type—The type of timer message","None required. The periodic timer message will be resent during the next timeout.","5","Notification","5","vpn","tunnel"
+"%ASA-5-720021","720021","(VPN-unit ) HA non-block send failed for peer msg message_number . HA error code .","%ASA-5-720021: (VPN-unit ) HA non-block send failed for peer msg message_number . HA error code .","The VPN failover subsystem failed to send a nonblock message. This is a temporary condition caused by the Secure Firewall ASA being under load or out of resources. • unit—Either Primary or Secondary • message_number—The ID number of the peer message • code—The error return code","The condition will improve as more resources become available to the Secure Firewall ASA.","5","Notification","35","vpn","tunnel"
+"%ASA-4-720022","720022","(VPN-unit ) Cannot find trustpoint trustpoint","%ASA-4-720022: (VPN-unit ) Cannot find trustpoint trustpoint","An error occurred when the VPN failover subsystem tried to look up a trustpoint by name. • unit—Either Primary or Secondary • trustpoint—The name of the trustpoint.","The trustpoint may be deleted by an operator.","4","Warning","45","vpn","tunnel"
+"%ASA-6-720023","720023","(VPN-unit ) HA status callback: Peer is not present.","%ASA-6-720023: (VPN-unit ) HA status callback: Peer is not present.","The VPN failover subsystem is notified by the core failover subsystem when the local Secure Firewall ASA detected that a peer is available or becomes unavailable. • unit—Either Primary or Secondary • not—Either “not” or left blank","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720024","720024","(VPN-unit ) HA status callback: Control channel is status .","%ASA-6-720024: (VPN-unit ) HA status callback: Control channel is status .","The failover control channel is either up or down. The failover control channel is defined by the failover link and show failover commands, which indicate whether the failover link channel is up or down. • unit—Either Primary or Secondary • status— Up or Down","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720025","720025","(VPN-unit ) HA status callback: Data channel is status .","%ASA-6-720025: (VPN-unit ) HA status callback: Data channel is status .","The failover data channel is up or down. • unit—Either Primary or Secondary • status—Up or Down","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720026","720026","(VPN-unit ) HA status callback: Current progression is being aborted.","%ASA-6-720026: (VPN-unit ) HA status callback: Current progression is being aborted.","An operator or other external condition has occurred and has caused the current failover progression to abort before the failover peer agrees on the role (either active or standby). For example, when the failover active command is entered on the standby unit during the negotiation, or when the active unit is being rebooted.","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720027","720027","(VPN-unit ) HA status callback: My state state .","%ASA-6-720027: (VPN-unit ) HA status callback: My state state .","The state of the local failover device is changed. • unit—Either Primary or Secondary • state—Current state of the local failover device","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720028","720028","(VPN-unit ) HA status callback: Peer state state .","%ASA-6-720028: (VPN-unit ) HA status callback: Peer state state .","The current state of the failover peer is reported. • unit—Either Primary or Secondary • state—Current state of the failover peer","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720029","720029","(VPN-unit ) HA status callback: Start VPN bulk sync state.","%ASA-6-720029: (VPN-unit ) HA status callback: Start VPN bulk sync state.","The active unit is ready to send all the state information to the standby unit. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720030","720030","(VPN-unit ) HA status callback: Stop bulk sync state.","%ASA-6-720030: (VPN-unit ) HA status callback: Stop bulk sync state.","The active unit finished sending all the state information to the standby unit. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-7-720031","720031","(VPN-unit ) HA status callback: Invalid event received. event=event_ID .","%ASA-7-720031: (VPN-unit ) HA status callback: Invalid event received. event=event_ID .","The VPN failover subsystem received an invalid callback event from the underlying failover subsystem. • unit—Either Primary or Secondary","None required.","7","Debugging","5","vpn","tunnel"
+"%ASA-6-720032","720032","(VPN-unit) HA status callback: id=ID , seq=sequence_# , grp=group , event=event , op=operand , my=my_state , peer=peer_state .","%ASA-6-720032: (VPN-unit) HA status callback: id=ID , seq=sequence_# , grp=group , event=event , op=operand , my=my_state , peer=peer_state .","The VPN failover subsystem indicated that a status update was notified by the underlying failover subsystem. • unit—Either Primary or Secondary • ID—Client ID number • sequence_#—Sequence number • group—Group ID • event—Current event • operand—Current operand • my_state—The system current state • peer_state—The current state of the peer","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-4-720033","720033","(VPN-unit ) Failed to queue add to message queue.","%ASA-4-720033: (VPN-unit ) Failed to queue add to message queue.","System resources may be running low. An error occurred when the VPN failover subsystem tried to queue an internal message. This may be a temporary condition indicating that the Secure Firewall ASA is under heavy load, and the VPN failover subsystem cannot allocate resource to handle incoming traffic. • unit—Either Primary or Secondary","This error condition may disappear if the current load of the Secure Firewall ASA is reduced, and additional system resources become available for processing new messages again.","4","Warning","55","vpn","tunnel"
+"%ASA-7-720034","720034","(VPN-unit ) Invalid type (type ) for message handler.","%ASA-7-720034: (VPN-unit ) Invalid type (type ) for message handler.","An error occurred when the VPN failover subsystem tried to process an invalid message type. • unit—Either Primary or Secondary • type—Message type","None required.","7","Debugging","5","vpn","tunnel"
+"%ASA-5-720035","720035","(VPN-unit ) Fail to look up CTCP flow handle","%ASA-5-720035: (VPN-unit ) Fail to look up CTCP flow handle","The cTCP flow may be deleted on the standby unit before the VPN failover subsystem tries to do a lookup.","Look for any sign of cTCP flow deletion in the message to determine the reason (for example, idle timeout) why the flow was deleted.","5","Notification","35","vpn","tunnel"
+"%ASA-5-720036","720036","(VPN-unit ) Failed to process state update message from the active peer.","%ASA-5-720036: (VPN-unit ) Failed to process state update message from the active peer.","An error occurred when the VPN failover subsystem tried to process a state update message received by the standby unit. • unit - Either Primary or Secondary","None required. This may be a temporary condition because of the current load or low system resources.","5","Notification","5","vpn","tunnel"
+"%ASA-6-720037","720037","(VPN-unit ) HA progression callback: id=id ,seq=sequence_number ,grp=group ,event=event ,op=operand , my=my_state ,peer=peer_state .","%ASA-6-720037: (VPN-unit ) HA progression callback: id=id ,seq=sequence_number ,grp=group ,event=event ,op=operand , my=my_state ,peer=peer_state .","The status of the current failover progression is reported. • unit—Either Primary or Secondary • id—Client ID • sequence_number—Sequence number • group—Group ID • event—Current event • operand—Current operand • my_state—Current state of the Secure Firewall ASA • peer_state—Current state of the peer","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-4-720038","720038","(VPN-unit ) Corrupted message from active unit.","%ASA-4-720038: (VPN-unit ) Corrupted message from active unit.","The standby unit received a corrupted message from the active unit. Messages from the active unit are corrupted, which may be caused by incompatible firmware running between the active and standby units. The local unit has become the active unit of the failover pair. • unit—Either Primary or Secondary","None required.","4","Warning","65","vpn","tunnel"
+"%ASA-6-720039","720039","(VPN-unit ) VPN failover client is transitioning to active state","%ASA-6-720039: (VPN-unit ) VPN failover client is transitioning to active state","The local unit has become the active unit of the failover pair. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720040","720040","(VPN-unit ) VPN failover client is transitioning to standby state.","%ASA-6-720040: (VPN-unit ) VPN failover client is transitioning to standby state.","The local unit has become the standby unit of the failover pair. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-7-720041","720041","(VPN-unit ) Sending type message id to standby unit","%ASA-7-720041: (VPN-unit ) Sending type message id to standby unit","A message has been sent from the active unit to the standby unit. • unit—Either Primary or Secondary • type—Message type • id—Identifier for the message","None required.","7","Debugging","5","vpn","tunnel"
+"%ASA-7-720042","720042","(VPN-unit ) Receiving type message id from active unit","%ASA-7-720042: (VPN-unit ) Receiving type message id from active unit","A message has been received from the active unit by the standby unit. • unit—Either Primary or Secondary • type—Message type • id—Identifier for the message","None required.","7","Debugging","5","vpn","tunnel"
+"%ASA-4-720043","720043","(VPN-unit ) Failed to send type message id to standby unit","%ASA-4-720043: (VPN-unit ) Failed to send type message id to standby unit","An error occurred when the VPN failover subsystem tried to send a message from the active unit to the standby unit. The error may be caused by message 720018, in which the core failover subsystem runs out of failover buffer or the failover LAN link is down. • unit—Either Primary or Secondary • type—Message type • id—Identifier for the message","Use the show failover command to see if the failover pair is running correctly and the failover LAN link is up.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720044","720044","(VPN-unit ) Failed to receive message from active unit","%ASA-4-720044: (VPN-unit ) Failed to receive message from active unit","An error occurred when the VPN failover subsystem tried to receive a message on the standby unit. The error may be caused by a corrupted message or an inadequate amount of memory allocated for storing the incoming message. • unit—Either Primary or Secondary","Use the show failover command and look for receive errors to determine if this is a VPN failover-specific problem or a general failover issue. Corrupted messages may be caused by incompatible firmware versions running on the active and standby units. Use the show memory command to determine if a low memory condition exists.","4","Warning","75","vpn","tunnel"
+"%ASA-6-720045","720045","(VPN-unit ) Start bulk syncing of state information on standby unit.","%ASA-6-720045: (VPN-unit ) Start bulk syncing of state information on standby unit.","The standby unit has been notified to start receiving bulk synchronization information from the active unit. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720046","720046","(VPN-unit ) End bulk syncing of state information on standby unit","%ASA-6-720046: (VPN-unit ) End bulk syncing of state information on standby unit","The standby unit has been notified that bulk synchronization from the active unit is completed. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-4-720047","720047","(VPN-unit ) Failed to sync SDI node secret file for server IP_address on the standby unit.","%ASA-4-720047: (VPN-unit ) Failed to sync SDI node secret file for server IP_address on the standby unit.","An error occurred when the VPN failover subsystem tried to synchronize a node secret file for the SDI server on the standby unit. The SDI node secret file is stored in flash. The error may indicate that the flash file system is full or corrupted. • unit—Either Primary or Secondary • IP_address—IP address of the server","Use the dir command to display the flash contents. The node secret file has the filename, ip .sdi.","4","Warning","75","vpn","tunnel"
+"%ASA-7-720048","720048","(VPN-unit ) FSM action trace begin: state=state , last event=event , func=function .","%ASA-7-720048: (VPN-unit ) FSM action trace begin: state=state , last event=event , func=function .","A VPN failover subsystem finite state machine function has started. • unit—Either Primary or Secondary • state—Current state • event—Last event • function—Current executing function","None required.","7","Debugging","5","vpn","tunnel"
+"%ASA-7-720049","720049","(VPN-unit ) FSM action trace end: state=state , last event=event , return=return , func=function .","%ASA-7-720049: (VPN-unit ) FSM action trace end: state=state , last event=event , return=return , func=function .","A VPN failover subsystem finite state machine function has finished. • unit—Either Primary or Secondary • state—Current state • event—Last event • return—Return code • function—Current executing function","None required.","7","Debugging","5","vpn","tunnel"
+"%ASA-7-720050","720050","(VPN-unit ) Failed to remove timer. ID = id .","%ASA-7-720050: (VPN-unit ) Failed to remove timer. ID = id .","A timer cannot be removed from the timer processing thread. • unit—Either Primary or Secondary • id—Timer ID","None required.","7","Debugging","5","vpn","tunnel"
+"%ASA-4-720051","720051","(VPN-unit ) Failed to add new SDI node secret file for server id on the standby unit.","%ASA-4-720051: (VPN-unit ) Failed to add new SDI node secret file for server id on the standby unit.","An error occurred when the VPN failover subsystem tried to add a node secret file for the SDI server on the standby unit. The SDI node secret file is stored in flash. The error may indicate that the flash file system is full or corrupted. • unit—Either Primary or Secondary • id—IP address of the SDI server","Use the dir command to display the flash contents. The node secret file has the filename, ip.sdi.","4","Warning","75","vpn","tunnel"
+"%ASA-4-720052","720052","(VPN-unit ) Failed to delete SDI node secret file for server id on the standby unit.","%ASA-4-720052: (VPN-unit ) Failed to delete SDI node secret file for server id on the standby unit.","An error occurred when the VPN failover subsystem tried to delete a node secret file on the active unit. The node secret file being deleted may not exist in the flash file system, or there was problem reading the flash file system. • unit—Either Primary or Secondary • IP_address—IP address of the SDI server","Use the dir command to display the flash contents. The node secret file has the filename, ip.sdi.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720053","720053","(VPN-unit ) Failed to add cTCP IKE rule during bulk sync, peer=IP_address , port=port","%ASA-4-720053: (VPN-unit ) Failed to add cTCP IKE rule during bulk sync, peer=IP_address , port=port","An error occurred when the VPN failover subsystem tried to load a cTCP IKE rule on the standby unit during bulk synchronization. The standby unit may be under heavy load, and the new IKE rule request may time out before completion. • unit—Either Primary or Secondary • IP_address—Peer IP address • port—Peer port number","None required.","4","Warning","5","vpn","tunnel"
+"%ASA-4-720054","720054","(VPN-unit ) Failed to add new cTCP record, peer=IP_address , port=port .","%ASA-4-720054: (VPN-unit ) Failed to add new cTCP record, peer=IP_address , port=port .","A cTCP record is replicated to the standby unit and cannot be updated. The corresponding IPsec over cTCP tunnel may not be functioning after failover. The cTCP database may be full, or a record with the same peer IP address and port number exists already. • unit—Either Primary or Secondary • IP_address—Peer IP address • port—Peer port number","This may be a temporary condition and may improve when the existing cTCP tunnel is restored.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720055","720055","(VPN-unit ) VPN Stateful failover can only be run in single/non-transparent mode.","%ASA-4-720055: (VPN-unit ) VPN Stateful failover can only be run in single/non-transparent mode.","The VPN subsystem does not start unless it is running in single (nontransparent) mode. • unit—Either Primary or Secondary","Configure the Secure Firewall ASA for the appropriate mode to support VPN failover and restart the Secure Firewall ASA.","4","Warning","45","vpn","tunnel"
+"%ASA-6-720056","720056","(VPN-unit ) VPN Stateful failover Message Thread is being disabled.","%ASA-6-720056: (VPN-unit ) VPN Stateful failover Message Thread is being disabled.","The VPN failover subsystem main message processing thread is disabled when you have tried to enable failover, but a failover key is not defined. A failover key is required for VPN failover. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720057","720057","(VPN-unit ) VPN Stateful failover Message Thread is enabled.","%ASA-6-720057: (VPN-unit ) VPN Stateful failover Message Thread is enabled.","The VPN failover subsystem main message processing thread is enabled when failover is enabled and a failover key is defined. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720058","720058","(VPN-unit ) VPN Stateful failover Timer Thread is disabled.","%ASA-6-720058: (VPN-unit ) VPN Stateful failover Timer Thread is disabled.","The VPN failover subsystem main timer processing thread is disabled when the failover key is not defined and failover is enabled. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720059","720059","(VPN-unit ) VPN Stateful failover Timer Thread is enabled.","%ASA-6-720059: (VPN-unit ) VPN Stateful failover Timer Thread is enabled.","The VPN failover subsystem main timer processing thread is enabled when the failover key is defined and failover is enabled. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720060","720060","(VPN-unit ) VPN Stateful failover Sync Thread is disabled.","%ASA-6-720060: (VPN-unit ) VPN Stateful failover Sync Thread is disabled.","The VPN failover subsystem main bulk synchronization processing thread is disabled when failover is enabled, but the failover key is not defined.","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720061","720061","(VPN-unit ) VPN Stateful failover Sync Thread is enabled.","%ASA-6-720061: (VPN-unit ) VPN Stateful failover Sync Thread is enabled.","The VPN failover subsystem main bulk synchronization processing thread is enabled when failover is enabled and the failover key is defined. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720062","720062","(VPN-unit ) Active unit started bulk sync of state information to standby unit.","%ASA-6-720062: (VPN-unit ) Active unit started bulk sync of state information to standby unit.","The VPN failover subsystem active unit has started bulk synchronization of state information to the standby unit. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-6-720063","720063","(VPN-unit ) Active unit completed bulk sync of state information to standby.","%ASA-6-720063: (VPN-unit ) Active unit completed bulk sync of state information to standby.","The VPN failover subsystem active unit has completed bulk synchronization of state information to the standby unit. • unit—Either Primary or Secondary","None required.","6","Informational","5","vpn","tunnel"
+"%ASA-4-720064","720064","(VPN-unit ) Failed to update cTCP database record for peer=IP_address , port=port during bulk sync.","%ASA-4-720064: (VPN-unit ) Failed to update cTCP database record for peer=IP_address , port=port during bulk sync.","An error occurred while the VPN failover subsystem attempted to update an existing cTCP record during bulk synchronization. The cTCP record may have been deleted from the cTCP database on the standby unit and cannot be found. • unit—Either Primary or Secondary • IP_address—Peer IP address • port—Peer port number","Search in the message.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720065","720065","(VPN-unit ) Failed to add new cTCP IKE rule, peer=peer , port=port .","%ASA-4-720065: (VPN-unit ) Failed to add new cTCP IKE rule, peer=peer , port=port .","An error occurred when the VPN failover subsystem tried to add a new IKE rule for the cTCP database entry on the standby unit. The Secure Firewall ASA may be under heavy load, and the request for adding a cTCP IKE rule timed out and was never completed. • unit—Either Primary or Secondary • IP_address—Peer IP address • port—Peer port number","This may be a temporary condition.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720066","720066","(VPN-unit ) Failed to activate IKE database.","%ASA-4-720066: (VPN-unit ) Failed to activate IKE database.","An error occurred when the VPN failover subsystem tried to activate the IKE security association database while the standby unit was transitioning to the active state. There may be resource-related issues on the standby unit that prevent the IKE security association database from activating. • unit—Either Primary or Secondary","Use the show failover command to see if the failover pair is still working correctly and/or look for other IKE-related errors in the message.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720067","720067","(VPN-unit ) Failed to deactivate IKE database.","%ASA-4-720067: (VPN-unit ) Failed to deactivate IKE database.","An error occurred when the VPN failover subsystem tried to deactivate the IKE security association database while the active unit was transitioning to the standby state. There may be resource-related issues on the active unit that prevent the IKE security association database from deactivating. • unit—Either Primary or Secondary","Use the show failover command to see if the failover pair is still working correctly and/or look for IKE-related errors in the message.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720068","720068","(VPN-unit ) Failed to parse peer message.","%ASA-4-720068: (VPN-unit ) Failed to parse peer message.","An error occurred when the VPN failover subsystem tried to parse a peer message received on the standby unit. The peer message received on the standby unit cannot be parsed. • unit—Either Primary or Secondary","Make sure that both active and standby units are running the same version of firmware. Also, use the show failover command to ensure that the failover pair is still working correctly.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720069","720069","(VPN-unit ) Failed to activate cTCP database.","%ASA-4-720069: (VPN-unit ) Failed to activate cTCP database.","An error occurred when the VPN failover subsystem tried to activate the cTCP database while the standby unit was transitioning to the active state. There may be resource-related issues on the standby unit that prevent the cTCP database from activating. • unit—Either Primary or Secondary","Use the show failover command to see if the failover pair is still working correctly and/or look for other cTCP related errors in the message.","4","Warning","55","vpn","tunnel"
+"%ASA-4-720070","720070","(VPN-unit ) Failed to deactivate cTCP database.","%ASA-4-720070: (VPN-unit ) Failed to deactivate cTCP database.","An error occurred when the VPN failover subsystem tried to deactivate the cTCP database while the active unit was transitioning to the standby state. There may be resource-related issues on the active unit that prevent the cTCP database from deactivating. • unit—Either Primary or Secondary.","Use the show failover command to see if the failover pair is still working correctly and/or look for cTCP related errors in the message.","4","Warning","55","vpn","tunnel"
+"%ASA-5-720071","720071","(VPN-unit ) Failed to update cTCP dynamic data.","%ASA-5-720071: (VPN-unit ) Failed to update cTCP dynamic data.","An error occurred while the VPN failover subsystem tried to update cTCP dynamic data. • unit—Either Primary or Secondary.","This may be a temporary condition. Because this is a periodic update, wait to see if the same error recurs. Also, look for other failover-related messages in the message.","5","Notification","35","vpn","tunnel"
+"%ASA-5-720072","720072","Timeout waiting for Integrity Firewall Server [interface ,ip ] to become available.","%ASA-5-720072: Timeout waiting for Integrity Firewall Server [interface ,ip ] to become available.","The Zonelab Integrity Server cannot reestablish a connection before timeout. In an active/standby failover setup, the SSL connection between a Zonelab Integrity Server and the Secure Firewall ASA needs to be reestablished after a failover. • interface —The interface to which the Zonelab Integrity Server is connected • ip —The IP address of the Zonelab Integrity Server","Check that the configuration on the Secure Firewall ASA and the Zonelab Integrity Server match, and verify communication between the Secure Firewall ASA and the Zonelab Integrity Server.","5","Notification","45","vpn","tunnel"
+"%ASA-4-720073","720073","VPN Session failed to replicate - ACL acl_name not found","%ASA-4-720073: VPN Session failed to replicate - ACL acl_name not found","When replicating VPN sessions to the standby unit, the standby unit failed to find the associated filter ACL. • acl_name—The name of the ACL that was not found","Verify that the configuration on the standby unit has not been modified while in standby state. Resynchronize the standby unit by issuing the write standby command on the active unit.","4","Warning","65","vpn","tunnel"
+"%ASA-6-721001","721001","(device ) WebVPN Failover SubSystem started successfully.(device ) either WebVPN-primary or WebVPN-secondary.","%ASA-6-721001: (device ) WebVPN Failover SubSystem started successfully.(device ) either WebVPN-primary or WebVPN-secondary.","The WebVPN failover subsystem in the current failover unit, either primary or secondary, has been started successfully. • (device)—Either the WebVPN primary or the WebVPN secondary device","None required.","6","Informational","5","network","general"
+"%ASA-6-721002","721002","(device ) HA status change: event event , my state my_state , peer state peer .","%ASA-6-721002: (device ) HA status change: event event , my state my_state , peer state peer .","The WebVPN failover subsystem receives status notification from the core HA component periodically. The incoming event, the new state of the local Secure Firewall ASA, and the new state of the failover peer are reported. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • event—New HA event • my_state—The new state of the local Secure Firewall ASA • peer—The new state of the peer","None required.","6","Informational","5","network","general"
+"%ASA-6-721003","721003","(device ) HA progression change: event event , my state my_state , peer state peer .","%ASA-6-721003: (device ) HA progression change: event event , my state my_state , peer state peer .","The WebVPN failover subsystem transitions from one state to another state based on the event notified by the core HA component. The incoming event, the new state of the local Secure Firewall ASA, and the new state of the failover peer are being reported. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • event—New HA event • my_state—The new state of the local Secure Firewall ASA • peer—The new state of the peer","None required.","6","Informational","5","network","general"
+"%ASA-6-721004","721004","(device ) Create access list list_name on standby unit.","%ASA-6-721004: (device ) Create access list list_name on standby unit.","A WebVPN-specific access list is replicated from the active unit to the standby unit. A successful installation of the WebVPN access list on the standby unit has occurred. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • list_name—The access list name","None required.","6","Informational","5","network","general"
+"%ASA-6-721005","721005","(device ) Fail to create access list list_name on standby unit.","%ASA-6-721005: (device ) Fail to create access list list_name on standby unit.","When a WebVPN-specific access list is installed on the active unit, a copy is installed on the standby unit. The access list failed to be installed on the standby unit. The access list may have existed on the standby unit already. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • list_name—Name of the access list that failed to install on the standby unit","Use the show access-list command on both the active and standby units. Compare the content of the output and determine whether there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.","6","Informational","25","network","general"
+"%ASA-6-721006","721006","(device ) Update access list list_name on standby unit.","%ASA-6-721006: (device ) Update access list list_name on standby unit.","The content of the access list has been updated on the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • list_name—Name of the access list that was updated","None required.","6","Informational","5","network","general"
+"%ASA-4-721007","721007","(device ) Fail to update access list list_name on standby unit.","%ASA-4-721007: (device ) Fail to update access list list_name on standby unit.","An error occurred while the standby unit tried to update a WebVPN-specific access list. The access list cannot be located on the standby unit. • (device)—Either the WebVPN primary or the WebVPN-= secondary Secure Firewall ASA • list_name—Name of the access list that was not updated","Use a show access-list command on both the active and standby units. Compare the content of the output and determine whether or not there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.","4","Warning","45","network","general"
+"%ASA-6-721008","721008","(device ) Delete access list list_name on standby unit.","%ASA-6-721008: (device ) Delete access list list_name on standby unit.","When a WebVPN-specific access list is removed from the active unit, a message is sent to the standby unit requesting that the same access list be removed. As a result, a WebVPN-specific access list has been removed from the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • list_name—Name of the access list that was removed","None required.","6","Informational","5","network","general"
+"%ASA-6-721009","721009","(device ) Fail to delete access list list_name on standby unit.","%ASA-6-721009: (device ) Fail to delete access list list_name on standby unit.","When a WebVPN-specific access list is removed on the active unit, a message is sent to the standby unit requesting the same access list be removed. An error condition occurred when an attempt was made to remove the corresponding access list on the standby unit. The access list did not exist on the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • list_name—Name of the access list that was deleted","Use a show access-list command on both the active and standby units. Compare the content of the output and determine whether there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.","6","Informational","15","network","general"
+"%ASA-6-721010","721010","(device ) Add access list rule list_name , line line_no on standby unit.","%ASA-6-721010: (device ) Add access list rule list_name , line line_no on standby unit.","When an access list rule is added to the active unit, the same rule is added on the standby unit. A new access list rule was added successfully on the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • list_name—Name of the access list that was deleted • line_no—Line number of the rule added to the access list","None required.","6","Informational","5","network","general"
+"%ASA-4-721011","721011","(device ) Fail to add access list rule list_name , line line_no on standby unit.","%ASA-4-721011: (device ) Fail to add access list rule list_name , line line_no on standby unit.","When an access list rule is added to the active unit, an attempt is made to add the same access list rule to the standby unit. An error occurred when an attempt is made to add a new access list rule to the standby unit. The same access list rule may exist on the standby unit. • (device) —Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • list_name—Name of the access list that was deleted","Use a show access-list command on both the active and standby units. Compare the content of the output and determine if there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.","4","Warning","45","network","general"
+"%ASA-6-721012","721012","(device ) Enable APCF XML file file_name on the standby unit.","%ASA-6-721012: (device ) Enable APCF XML file file_name on the standby unit.","When an APCF XML file is installed on the active unit, an attempt is made to install the same file on the standby unit. An APCF XML file was installed successfully on the standby unit. Use the dir command on the standby unit to show that the XML file exists in the flash file system. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • file_name—Name of the XML file on the flash file system","None required.","6","Informational","5","network","general"
+"%ASA-4-721013","721013","(device ) Fail to enable APCF XML file file_name on the standby unit.","%ASA-4-721013: (device ) Fail to enable APCF XML file file_name on the standby unit.","When an APCF XML file is installed on the active unit, an attempt is made to install the same file on the standby unit. An APCF XML file failed to install on the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • file_name—Name of the XML file on the flash file system","Use a dir command on both the active and standby unit. Compare the directory listing and determine if there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.","4","Warning","55","network","general"
+"%ASA-6-721014","721014","(device ) Disable APCF XML file file_name on the standby unit.","%ASA-6-721014: (device ) Disable APCF XML file file_name on the standby unit.","When an APCF XML file is removed on the active unit, an attempt is made to remove the same file on the standby unit. An APCF XML file was removed from the standby unit successfully. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • file_name—Name of the XML file on the flash file system","None required.","6","Informational","5","network","general"
+"%ASA-4-721015","721015","(device ) Fail to disable APCF XML file file_name on the standby unit.","%ASA-4-721015: (device ) Fail to disable APCF XML file file_name on the standby unit.","When an APCF XML file is removed on the active unit, an attempt is made to remove the same file on the standby unit. An error occurred when an attempt was made to remove an APCF XML file from the standby unit. The file may not be installed on the standby unit.","Use a show running-config webvpn command to make sure the APCF XML file of interest is not enabled. As long as it is not enabled, you may ignore this message. Otherwise, try to disable the file by using the no apcf file_name command in the webvpn configuration submode.","4","Warning","45","network","general"
+"%ASA-6-721016","721016","(device ) WebVPN session for client user user_name , IP version ip_address has been created.","%ASA-6-721016: (device ) WebVPN session for client user user_name , IP version ip_address has been created.","A remote WebVPN user has logged in successfully and the login information has been installed on the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • user_name—Name of the user • IP version—Version of the IP address-IPv4 or IPv6 • ip_address—IP address of the remote user","None required.","6","Informational","5","network","general"
+"%ASA-4-721017","721017","(device ) Fail to create WebVPN session for user user_name , IP ip_address .","%ASA-4-721017: (device ) Fail to create WebVPN session for user user_name , IP ip_address .","When a WebVPN user logs in to the active unit, the login information is replicated to the standby unit. An error occurred while replicating the login information to the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • user_name—Name of the user • ip_address—IP address of the remote user","Use the show vpn-sessiondb detail webvpn command for a regular WebVPN user, or the show vpn-sessiondb detail svc command for a WebVPN SVC user on both the active and standby units. Compare the entries and determine whether the same user session record appears on both Secure Firewall ASAs. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.","4","Warning","45","network","general"
+"%ASA-6-721018","721018","(device ) WebVPN session for client user user_name , IP ip_address has been deleted.","%ASA-6-721018: (device ) WebVPN session for client user user_name , IP ip_address has been deleted.","When a WebVPN user logs out on the active unit, a logout message is sent to the standby unit to remove the user session from the standby unit. A WebVPN user record was removed from the standby unit successfully. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • user_name—Name of the user • ip_address—IP address of the remote user","None required.","6","Informational","5","network","general"
+"%ASA-4-721019","721019","(device ) Fail to delete WebVPN session for client user user_name , IP ip_address .","%ASA-4-721019: (device ) Fail to delete WebVPN session for client user user_name , IP ip_address .","When a WebVPN user logs out on the active unit, a logout message is sent to the standby unit to remove the user session from the standby unit. An error occurred when an attempt was made to remove a WebVPN user record from the standby unit. • (device)—Either the WebVPN primary or the WebVPN secondary Secure Firewall ASA • user_name—Name of the user • ip_address—IP address of the remote user","Use the show vpn-sessiondb detail webvpn command for a regular WebVPN user, or the show vpn-sessiondb detail svc command for a WebVPN SVC user on both the active and standby units. Check whether there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.","4","Warning","45","network","general"
+"%ASA-4-722001","722001","IP IP_address Error parsing SVC connect request.","%ASA-4-722001: IP IP_address Error parsing SVC connect request.","The request from the SVC was invalid.","Research as necessary to determine if this error was caused by a defect in the SVC, an incompatible SVC version, or an attack against the device.","4","Warning","75","vpn","session"
+"%ASA-4-722002","722002","IP IP_address Error consolidating SVC connect request.","%ASA-4-722002: IP IP_address Error consolidating SVC connect request.","There is not enough memory to perform the action.","Purchase more memory, upgrade the device, or reduce the load on the device.","4","Warning","55","vpn","session"
+"%ASA-4-722003","722003","IP IP_address Error authenticating SVC connect request.","%ASA-4-722003: IP IP_address Error authenticating SVC connect request.","The user took too long to download and connect.","Increase the timeouts for session idle and maximum connect time.","4","Warning","55","vpn","session"
+"%ASA-4-722004","722004","Group group User user-name IP IP_address Error responding to SVC connect request.","%ASA-4-722004: Group group User user-name IP IP_address Error responding to SVC connect request.","There is not enough memory to perform the action.","Purchase more memory, upgrade the device, or reduce the load on the device.","4","Warning","55","vpn","session"
+"%ASA-5-722005","722005","Group group User user-name IP IP_address Unable to update session information for SVC connection.","%ASA-5-722005: Group group User user-name IP IP_address Unable to update session information for SVC connection.","There is not enough memory to perform the action.","Purchase more memory, upgrade the device, or reduce the load on the device.","5","Notification","45","vpn","session"
+"%ASA-5-722006","722006","Group group User user-name IP ip_address Invalid address ip_address assigned to SVC connection.","%ASA-5-722006: Group group User user-name IP ip_address Invalid address ip_address assigned to SVC connection.","An invalid address was assigned to the user.","Verify and correct the address assignment, if possible. Otherwise, notify your network administrator or escalate this issue according to your security policy. For additional assistance, contact the Cisco TAC.","5","Notification","45","vpn","session"
+"%ASA-3-722007","722007","Group group User user-name IP IP_address SVC Message: type-num/EMERGENCY: message.","%ASA-3-722007: Group group User user-name IP IP_address SVC Message: type-num/EMERGENCY: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused • message—A text message from the SVC","None required.","3","Error","5","vpn","session"
+"%ASA-3-722008","722008","Group group User user-name IP IP_address SVC Message: type-num/ALERT: message.","%ASA-3-722008: Group group User user-name IP IP_address SVC Message: type-num/ALERT: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused • message—A text message from the SVC","None required.","3","Error","5","vpn","session"
+"%ASA-3-722009","722009","Group group User user-name IP IP_address SVC Message: type-num/CRITICAL: message.","%ASA-3-722009: Group group User user-name IP IP_address SVC Message: type-num/CRITICAL: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused • message—A text message from the SVC","None required.","3","Error","5","vpn","session"
+"%ASA-5-722010","722010","Group group User user-name IP IP_address SVC Message: type-num/ERROR: message.","%ASA-5-722010: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused • message—A text message from the SVC","None required.","5","Notification","5","vpn","session"
+"%ASA-5-722011","722011","Group group User user-name IP IP_address SVC Message: type-num/WARNING: message.","%ASA-5-722011: Group group User user-name IP IP_address SVC Message: type-num/WARNING: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused • message—A text message from the SVC","None required.","5","Notification","5","vpn","session"
+"%ASA-5-722012","722012","Group group User user-name IP IP_address SVC Message: type-num/NOTICE: message.","%ASA-5-722012: Group group User user-name IP IP_address SVC Message: type-num/NOTICE: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused • message—A text message from the SVC","None required.","5","Notification","5","vpn","session"
+"%ASA-6-722013","722013","Group group User user-name IP IP_address SVC Message: type-num/INFO: message.","%ASA-6-722013: Group group User user-name IP IP_address SVC Message: type-num/INFO: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey","None required.","6","Informational","5","vpn","session"
+"%ASA-6-722014","722014","Group group User user-name IP IP_address SVC Message: type-num/DEBUG: message.","%ASA-6-722014: Group group User user-name IP IP_address SVC Message: type-num/DEBUG: message.","The SVC issued a message. • type-num— A number from 0 to 31 indicating a message type. Message types are as follows: - 0—Normal. - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused • message—A text message from the SVC","None required.","6","Informational","5","vpn","session"
+"%ASA-4-722015","722015","Group group User user-name IP IP_address Unknown SVC frame type: type-num","%ASA-4-722015: Group group User user-name IP IP_address Unknown SVC frame type: type-num","The SVC sent an invalid frame type to the device, which might be caused by an SVC version incompatibility. • type-num—The number identifier of the frame type","Verify the SVC version.","4","Warning","65","vpn","session"
+"%ASA-4-722016","722016","Group group User user-name IP IP_address Bad SVC frame length: length expected: expected-length","%ASA-4-722016: Group group User user-name IP IP_address Bad SVC frame length: length expected: expected-length","The expected amount of data was not available from the SVC, which might be caused by an SVC version incompatibility.","Verify the SVC version.","4","Warning","55","vpn","session"
+"%ASA-4-722017","722017","Group group User user-name IP ip_address Bad SVC framing: xx.2Xxx.2Xxx.2X&gt;, reserved: xx","%ASA-4-722017: Group group User user-name IP ip_address Bad SVC framing: xx.2Xxx.2Xxx.2X&gt;, reserved: xx","The SVC sent a badly framed datagram, which might be caused by an SVC version incompatibility.","Verify the SVC version.","4","Warning","55","vpn","session"
+"%ASA-4-722018","722018","Group group User user-name IP IP_address Bad SVC protocol version: version, expected: expected","%ASA-4-722018: Group group User user-name IP IP_address Bad SVC protocol version: version, expected: expected","The SVC sent a version unknown to the device, which might be caused by an SVC version incompatibility.","Verify the SVC version.","4","Warning","55","vpn","session"
+"%ASA-4-722019","722019","Group group User user-name IP IP_address Not enough data for an SVC header: length","%ASA-4-722019: Group group User user-name IP IP_address Not enough data for an SVC header: length","The expected amount of data was not available from the SVC, which might be caused by an SVC version incompatibility.","Verify the SVC version.","4","Warning","55","vpn","session"
+"%ASA-3-722020","722020","TunnelGroup tunnel_group GroupPolicy group_policy User user-name IP IP_address No address available for SVC connection","%ASA-3-722020: TunnelGroup tunnel_group GroupPolicy group_policy User user-name IP IP_address No address available for SVC connection","Address assignment failed for the AnyConnect session. No IP addresses are available. • tunnel_group—The name of the tunnel group that the user was assigned to or used to log in • group_policy —The name of the group policy that the user was assigned to • user-name —The name of the user with which this message is associated • IP_address —The public IP (Internet) address of the client machine","Check the configuration listed in the ip local ip command to see if enough addresses exist in the pools that have been assigned to the tunnel group and the group policy. Check the DHCP configuration and status. Check the address assignment configuration. Enable IPAA syslog messages to determine why the AnyConnect client cannot obtain an IP address.","3","Error","75","vpn","session"
+"%ASA-3-722021","722021","Group group User user-name IP IP_address Unable to start compression due to lack of memory resources","%ASA-3-722021: Group group User user-name IP IP_address Unable to start compression due to lack of memory resources","There is not enough memory to perform the action.","Purchase more memory, upgrade the device, or reduce the load on the device.","3","Error","85","vpn","session"
+"%ASA-6-722022","722022","Group group-name User user-name IP addr (TCP|UDP) SVC connection established (with|without) compression","%ASA-6-722022: Group group-name User user-name IP addr (TCP|UDP) SVC connection established (with|without) compression","The TCP or UDP connection was established with or without compression.","None required.","6","Informational","5","vpn","session"
+"%ASA-6-722023","722023","Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; conn_type SVC connection terminated with|without compression","%ASA-6-722023: Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; conn_type SVC connection terminated with|without compression","The SVC terminated either with or without compression.","None required.","6","Informational","5","vpn","session"
+"%ASA-6-722024","722024","SVC Global Compression Enabled","%ASA-6-722024: SVC Global Compression Enabled","Subsequent SVC connections will be allowed to perform tunnel compression if SVC compression is enabled in the corresponding user or group configuration.","None required.","6","Informational","5","vpn","session"
+"%ASA-6-722025","722025","SVC Global Compression Disabled","%ASA-6-722025: SVC Global Compression Disabled","Subsequent SVC connections will not be allowed to perform tunnel compression.","None required.","6","Informational","5","vpn","session"
+"%ASA-6-722026","722026","Group group User user-name IP IP_address SVC compression history reset","%ASA-6-722026: Group group User user-name IP IP_address SVC compression history reset","A compression error occurred. The SVC and the ASA corrected it.","None required.","6","Informational","5","vpn","session"
+"%ASA-6-722027","722027","Group group User user-name IP IP_address SVC decompression history reset","%ASA-6-722027: Group group User user-name IP IP_address SVC decompression history reset","A decompression error occurred. The SVC and the ASA corrected it.","None required.","6","Informational","5","vpn","session"
+"%ASA-5-722028","722028","Group group User user-name IP IP_address Stale SVC connection closed.","%ASA-5-722028: Group group User user-name IP IP_address Stale SVC connection closed.","An unused SVC connection was closed.","None required. However, the client may be having trouble connecting if multiple connections are established. The SVC log should be examined.","5","Notification","5","vpn","session"
+"%ASA-7-722029","722029","Group group User user-name IP IP_address SVC Session Termination: Conns: connections, DPD Conns: DPD_conns, Comp resets: compression_resets, Dcmp resets: decompression_resets.","%ASA-7-722029: Group group User user-name IP IP_address SVC Session Termination: Conns: connections, DPD Conns: DPD_conns, Comp resets: compression_resets, Dcmp resets: decompression_resets.","The number of connections, reconnections, and resets that have occurred are reported. If connections is greater than 1 or the number of DPD_conns, compression_resets, or decompression_resets is greater than 0, it may indicate network reliability problems, which may be beyond the control of the Secure Firewall ASA administrator. If there are many connections or DPD connections, the user may be having problems connecting and may experience poor performance. • connections—The total number of connections during this session (one is normal) • DPD_conns—The number of reconnections due to DPD • compression_resets—The number of compression history resets • decompression_resets—The number of decompression history resets","The SVC log should be examined. You may want to research and take appropriate action to resolve possible network reliability problems.","7","Debugging","5","vpn","session"
+"%ASA-7-722030","722030","Group group User user-name IP IP_address SVC Session Termination: In: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.","%ASA-7-722030: Group group User user-name IP IP_address SVC Session Termination: In: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.","End-of-session statistics are being recorded. • data_bytes—The number of inbound (from SVC) data bytes • ctrl_bytes—The number of inbound control bytes • data_pkts—The number of inbound data packets • ctrl_pkts—The number of inbound control packets • drop_pkts—The number of inbound packets that were dropped","None required.","7","Debugging","25","vpn","session"
+"%ASA-7-722031","722031","Group group User user-name IP IP_address SVC Session Termination: Out: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.","%ASA-7-722031: Group group User user-name IP IP_address SVC Session Termination: Out: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.","End-of-session statistics are being recorded. The statistics include data bytes, control packet bytes, data packets, control packets, and dropped packets.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","7","Debugging","25","vpn","session"
+"%ASA-5-722032","722032","Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; New TCP|UDP SVC connection replacing old connection.","%ASA-5-722032: Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; New TCP|UDP SVC connection replacing old connection.","A new SVC connection is replacing an existing one. You may be having trouble connecting.","Examine the SVC log.","5","Notification","25","vpn","session"
+"%ASA-5-722033","722033","Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; First TCP|UDP SVC connection established for SVC session.","%ASA-5-722033: Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; First TCP|UDP SVC connection established for SVC session.","The first SVC connection was established for the SVC session.","None required.","5","Notification","5","vpn","session"
+"%ASA-5-722034","722034","Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; New TCP|UDP SVC connection, no existing connection.","%ASA-5-722034: Group &lt;group&gt; User &lt;user_name&gt; IP &lt;ip_address&gt; New TCP|UDP SVC connection, no existing connection.","A reconnection attempt has occurred. An SVC connection is replacing a previously closed connection. There is no existing connection for this session because the connection was already dropped by the SVC or the Secure Firewall ASA. You may be having trouble connecting.","Examine the Secure Firewall ASA log and SVC log.","5","Notification","45","vpn","session"
+"%ASA-3-722035","722035","Group group User user-name IP IP_address Received large packet length (threshold num).","%ASA-3-722035: Group group User user-name IP IP_address Received large packet length (threshold num).","A large packet was received from the client. • length—The length of the large packet • num—The threshold","Enter the anyconnect ssl df-bit-ignore enable command under the group policy to allow the Secure Firewall ASA to fragment the packets arriving with the DF bit set.","3","Error","65","vpn","session"
+"%ASA-6-722036","722036","Group group User user-name IP IP_address Transmitting large packet length (threshold num).","%ASA-6-722036: Group group User user-name IP IP_address Transmitting large packet length (threshold num).","A large packet was sent to the client. The source of the packet may not be aware of the MTU of the client. This could also be due to compression of non-compressible data. • length—The length of the large packet • num—The threshold","Turn off SVC compression, otherwise, none required.","6","Informational","5","vpn","session"
+"%ASA-5-722037","722037","Group group User user-name IP ip_address SVC closing connection: reason.","%ASA-5-722037: Group group User user-name IP ip_address SVC closing connection: reason.","An SVC connection was terminated for the given reason. This behavior may be normal, or you may be having trouble connecting. • reason—The reason that the SVC connection was terminated","Examine the SVC log.","5","Notification","25","vpn","session"
+"%ASA-5-722038","722038","Group group User name IP user-name SVC terminating session: reason.","%ASA-5-722038: Group group User name IP user-name SVC terminating session: reason.","An SVC session was terminated for the given reason. This behavior may be normal, or you may be having trouble connecting. • reason—The reason that the SVC session was terminated","Examine the SVC log if the reason for termination was unexpected.","5","Notification","25","vpn","session"
+"%ASA-4-722039","722039","Group group User user IP ip SVC 'vpn-filter acl' is an IPv6 ACL; ACL not applied.","%ASA-4-722039: Group group User user IP ip SVC 'vpn-filter acl' is an IPv6 ACL; ACL not applied.","The type of ACL to be applied is incorrect. An IPv6 ACL has been configured as an IPv4 ACL through the vpn-filter command. • group —The group policy name of the user • user —The username • ip —The public (not assigned) IP address of the user • acl —The name of the invalid ACL","Validate the VPN filter and IPv6 VPN filter configurations on the ASA, and the filter parameters on the AAA (RADIUS) server. Make sure that the correct type of ACL is specified.","4","Warning","55","vpn","session"
+"%ASA-4-722040","722040","Group group User user IP ip SVC 'ipv6-vpn-filter acl' is an IPv4 ACL; ACL not applied.","%ASA-4-722040: Group group User user IP ip SVC 'ipv6-vpn-filter acl' is an IPv4 ACL; ACL not applied.","The type of ACL to be applied is incorrect. An IPv4 ACL has been configured as an IPv6 ACL through the ipv6-vpn-filter command. • group —The group policy name of the user • user —The username • ip —The public (not assigned) IP address of the user • acl —The name of the invalid ACL","Validate the VPN filter and IPv6 VPN filter configurations on the ASA and the filter parameters on the AAA (RADIUS) server. Make sure that the correct type of ACL is specified.","4","Warning","55","vpn","session"
+"%ASA-4-722041","722041","TunnelGroup tunnel_group GroupPolicy group_policy User username IP peer_address No IPv6 address available for SVC connection","%ASA-4-722041: TunnelGroup tunnel_group GroupPolicy group_policy User username IP peer_address No IPv6 address available for SVC connection","An IPv6 address was not available for assignment to the remote SVC client. • n —The SVC connection identifier","Augment or create an IPv6 address pool, if desired.","4","Warning","45","vpn","session"
+"%ASA-4-722042","722042","Group group User user IP ip Invalid Cisco SSL Tunneling Protocol version","%ASA-4-722042: Group group User user IP ip Invalid Cisco SSL Tunneling Protocol version","An invalid SVC or AnyConnect client is trying to connect. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • ip —The IP address of the user who is trying to connect","Validate that the SVC or AnyConnect client is compatible with the Secure Firewall ASA.","4","Warning","55","vpn","session"
+"%ASA-5-722043","722043","Group group User user IP ip DTLS disabled: unable to negotiate cipher","%ASA-5-722043: Group group User user IP ip DTLS disabled: unable to negotiate cipher","The DTLS (UDP transport) cannot be established. The SSL encryption configuration was probably changed. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • ip —The IP address of the user who is trying to connect","Revert the SSL encryption configuration. Make sure there is at least one block cipher (AES, DES, or 3DES) in the SSL encryption configuration.","5","Notification","35","vpn","session"
+"%ASA-5-722044","722044","Group group User user IP ip Unable to request IPvver address for SSL tunnel","%ASA-5-722044: Group group User user IP ip Unable to request IPvver address for SSL tunnel","An IP address cannot be requested because of low memory on the Secure Firewall ASA. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • ip —The IP address of the user who is trying to connect • ver —Either IPv4 or IPv6, based on the IP address version being requested","Reduce the load on the Secure Firewall ASA or add more memory.","5","Notification","35","vpn","session"
+"%ASA-3-722045","722045","Connection terminated: no SSL tunnel initialization data","%ASA-3-722045: Connection terminated: no SSL tunnel initialization data","Data to establish a connection is missing. This is a defect in the Secure Firewall ASA software.","Contact the Cisco TAC for assistance.","3","Error","65","vpn","session"
+"%ASA-3-722046","722046","Group group User user IP ip Session terminated: Unable to establish tunnel","%ASA-3-722046: Group group User user IP ip Session terminated: Unable to establish tunnel","The Secure Firewall ASA cannot set up connection parameters. This is a defect in the Secure Firewall ASA software.","Contact the Cisco TAC for assistance.","3","Error","75","vpn","session"
+"%ASA-4-722047","722047","Group group User user IP ip Tunnel terminated: SVC not enabled or invalid SVC image on the ASA","%ASA-4-722047: Group group User user IP ip Tunnel terminated: SVC not enabled or invalid SVC image on the ASA","The user logged in via the web browser and tried to start the SVC or AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The tunnel connection has been terminated, but the clientless connection remains. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • ip —The IP address of the user who is trying to connect","Enable the SVC globally using the svc enable command. Validate the integrity of versions of the SVC images by reloading new images using the svc image command.","4","Warning","75","vpn","session"
+"%ASA-4-722048","722048","Group group User user IP ip Tunnel terminated: SVC not enabled for the user","%ASA-4-722048: Group group User user IP ip Tunnel terminated: SVC not enabled for the user","The user logged in via the web browser, and tried to start the SVC or AnyConnect client. The SVC service is not enabled for this user. The tunnel connection has been terminated, but the clientless connection remains. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • ip —The IP address of the user who is trying to connect","Enable the service for this user using the group-policy and username commands.","4","Warning","45","vpn","session"
+"%ASA-4-722049","722049","Group group User user IP ip Session terminated: SVC not enabled or invalid SVC image on the ASA","%ASA-4-722049: Group group User user IP ip Session terminated: SVC not enabled or invalid SVC image on the ASA","The user logged in via the AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The session connection has been terminated. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • ip —The IP address of the user who is trying to connect","Enable the SVC globally using the svc-enable command. Validate the integrity and versions of the SVC images by reloading new images using the svc image command.","4","Warning","75","vpn","session"
+"%ASA-4-722050","722050","Group group User user IP ip Session terminated: SVC not enabled for the user","%ASA-4-722050: Group group User user IP ip Session terminated: SVC not enabled for the user","The user logged in through the AnyConnect client. The SVC service is not enabled for this user. The session connection has been terminated. • group —The name of the group policy with which the user is trying to connect • user —The name of the user who is trying to connect • ip —The IP address of the user who is trying to connect","Enable the service for this user using the group-policy and username commands.","4","Warning","45","vpn","session"
+"%ASA-6-722051","722051","Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 address assigned-ip assigned to session","%ASA-6-722051: Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 address assigned-ip assigned to session","The specified address has been assigned to the given user. • group-policy —The group policy that allowed the user to gain access • username —The name of the user • public-ip —The public IP address of the connected client • assigned-ip —The IPv4 or IPv6 address that is assigned to the client","None required.","6","Informational","5","vpn","session"
+"%ASA-6-722053","722053","Group g User u IP ip Unknown client user-agent connection","%ASA-6-722053: Group g User u IP ip Unknown client user-agent connection","An unknown or unsupported SSL VPN client has connected to the Secure Firewall ASA. Older clients include the Cisco SVC and the Cisco AnyConnect client earlier than Version 2.3.1. • g —The group policy under which the user logged in • u —The name of the user • ip —The IP address of the client • user-agent —The user agent (usually includes the version) received from the client","Upgrade to a supported Cisco SSL VPN client.","6","Informational","25","vpn","session"
+"%ASA-4-722054","722054","Group group_policy User user_name IP remote_IP SVC terminating connection: Failed to install Redirect URL: redirect_URL Redirect ACL: non_exist for assigned_IP.","%ASA-4-722054: Group group_policy User user_name IP remote_IP SVC terminating connection: Failed to install Redirect URL: redirect_URL Redirect ACL: non_exist for assigned_IP.","An error occurred for an AnyConnect VPN connection when a redirect URL was installed, and the ACL was received from the ISE, but the redirect ACL does not exist on the Secure Firewall ASA. • group policy —The group policy that allowed the user to gain access • user name —Username of the requester for the remote access","Configure the redirect ACL on the Secure Firewall ASA.","4","Warning","45","vpn","session"
+"%ASA-6-722055","722055","Group group-policy User username IP public-ip Client Type: user-agent","%ASA-6-722055: Group group-policy User username IP public-ip Client Type: user-agent","The indicated user is attempting to connect with the given user-agent. • group-policy —The group policy that allowed the user to gain access • username —The name of the user • public-ip —The public IP address of the connected client • user-agent —The user-agent string provided by the connecting client. Usually includes the AnyConnect version and host operating system for AnyConnect clients.","None required.","6","Informational","5","vpn","session"
+"%ASA-4-722056","722056","Unsupported AnyConnect client connection rejected from ip address. Client info: user-agent string. Reason: reason","%ASA-4-722056: Unsupported AnyConnect client connection rejected from ip address. Client info: user-agent string. Reason: reason","This syslog indicates that an AnyConnect client connection is rejected. The reason for this is provided in the syslog along with the client information. • ip address —IP address from which a connection with the old client is attempted, • user- agent string —User-Agent header in the client request. Usually includes the AnyConnect version and host operating system for AnyConnect clients • reason —Reason for rejection","Use the client information and reason provided in the syslog to resolve the issue.","4","Warning","45","vpn","session"
+"%ASA-4-722057","722057","Group group policy User username IP client IP SVC terminating connection: Failed to bind SGT tag with assigned IP: assigned IP.","%ASA-4-722057: Group group policy User username IP client IP SVC terminating connection: Failed to bind SGT tag with assigned IP: assigned IP.","When the device fails to bind a Security Group Tag (SGT) to the assigned IP address during remote access VPN authentication, this message is generated. The syslog message provides information that helps to identify when an SGT binding error occurs, along with specific user, group, and IP information, making it much easier to diagnose and resolve related issues.","Use the client information and reason provided in the syslog to resolve the issue. Messages 723001 to 736001 This section includes messages from 723001 to 736001.","4","Warning","45","vpn","session"
+"%ASA-6-723001","723001","Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is up.","%ASA-6-723001: Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is up.","The Citrix connection is up. • group-name—The name of the Citrix group • user-name—The name of the Citrix user • IP_address—The IP address of the Citrix user • connection—The Citrix connection identifier","None required.","6","Informational","5","network","general"
+"%ASA-6-723002","723002","Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is down.","%ASA-6-723002: Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is down.","The Citrix connection is down. • group-name—The name of the Citrix group • user-name—The name of the Citrix user • IP_address—The IP address of the Citrix user • connection—The Citrix connection identifier","No action is required when the Citrix ICA connection is terminated intentionally by the client, the server, or the Secure Firewall ASA administrator. However, if this is not the case, verify that the WebVPN session in which the Citrix ICA connection is set up is still active. If it is inactive, then receiving this message is normal. If the WebVPN session is still active, verify that the ICA client and Citrix server both work correctly and that there is no error displayed. If not, bring either or both up or respond to any error. If this message is still received, contact the Cisco TAC and provide the following information: • Network topology • Delay and packet loss • Citrix server configuration • Citrix ICA client information • Steps to reproduce the problem • Complete text of all associated messages","6","Informational","25","network","general"
+"%ASA-7-723003","723003","No memory for WebVPN Citrix ICA connection connection.","%ASA-7-723003: No memory for WebVPN Citrix ICA connection connection.","The Secure Firewall ASA is running out of memory. The Citrix connection was rejected. • connection—The Citrix connection identifier","Verify that the Secure Firewall ASA is working correctly. Pay special attention to memory and buffer usage. If the Secure Firewall ASA is under heavy load, buy more memory and upgrade the Secure Firewall ASA or reduce the load on the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-723004","723004","WebVPN Citrix encountered bad flow control flow.","%ASA-7-723004: WebVPN Citrix encountered bad flow control flow.","The Secure Firewall ASA encountered an internal flow control mismatch, which can be caused by massive data flow, such as might occur during stress testing or with a high volume of ICA connections.","Reduce ICA connectivity to the Secure Firewall ASA. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-723005","723005","No channel to set up WebVPN Citrix ICA connection.","%ASA-7-723005: No channel to set up WebVPN Citrix ICA connection.","The Secure Firewall ASA was unable to create a new channel for Citrix.","Verify that the Citrix ICA client and the Citrix server are still alive. If not, bring them back up and retest. Check the Secure Firewall ASA load, paying special attention to memory and buffer usage. If the Secure Firewall ASA is under heavy load, upgrade the Secure Firewall ASA, add memory, or reduce the load. If the problem persists, contact the Cisco TAC.","7","Debugging","25","network","general"
+"%ASA-7-723006","723006","WebVPN Citrix SOCKS errors.","%ASA-7-723006: WebVPN Citrix SOCKS errors.","An internal Citrix SOCKS error has occurred on the Secure Firewall ASA.","Verify that the Citrix ICA client is working correctly. In addition, check the network connection status between the Citrix ICA client and the Secure Firewall ASA, paying attention to packet loss. Resolve any abnormal network conditions. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-723007","723007","WebVPN Citrix ICA connection connection list is broken.","%ASA-7-723007: WebVPN Citrix ICA connection connection list is broken.","The Secure Firewall ASA internal Citrix connection list is broken. • connection—The Citrix connection identifier","Verify that the Secure Firewall ASA is working correctly, paying special attention to memory and buffer usage. If the Secure Firewall ASA is under heavy load, upgrade the Secure Firewall ASA, add memory, or reduce the load. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-723008","723008","WebVPN Citrix ICA SOCKS Server server is invalid.","%ASA-7-723008: WebVPN Citrix ICA SOCKS Server server is invalid.","An attempt was made to access a Citrix Socks server that does not exist. • server—The Citrix server identifier","Verify that the Secure Firewall ASA is working correctly. Note whether or not there is any memory or buffer leakage. If this issue occurs frequently, capture information about memory usage, network topology, and the conditions during which this message is received. Send this information to the Cisco TAC for review. Make sure that the WebVPN session is still up while this message is being received.","7","Debugging","25","network","general"
+"%ASA-7-723009","723009","Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection connection.","%ASA-7-723009: Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection connection.","Data was received on a Citrix connection that does not exist. • group-name—The name of the Citrix group • user-name—The name of the Citrix user • IP_address—The IP address of the Citrix user • connection—The Citrix connection identifier","The original published Citrix application connection was probably terminated, and the remaining active published applications lost connectivity. Restart all published applications to generate a new Citrix ICA tunnel. If the Secure Firewall ASA is under heavy load, upgrade the Secure Firewall ASA, add memory, or reduce the load. If the problem persists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-723010","723010","Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection channel.","%ASA-7-723010: Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection channel.","An abort was received on a nonexistent Citrix connection, which can be caused by massive data flow (such as stress testing) or a high volume of ICA connections, especially during network delay or packet loss. • group-name—The name of the Citrix group • user-name—The name of the Citrix user • IP_address—The IP address of the Citrix user • channel—The Citrix channel identifier • connection—The Citrix connection identifier","Reduce the number of ICA connections to the Secure Firewall ASA, obtain more memory for the Secure Firewall ASA, or resolve the network problems.","7","Debugging","5","network","general"
+"%ASA-7-723011","723011","Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message length msg-length. Expected length is exp-msg-length.","%ASA-7-723011: Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message length msg-length. Expected length is exp-msg-length.","The Citrix SOCKS message length is incorrect. • group-name—The name of the Citrix group • user-name—The name of the Citrix user • IP_address—The IP address of the Citrix user","Verify that the Citrix ICA client is working correctly. In addition, check the network connection status between the ICA client and the Secure Firewall ASA, paying attention to packet loss. After resolving any abnormal network conditions, if the problem still exists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-723012","723012","Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message format.","%ASA-7-723012: Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message format.","The Citrix SOCKS message format is incorrect. • group-name—The name of the Citrix group • user-name—The name of the Citrix user • IP_address—The IP address of the Citrix user","Verify that the Citrix ICA client is working correctly. In addition, check the network connection status between the ICA client and the Secure Firewall ASA, paying attention to packet loss. After resolving any abnormal network conditions, if the problem still exists, contact the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-7-723013","723013","WebVPN Citrix encountered invalid connection connection during periodic timeout.","%ASA-7-723013: WebVPN Citrix encountered invalid connection connection during periodic timeout.","The Secure Firewall ASA internal Citrix timer has expired, and the Citrix connection is invalid. • connection—The Citrix connection identifier","Check the network connection between the Citrix ICA client and the Secure Firewall ASA, and between the Secure Firewall ASA and the Citrix server. Resolve any abnormal network conditions, especially delay and packet loss. Verify that the Secure Firewall ASA works correctly, paying special attention to memory or buffer problems. If the Secure Firewall ASA is under heavy load, obtain more memory, upgrade the Secure Firewall ASA, or reduce the load. If the problem persists, contact the Cisco TAC.","7","Debugging","25","network","general"
+"%ASA-7-723014","723014","Group group-name User user-name IP IP_address WebVPN Citrix TCP connection connection to server server on channel channel initiated.","%ASA-7-723014: Group group-name User user-name IP IP_address WebVPN Citrix TCP connection connection to server server on channel channel initiated.","The Secure Firewall ASA internal Citrix Secure Gateway is connected to the Citrix server. • group-name—The name of the Citrix group • user-name—The name of the Citrix user • IP_address—The IP address of the Citrix user • connection—The connection name • server—The Citrix server identifier • channel—The Citrix channel identifier (hexadecimal)","None required.","7","Debugging","5","network","general"
+"%ASA-4-724001","724001","Group group-name User user-name IP IP_address WebVPN session not allowed. Unable to determine if Secure Desktop software was running on the client's workstation.","%ASA-4-724001: Group group-name User user-name IP IP_address WebVPN session not allowed. Unable to determine if Secure Desktop software was running on the client's workstation.","The session was not allowed because an error occurred during processing of the CSD Host Integrity Check results on the Secure Firewall ASA. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address","Determine whether the client firewall is truncating long URLs. Uninstall CSD from the client and reconnect to the Secure Firewall ASA.","4","Warning","45","network","general"
+"%ASA-4-724002","724002","Group group-name User user-name IP IP_address WebVPN session not terminated. Secure Desktop was not running on the client's workstation.","%ASA-4-724002: Group group-name User user-name IP IP_address WebVPN session not terminated. Secure Desktop was not running on the client's workstation.","CSD is not running on the client machine. • group-name—The name of the group • user-name—The name of the user • IP_address—The IP address","Verify that the end user can install and run CSD on the client machine.","4","Warning","55","network","general"
+"%ASA-6-725001","725001","Starting SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol session","%ASA-6-725001: Starting SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol session","The SSL handshake has started with the remote device, which can be a client or server. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip—The destination IP address • dst-port—The destination port number • protocol—The SSL version used for the SSL handshake","None required.","6","Informational","5","network","general"
+"%ASA-6-725002","725002","Device completed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol-version session","%ASA-6-725002: Device completed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol-version session","The SSL handshake has completed successfully with the remote device. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number","None required.","6","Informational","5","network","general"
+"%ASA-6-725003","725003","SSL client peer-type:interface/src-ip to src-port/dst-ip request to resume previous session","%ASA-6-725003: SSL client peer-type:interface/src-ip to src-port/dst-ip request to resume previous session","The remote device is trying to resume a previous SSL session. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number","None required.","6","Informational","5","network","general"
+"%ASA-6-725004","725004","Device requesting certificate from SSL client peer-type:interface/src-ip to src-port/dst-ip for authentication","%ASA-6-725004: Device requesting certificate from SSL client peer-type:interface/src-ip to src-port/dst-ip for authentication","The Secure Firewall ASA has requested a client certificate for authentication. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number","None required.","6","Informational","5","network","general"
+"%ASA-6-725005","725005","SSL server peer-type:interface/src-ip to src-port/dst-ip requesting our device certificate for authentication","%ASA-6-725005: SSL server peer-type:interface/src-ip to src-port/dst-ip requesting our device certificate for authentication","The server has requested the certificate of the Secure Firewall ASA for authentication. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number","None required.","6","Informational","5","network","general"
+"%ASA-6-725006","725006","Device failed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port","%ASA-6-725006: Device failed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port","The SSL handshake with the remote device has failed. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number","Look for syslog message 725014, which indicates the reason for the failure.","6","Informational","25","network","general"
+"%ASA-6-725007","725007","SSL session with peer-type interface:src-ip/src-port to dst-ip/dst-port terminated","%ASA-6-725007: SSL session with peer-type interface:src-ip/src-port to dst-ip/dst-port terminated","The SSL session has terminated. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number","None required.","6","Informational","5","network","general"
+"%ASA-7-725008","725008","SSL client peer-type:interface/src-ip to src-port/dst-ip proposes the following dst-port cipher(s)","%ASA-7-725008: SSL client peer-type:interface/src-ip to src-port/dst-ip proposes the following dst-port cipher(s)","The number of ciphers proposed by the remote SSL device are listed. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number • n —The number of supported ciphers","None required.","7","Debugging","5","network","general"
+"%ASA-7-725009","725009","Device proposes the following n cipher(s) to server interface:src-ip/src_port to dst_ip/dst_port","%ASA-7-725009: Device proposes the following n cipher(s) to server interface:src-ip/src_port to dst_ip/dst_port","The number of ciphers proposed to the SSL server are listed. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number • n —The number of supported ciphers","None required.","7","Debugging","5","network","general"
+"%ASA-7-725010","725010","Device supports the following n cipher(s)","%ASA-7-725010: Device supports the following n cipher(s)","The number of ciphers supported by the Secure Firewall ASA for an SSL session are listed. • n—The number of supported ciphers","None required.","7","Debugging","5","network","general"
+"%ASA-7-725011","725011","Cipher[order] : cipher_name","%ASA-7-725011: Cipher[order] : cipher_name","Always following messages 725008, 725009, and 725010, this message indicates the cipher name and its order of preference. • order—The order of the cipher in the cipher list • cipher_name—The name of the OpenSSL cipher from the cipher list","None required.","7","Debugging","5","network","general"
+"%ASA-7-725012","725012","Device chooses cipher cipher for the SSL session with client peer-type:interface/src-ip to src-port/dst-ip","%ASA-7-725012: Device chooses cipher cipher for the SSL session with client peer-type:interface/src-ip to src-port/dst-ip","The cipher that was chosen by the Cisco device for the SSL session is listed. • cipher—The name of the OpenSSL cipher from the cipher list • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number","None required.","7","Debugging","5","network","general"
+"%ASA-7-725013","725013","SSL server interface:src-ip/src-port to dst-ip/dst-port chooses cipher cipher","%ASA-7-725013: SSL server interface:src-ip/src-port to dst-ip/dst-port chooses cipher cipher","The cipher that was chosen by the server for the SSL session is identified. • peer-type—Either the server or the client, depending on the device that initiated the connection • interface—The interface name that the SSL session is using • source-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip —The destination IP address • dst-port —The destination port number • cipher—The name of the OpenSSL cipher from the cipher list","None required.","7","Debugging","5","network","general"
+"%ASA-7-725014","725014","SSL lib error. Function: function Reason: reason","%ASA-7-725014: SSL lib error. Function: function Reason: reason","The reason for failure of the SSL handshake is indicated. • function—The function name where the failure is reported • reason—The description of the failure condition","Include this message when reporting any SSL-related issue to the Cisco TAC.","7","Debugging","15","network","general"
+"%ASA-3-725015","725015","Error verifying client certificate. Public key size in client certificate (actual_key_size bits) exceeds the maximum supported key size of ideal_key_size bits","%ASA-3-725015: Error verifying client certificate. Public key size in client certificate (actual_key_size bits) exceeds the maximum supported key size of ideal_key_size bits","The verification of an SSL client certificate failed because of an unsupported (large) key size.","Use client certificates with key sizes that are less than or equal to 4096 bits.","3","Error","85","network","general"
+"%ASA-6-725016","725016","Device selects trust-point trustpoint for peer-type interface:src-ip/src-port to dst-ip/dst-port","%ASA-6-725016: Device selects trust-point trustpoint for peer-type interface:src-ip/src-port to dst-ip/dst-port","With server-name indication (SNI), the certificate used for a given connection may not be the certificate configured on the interface. There is also no indication of which certificate trustpoint has been selected. This syslog gives an indication of the trustpoint used by the connection (given by interface :src-ip /src-port ). • trustpoint —The name of the configured trustpoint that is being used for the specified connection • interface —The name of the interface on the Secure Firewall ASA • src-ip —The IP address of the peer","None required.","6","Informational","5","network","general"
+"%ASA-7-725017","725017","No certificates received during the handshake with s s:B/d to B/d for s session","%ASA-7-725017: No certificates received during the handshake with s s:B/d to B/d for s session","A remote client has not sent a valid certificate. • remote_device —Identifies whether a handshake is performed with the client or server • ctm->interface —The interface name on which the handshake is sent • ctm->src_ip —The IP address of the SSL server, which will communicate with the client • ctm->src_port —The port of the SSL server, which will communicate with the client • ctm->dst_ip —The IP address of the client • ctm->dst_port —The port of the client through which it responds • s->method->version —The protocol version involved in the transaction (SSLv3, TLSv1, or DTLSv1)","None required.","7","Debugging","5","network","general"
+"%ASA-7-725021","725021","Device preferring cipher-suite cipher(s). Connection info: interface :src-ip /src-port to dst-ip /dst-port","%ASA-7-725021: Device preferring cipher-suite cipher(s). Connection info: interface :src-ip /src-port to dst-ip /dst-port","The cipher suites being preferred when negotiating the handshake is listed in this message. • cipher-suite—Preferred cipher suite string • interface—The interface name that the SSL session is using • src-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip—The destination IPv4 or IPv6 address • dst-port—The destination port number Following is a list of prefered cipher suite strings that are used when negotiating the handshake: • server • SUITE-B • ChaCha20 • client • SHA-256 hash","None required.","7","Debugging","5","network","general"
+"%ASA-7-725022","725022","Device skipping cipher : cipher - reason. Connection info: interface :src-ip /src-port to dst-ip /dst-port","%ASA-7-725022: Device skipping cipher : cipher - reason. Connection info: interface :src-ip /src-port to dst-ip /dst-port","This syslog displays the reason for skipping a particular cipher in a list of cipher suites when negotiating the handshake. • cipher-suite—Preferred cipher suite string • reason—Reason for skipping a cipher. • interface—The interface name that the SSL session is using • src-ip—The source IPv4 or IPv6 address • src-port—The source port number • dst-ip—The destination IPv4 or IPv6 address • dst-port—The destination port number Following list provides few example reason for skipping a particular cipher: • Ephemeral EC key is not compatible with trust-point <trust point> • Not supported by protocol version • PSK server callback is not set • Not permitted by security callbacks • ECDHE-ECDSA is broken on Safari • Cipher suite does not use SHA256 • Unknown cipher • Wrong cipher • Message digest changed • Ciphersuite from previous session not selected","None required.","7","Debugging","5","network","general"
+"%ASA-6-725025","725025","SSL Pre-auth connection rate limit hit s watermark","%ASA-6-725025: SSL Pre-auth connection rate limit hit s watermark","When the device reaches the rate-limit threshold for the number of pre-authenticated SSL connections. This message appears when the number of pre-authenticated SSL connections is high (90% of the limit) or when it is low (70% of the limit). The syslog is rate-limited to one syslog for every 10 seconds. In this message, s denotes high or low of the threshold limit.","Contact Cisco TAC.","6","Informational","15","network","general"
+"%ASA-6-726001","726001","Inspected im_protocol im_service Session between Client im_client_1 Packet flow from im_client_2:/src_ifc/sip to sport:/dest_ifc/dip Action: dport action","%ASA-6-726001: Inspected im_protocol im_service Session between Client im_client_1 Packet flow from im_client_2:/src_ifc/sip to sport:/dest_ifc/dip Action: dport action","An IM inspection was performed on an IM message and the specified criteria were satisfied. The configured action is taken. • im_protocol —MSN IM or Yahoo IM • im_service —The IM services, such as chat, conference, file transfer, voice, video, games, or unknown • im_client_1 , im_client_2 —The client peers that are using the IM service in the session: client_login_name or “?” • src_ifc —The source interface name • sip —The source IP address • sport —The source port • dest_ifc —The destination interface name • dip —The destination IP address • dport —The destination port • action —The action taken: reset connection, dropped connection, or received • class_map_id —The matched class-map ID • class_map_name —The matched class-map name","None required.","6","Informational","35","network","general"
+"%ASA-7-730001","730001","Group &lt;groupname&gt; User &lt;username&gt; IP &lt;ipaddr&gt; VLAN Mapping to VLAN &lt;vlanid&gt;.","%ASA-7-730001: Group &lt;groupname&gt; User &lt;username&gt; IP &lt;ipaddr&gt; VLAN Mapping to VLAN &lt;vlanid&gt;.","VLAN mapping succeeded. • groupname —The group name • username —The username • ipaddr —The IP address of this session • vlanid — The VLAN ID that is used for the VLAN mapping session","None required.","7","Debugging","5","network","general"
+"%ASA-6-730002","730002","Group &lt;groupname&gt; User &lt;username&gt; IP &lt;ipaddr&gt; VLAN Mapping to VLAN &lt;vlanid&gt; failed.","%ASA-6-730002: Group &lt;groupname&gt; User &lt;username&gt; IP &lt;ipaddr&gt; VLAN Mapping to VLAN &lt;vlanid&gt; failed.","VLAN mapping failed. • groupname —The group name • username —The username • ipaddr —The IP address of this session • vlanid — The VLAN ID that is used for the VLAN mapping session","Verify that all the VLAN mapping-related configurations are correct, and that the VLAN ID is valid.","6","Informational","35","network","general"
+"%ASA-7-730003","730003","IP ipaddr egress VLAN ID is set to vlanid.","%ASA-7-730003: IP ipaddr egress VLAN ID is set to vlanid.","ASA receives an SNMP set message from NACApp to set the new VLAN ID for the session. • ipaddr —The IP address of this session • vlanid — The VLAN ID that is used for the VLAN mapping session","None required","7","Debugging","5","network","general"
+"%ASA-6-730004","730004","Group groupname User username IP ipaddr VLAN ID vlanid from AAA ignored.","%ASA-6-730004: Group groupname User username IP ipaddr VLAN ID vlanid from AAA ignored.","The VLAN ID received from AAA is different from the current one in use, and it is ignored for the current session. • groupname —The group name • username —The username • ipaddr —The IP address of this session • vlanid — The VLAN ID that is used for the VLAN mapping session","If the newly received VLAN ID must be used, then the current session needs to be torn down. Otherwise, no action is required.","6","Informational","15","network","general"
+"%ASA-3-730005","730005","Group DfltGrpPolicy User username IP IP VLAN ID vlan_id from AAA is invalid.","%ASA-3-730005: Group DfltGrpPolicy User username IP IP VLAN ID vlan_id from AAA is invalid.","A VLAN mapping error has occurred. A VLAN may be out of range, unassigned to any interfaces, or assigned to multiple interfaces.","Verify the VLAN ID configurations on the AAA server and ASA are both correct.","3","Error","75","network","general"
+"%ASA-7-730006","730006","Group groupname , User username , IP ipaddr : is on NACApp AUTH VLAN vlanid .","%ASA-7-730006: Group groupname , User username , IP ipaddr : is on NACApp AUTH VLAN vlanid .","The session is under NACApp posture assessment. • groupname —The group name • username —The username • ipaddr —The IP address of this session • vlanid — The VLAN ID that is used for the VLAN mapping session","None required.","7","Debugging","5","network","general"
+"%ASA-7-730007","730007","Group groupname User username IP ipaddr changed VLAN to vlan ID vlanid.","%ASA-7-730007: Group groupname User username IP ipaddr changed VLAN to vlan ID vlanid.","NACApp (Cisco NAC appliance) posture assessment is done with the session, the VLAN is changed from AUTH VLAN to a new VLAN. • groupname —The group name • username —The username • ipaddr —The IP address of this session • %s —A string • vlanid — The VLAN ID that is used for the VLAN mapping session","None required.","7","Debugging","5","network","general"
+"%ASA-6-730008","730008","Group groupname, User username, IP ipaddr, VLAN MAPPING timeout waiting NACApp.","%ASA-6-730008: Group groupname, User username, IP ipaddr, VLAN MAPPING timeout waiting NACApp.","NACApp (Cisco NAC appliance) posture assessment takes longer than the timeout value configured. • groupname —The group name • username —The username • ipaddr —The IP address of this session","Check the status of the NACApp setup.","6","Informational","25","network","general"
+"%ASA-5-730009","730009","Group groupname , User username, IP ipaddr , CAS casaddr , capacity exceeded, terminating connection.","%ASA-5-730009: Group groupname , User username, IP ipaddr , CAS casaddr , capacity exceeded, terminating connection.","The load capacity of the NACApp (Cisco NAC appliance) CAS is execeeded, the new incoming session that uses it is terminating. • groupname —The group name • username —The username • ipaddr —The IP address of this session • casaddr —The IP Address of CAS (Clean Access Server)","Review and revise planning for how many groups, and which groups, are associated with the CAS to ensure that its load capacity is not exceeded.","5","Notification","35","network","general"
+"%ASA-7-730010","730010","Group groupname User username, IP ipaddr VLAN Mapping is enabled on VLAN vlanid.","%ASA-7-730010: Group groupname User username, IP ipaddr VLAN Mapping is enabled on VLAN vlanid.","VLAN mapping is enabled in the session. • groupname —The group name","None required.","7","Debugging","5","network","general"
+"%ASA-6-731001","731001","NAC policy added: name: policyname Type: policytype .","%ASA-6-731001: NAC policy added: name: policyname Type: policytype .","A new NAC-policy has been added to the ASA. • policyname—The NAC policy name • policytype—The type of NAC policy","None required.","6","Informational","5","network","general"
+"%ASA-6-731002","731002","NAC policy deleted: name: policyname Type: policytype .","%ASA-6-731002: NAC policy deleted: name: policyname Type: policytype .","A NAC policy has been removed from the ASA. • policyname—The NAC policy name • policytype—The type of NAC policy","None required.","6","Informational","5","network","general"
+"%ASA-6-731003","731003","nac-policy unused: name: policyname Type: policytype .","%ASA-6-731003: nac-policy unused: name: policyname Type: policytype .","The NAC policy is unused because there is an existing NAC policy with the same name, but a different type. • policyname—The NAC policy name • policytype—The type of NAC policy","If the new NAC policy must be used, the existing NAC policy must be removed first. Otherwise, no action is required.","6","Informational","15","network","general"
+"%ASA-6-732001","732001","Group groupname, User username, IP ipaddr, Fail to parse NAC-SETTINGS nac-settings-id , terminating connection.","%ASA-6-732001: Group groupname, User username, IP ipaddr, Fail to parse NAC-SETTINGS nac-settings-id , terminating connection.","The ASA cannot apply the NAC settings because no memory is available. • groupname —The group name • username —The username • ipaddr —The IP address of this session • nac-settings-id — The ID that is used for the NAC filter","Upgrade the ASA memory. Resolve any errors in the log before this problem occurs. If the problem persists, contact the Cisco TAC.","6","Informational","25","network","general"
+"%ASA-6-732002","732002","Group groupname, User username, IP ipaddr, NAC-SETTINGS settingsid from AAA ignored, existing NAC-SETTINGS settingsid_inuse used instead.","%ASA-6-732002: Group groupname, User username, IP ipaddr, NAC-SETTINGS settingsid from AAA ignored, existing NAC-SETTINGS settingsid_inuse used instead.","The NAC settings ID cannot be applied because there is a different one for the session. • groupname —The group name • username —The username • ipaddr —The IP address of this session • settingsid — The settings ID, which should be a NAC policy name • settingsid_inuse — The NAC settings ID that is currently in use","If the new NAC settings ID must be applied, then all the active sessions that use it must be torn down first. Otherwise, no action is required.","6","Informational","15","network","general"
+"%ASA-6-732003","732003","Group groupname, User username, IP ipaddr, NAC-SETTINGS nac-settings-id from AAA is invalid, terminating connection.","%ASA-6-732003: Group groupname, User username, IP ipaddr, NAC-SETTINGS nac-settings-id from AAA is invalid, terminating connection.","The NAC settings received from AAA are invalid. • groupname —The group name • username —The username • ipaddr —The IP address of this session • nac-settings-id — The ID that is used for the NAC filter","Verify that the NAC settings configurations on the AAA server and ASA are both correct.","6","Informational","35","network","general"
+"%ASA-4-733100","733100","[144.60.88.2] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 38086","%ASA-4-733100: [144.60.88.2] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 38086","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","Check whether the drop rate is acceptable for the running environment. 1. Adjust the threshold rate of the particular drop to an appropriate value by using the threat-detection rate xxx command, where xxx is one of the following: • acl-drop • bad-packet-drop • conn-limit-drop • dos-drop • fw-drop • icmp-drop • inspect-drop • interface-drop • scanning-threat • syn-attack 2. If the object in the message is a TCP or UDP port, an IP address, or a host drop, check whether or not the drop rate is acceptable for the running environment. 3. Adjust the threshold rate of the particular drop to an appropriate value by using the threat-detection rate bad-packet-drop command. If you do not want the drop rate exceed warning to appear, you can disable it by using the no threat-detection basic-threat command. Note","4","Warning","75","threat_detection","scan_dos"
+"%ASA-4-733101","733101","Subnet 100.0.0.0 is targeted. Current burst rate is 200 per second, max configured rate is 0; Current average rate is 0 per second, max configured rate is 0; Cumulative total count is 2028. %ASA-4-733101: Host 175.0.0.1 is attacking. Current burst rate is 200 per second, max configured rate is 0; Current average rate is 0 per second, max configured rate is 0; Cumulative total count is 2024","%ASA-4-733101: Subnet 100.0.0.0 is targeted. Current burst rate is 200 per second, max configured rate is 0; Current average rate is 0 per second, max configured rate is 0; Cumulative total count is 2028. %ASA-4-733101: Host 175.0.0.1 is attacking. Current burst rate is 200 per second, max configured rate is 0; Current average rate is 0 per second, max configured rate is 0; Cumulative total count is 2024","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","For the specific host or subnet, use the show threat-detection statistics host ip-address ip-mask command to check the overall situation and then adjust the threshold rate of the scanning threat to the appropriate value. After the appropriate value is determined, an optional action can be taken to shun those host attackers (not subnet attacker) by configuring the threat-detection scanning-threat shun-host command. You may specify certain hosts or object groups in the shun-host except list. For more information, see the CLI configuration guide. If scanning detection is not desirable, you can disable this feature by using the no threat-detection scanning command.","4","Warning","65","threat_detection","scan_dos"
+"%ASA-4-733102","733102","Threat-detection add host 11.1.1.40 to shun list","%ASA-4-733102: Threat-detection add host 11.1.1.40 to shun list","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","To investigate whether the shunned host is an actual attacker, use the threat-detection statistics host ip-address command. If the shunned host is not an attacker, you can remove the shunned host from the threat detection engine by using the clear threat-detection shun ip address command. To remove all shunned hosts from the threat detection engine, use the clear shun command. If you receive this message because an inappropriate threshold rate has been set to trigger the threat detection engine, then adjust the threshold rate by using the threat-detection rate scanning-threat rate-interval x average-rate y burst-rate z command.","4","Warning","75","threat_detection","scan_dos"
+"%ASA-4-733103","733103","Threat-detection removes host 11.1.1.40 from shun list","%ASA-4-733103: Threat-detection removes host 11.1.1.40 from shun list","A host has been shunned by the threat detection engine. When you use the clear-threat-detection shun command, the specified host will be removed from the shunned list. • %I —A particular hostname The following message shows how this command is implemented:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","threat_detection","scan_dos"
+"%ASA-4-733104","733104","TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Average rate of avg_rate SYNs/sec exceeded the threshold of threshold_rate.","%ASA-4-733104: TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Average rate of avg_rate SYNs/sec exceeded the threshold of threshold_rate.","The Secure Firewall ASA is under Syn flood attack and protected by the TCP intercept mechanism, if the average rate for intercepted attacks exceeds the configured threshold. The message is showing which server is under attack and where the attacks are coming from.","Write an ACL to filter out the attacks.","4","Warning","65","threat_detection","scan_dos"
+"%ASA-4-733105","733105","TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Burst rate of burst_rate SYNs/sec exceeded the threshold of threshold_rate.","%ASA-4-733105: TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Burst rate of burst_rate SYNs/sec exceeded the threshold of threshold_rate.","The Secure Firewall ASA is under Syn flood attack and protected by the TCP intercept mechanism, if the burst rate for intercepted attacks exceeds the configured threshold. The message is showing which server is under attack and where the attacks are coming from.","Write an ACL to filter out the attacks. 733201 (For IKEv2 connection requests) Error Message 1","4","Warning","65","threat_detection","scan_dos"
+"%ASA-4-733201","733201","Threat-detection: Service[remote-access-client-initiations] Peer[peer-ip]: failure threshold of value exceeded: adding shun to interface interface. SSL: RA excessive client initiation requests.","%ASA-4-733201: Threat-detection: Service[remote-access-client-initiations] Peer[peer-ip]: failure threshold of value exceeded: adding shun to interface interface. SSL: RA excessive client initiation requests.","This message appears when the threat-detection service shunned an IP address due to excessive number of remote access client initiation requests to the headend from that host.","An IP address is shunned because it met the configured service threshold for mischievous activity. If this IP address should not be blocked, remove the shun manually using the shun CLI .","4","Warning","65","threat_detection","scan_dos"
+"%ASA-6-734001","734001","DAP: User user, Addr ipaddr, Connection connection: The following DAP records were selected for this connection: string","%ASA-6-734001: DAP: User user, Addr ipaddr, Connection connection: The following DAP records were selected for this connection: string","The DAP records that were selected for the connection are listed. • user —The authenticated username • ipaddr —The IP address of the remote client • connection —The type of client connection, which can be one of the following: - IPsec - AnyConnect - Clientless (web browser) - Cut-Through-Proxy - L2TP","None required.","6","Informational","5","threat_detection","scan_dos"
+"%ASA-5-734002","734002","DAP: User user, Addr ipaddr: Connection terminated by the following DAP records: string","%ASA-5-734002: DAP: User user, Addr ipaddr: Connection terminated by the following DAP records: string","The DAP records that terminated the connection are listed. • user —The authenticated username • ipaddr —The IP address of the remote client • DAP record names —The comma-separated list of the DAP record names","None required.","5","Notification","5","threat_detection","scan_dos"
+"%ASA-7-734003","734003","DAP: User name, Addr ipaddr: Session Attribute attr_name/value","%ASA-7-734003: DAP: User name, Addr ipaddr: Session Attribute attr_name/value","The AAA and endpoint session attributes that are associated with the connection are listed. • user —The authenticated username • ipaddr —The IP address of the remote client • attr/value —The AAA or endpoint attribute name and value","None required.","7","Debugging","5","threat_detection","scan_dos"
+"%ASA-3-734004","734004","DAP: Processing error: Code internal","%ASA-3-734004: DAP: Processing error: Code internal","A DAP processing error occurred. • internal error code —The internal error string","Enable the debug dap errors command and re-run DAP processing for further debugging information. If this does not resolve the issue, contact the Cisco TAC and provide the internal error code and any information about the conditions that generated the error.","3","Error","65","threat_detection","scan_dos"
+"%ASA-1-735001","735001","Cooling Fan var1: OK","%ASA-1-735001: Cooling Fan var1: OK","A cooling fan has been restored to normal operation. • var1 —The device number markings","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735002","735002","Cooling Fan var1: Failure Detected","%ASA-1-735002: Cooling Fan var1: Failure Detected","A cooling fan has failed. • var1 —The device number markings","Perform the following steps: 1. Check for obstructions that would prevent the fan from rotating. 2. Replace the cooling fan. 3. If the problem persists, record the message as it appears and contact the Cisco TAC.","1","Alert","95","threat_detection","scan_dos"
+"%ASA-1-735003","735003","Power Supply var1: OK","%ASA-1-735003: Power Supply var1: OK","A power supply has been restored to normal operation. • var1 —The device number markings","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735004","735004","Power Supply var1: Failure Detected","%ASA-1-735004: Power Supply var1: Failure Detected","AC power has been lost, or the power supply has failed. • var1 —The device number markings","Perform the following steps: 1. Check for AC power failure. 2. Replace the power supply. 3. If the problem persists, record the message as it appears and contact the Cisco TAC.","1","Alert","95","threat_detection","scan_dos"
+"%ASA-1-735005","735005","Power Supply Unit Redundancy OK","%ASA-1-735005: Power Supply Unit Redundancy OK","Power supply unit redundancy has been restored.","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735006","735006","Power Supply Unit Redundancy Lost","%ASA-1-735006: Power Supply Unit Redundancy Lost","A power supply failure occurred. Power supply unit redundancy has been lost, but the Secure Firewall ASA is functioning normally with minimum resources. Any further failures will result in an Secure Firewall ASA shutdown.","To regain full redundancy, perform the following steps: 1. Check for AC power failure. 2. Replace the power supply. 3. If the problem persists, record the message as it appears and contact the Cisco TAC.","1","Alert","95","threat_detection","scan_dos"
+"%ASA-1-735007","735007","CPU var1: Temp: var2 var3, Critical","%ASA-1-735007: CPU var1: Temp: var2 var3, Critical","The CPU has reached a critical temperature. • var1 —The device number markings • var2 —The temperature value • var3 —Temperature value units (C, F)","Record the message as it appears and contact the Cisco TAC.","1","Alert","75","threat_detection","scan_dos"
+"%ASA-1-735008","735008","Chassis Ambient var1: Temp: var2 var3, Critical","%ASA-1-735008: Chassis Ambient var1: Temp: var2 var3, Critical","A chassis ambient temperature sensor has reached a critical level. • var1 —The device number markings • var2 —The temperature value • var3 —Temperature value units (C, F)","Record the message as it appears and contact the Cisco TAC.","1","Alert","75","threat_detection","scan_dos"
+"%ASA-2-735009","735009","Environment Monitoring has failed initialization and configuration. Environment Monitoring is not running.","%ASA-2-735009: Environment Monitoring has failed initialization and configuration. Environment Monitoring is not running.","Environment monitoring has experienced a fatal error during initialization and was unable to continue.","Collect the output of the show environment and debug ipmi commands. Record the message as it appears and contact the Cisco TAC.","2","Critical","95","threat_detection","scan_dos"
+"%ASA-3-735010","735010","Environment Monitoring has failed to update one or more of its records.","%ASA-3-735010: Environment Monitoring has failed to update one or more of its records.","Environment monitoring has experienced an error that temporarily prevented it from updating one or more of its records.","If this message appears repeatedly, collect the output from the show environment driver and debug ipmi commands. Record the message as it appears and contact the Cisco TAC.","3","Error","75","threat_detection","scan_dos"
+"%ASA-1-735011","735011","Power Supply var1: Fan OK","%ASA-1-735011: Power Supply var1: Fan OK","The power supply fan has returned to a working operating state. • var1 — Fan number","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735012","735012","Power Supply var1: Fan Failure Detected","%ASA-1-735012: Power Supply var1: Fan Failure Detected","The power supply fan has failed. • var1 — Fan number","Contact Cisco TAC to troubleshoot the failure. Power down the unit until this failure is resolved.","1","Alert","85","threat_detection","scan_dos"
+"%ASA-1-735013","735013","Voltage Channel var1: Voltage OK","%ASA-1-735013: Voltage Channel var1: Voltage OK","A voltage channel has returned to a normal operating level. • var1 — Voltage channel number","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735014","735014","Voltage Channel var1: Voltage Critical","%ASA-1-735014: Voltage Channel var1: Voltage Critical","A voltage channel has changed to a critical level. • var1 — Voltage channel number","Contact Cisco TAC to troubleshoot the failure. Power down the unit until this failure is resolved.","1","Alert","85","threat_detection","scan_dos"
+"%ASA-4-735015","735015","CPU var1: Temp: var2 var3, Warm","%ASA-4-735015: CPU var1: Temp: var2 var3, Warm","The CPU temperature is warmer than the normal operating range. • var1 —CPU Number • var2 —Temperature Value • var3 —Units","Continue to monitor this component to ensure that it does not reach a critical temperature.","4","Warning","45","threat_detection","scan_dos"
+"%ASA-4-735016","735016","Chassis Ambient var1: Temp: var2 var3, Warm","%ASA-4-735016: Chassis Ambient var1: Temp: var2 var3, Warm","The chassis temperature is warmer than the normal operating range. • var1 —Chassis Sensor Number • var2 —Temperature Value • var3 —Units","Continue to monitor this component to ensure that it does not reach a critical temperature.","4","Warning","45","threat_detection","scan_dos"
+"%ASA-1-735017","735017","Power Supply var1: Temp: var2 var3, OK","%ASA-1-735017: Power Supply var1: Temp: var2 var3, OK","The power supply temperature has returned to a normal operating temperature. • var1 —Power Supply Number • var2 —Temperature Value • var3 —Units","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-4-735018","735018","Power Supply var1: Temp: var2 var3, Critical","%ASA-4-735018: Power Supply var1: Temp: var2 var3, Critical","The power supply has reached a critical operating temperature. • var1 —Power Supply Number • var2 —Temperature Value • var3 —Units","Contact Cisco TAC to troubleshoot the failure. Power down the unit until this failure is resolved.","4","Warning","55","threat_detection","scan_dos"
+"%ASA-4-735019","735019","Power Supply var1: Temp: var2 var3, Warm","%ASA-4-735019: Power Supply var1: Temp: var2 var3, Warm","The power supply temperature is warmer than the normal operating range. • var1 —Power Supply Number • var2 —Temperature Value • var3 —Units","Continue to monitor this component to ensure that it does not reach a critical temperature.","4","Warning","45","threat_detection","scan_dos"
+"%ASA-1-735020","735020","CPU var1: Temp: var2 var3, OK","%ASA-1-735020: CPU var1: Temp: var2 var3, OK","The CPU temperature has returned to the normal operating temperature. • var1 —CPU Number • var2 —Temperature Value • var3 —Units","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735021","735021","Chassis Ambient var1: Temp: var2 var3, OK","%ASA-1-735021: Chassis Ambient var1: Temp: var2 var3, OK","The chassis temperature has returned to the normal operating temperature. • var1 —Chassis Sensor Number • var2 —Temperature Value • var3 —Units","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735022","735022","CPUnum is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the CPU","%ASA-1-735022: CPUnum is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the CPU","The Secure Firewall ASA has detected a CPU running beyond the maximum thermal operating temperature, and will shut down immediately after detection.","The chassis and CPU need to be inspected immediately for ventilation issues.","1","Alert","75","threat_detection","scan_dos"
+"%ASA-2-735023","735023","device was previously shutdown due to the CPU complex running beyond the max thermal operating temperature. The chassis needs to be inspected immediately for ventilation issues","%ASA-2-735023: device was previously shutdown due to the CPU complex running beyond the max thermal operating temperature. The chassis needs to be inspected immediately for ventilation issues","At boot time, the Secure Firewall ASA detected a shutdown that occurred because a CPU was running beyond the maximum safe operating temperature. Using the show environment command will indicate that this event has occurred.","The chassis need to be inspected immediately for ventilation issues.","2","Critical","85","threat_detection","scan_dos"
+"%ASA-1-735024","735024","CPUvar1 Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues","%ASA-1-735024: CPUvar1 Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues","The IO hub temperature has returned to the normal operating temperature. • ar1 - IO hub number • var2 - Temperature value • var3 – Units","None required.","1","Alert","5","threat_detection","scan_dos"
+"%ASA-1-735025","735025","var1 was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues","%ASA-1-735025: var1 was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues","The IO hub temperature has a critical temperature. • ar1 - IO hub number • var2 - Temperature value • var3 – Units","Record the message as it appears and contact the Cisco TAC.","1","Alert","75","threat_detection","scan_dos"
+"%ASA-4-735026","735026","IO Hub var1: Temp: var2 var3, OK","%ASA-4-735026: IO Hub var1: Temp: var2 var3, OK","The IO hub temperature is warmer than the normal operating range. • ar1 - IO hub number • var2 - Temperature value • var3 – Units","Continue to monitor this component to ensure that it does not reach a critical temperature.","4","Warning","45","threat_detection","scan_dos"
+"%ASA-1-735027","735027","CPU cpu_num Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues.","%ASA-1-735027: CPU cpu_num Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues.","The Secure Firewall ASA has detected a CPU voltage regulator running beyond the maximum thermal operating temperature, and shuts down immediately after detection. • cpu_num —The number to identify which CPU voltage regulator experienced the thermal event","The chassis and CPU need to be inspected immediately for ventilation issues.","1","Alert","75","threat_detection","scan_dos"
+"%ASA-2-735028","735028","ASA was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues.","%ASA-2-735028: ASA was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues.","At boot time, the Secure Firewall ASA detected a shutdown that occurred because of a CPU voltage regulator running beyond the maximum safe operating temperature. Enter the show environment command to indicate that this event has occurred.","The chassis and CPU need to be inspected immediately for ventilation issues.","2","Critical","85","threat_detection","scan_dos"
+"%ASA-1-735029","735029","IO Hub is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the circuit","%ASA-1-735029: IO Hub is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the circuit","The Secure Firewall ASA has detected that the IO hub is running beyond the maximum thermal operating temperature, and will shut down immediately after detection.","The chassis and IO hub need to be inspected immediately for ventilation issues.","1","Alert","75","threat_detection","scan_dos"
+"%ASA-2-736001","736001","Unable to allocate enough memory at boot for jumbo-frame reservation. Jumbo-frame support has been disabled.","%ASA-2-736001: Unable to allocate enough memory at boot for jumbo-frame reservation. Jumbo-frame support has been disabled.","Insufficient memory has been detected when jumbo frame support was being configured. As a result, jumbo-frame support was disabled.","Try reenabling jumbo frame support using the jumbo-frame reservation command. Save the running configuration and reboot the Secure Firewall ASA. If the problem persists, contact the Cisco TAC. Messages 737001 to 776254 This section includes messages from 737001 to 776254.","2","Critical","95","network","general"
+"%ASA-7-737001","737001","IPAA: Session=session, Received message 'message-type'","%ASA-7-737001: IPAA: Session=session, Received message 'message-type'","The IP address assignment process received a message. • session —The session is the VPN session ID in hexadecimal. • message-type —The message received by the IP address assignment process","None required.","7","Debugging","5","network","general"
+"%ASA-3-737002","737002","IPAA: Session=session, Received unknown message 'num'","%ASA-3-737002: IPAA: Session=session, Received unknown message 'num'","The IP address assignment process received a message. • session —The session is the VPN session ID in hexadecimal. • num —The identifier of the message received by the IP address assignment process","None required.","3","Error","5","network","general"
+"%ASA-5-737003","737003","IPAA: Session=session, DHCP configured, no viable servers found for tunnel-group 'tunnel-group'","%ASA-5-737003: IPAA: Session=session, DHCP configured, no viable servers found for tunnel-group 'tunnel-group'","The DHCP server configuration for the given tunnel group is not valid. • session —The session is the VPN session ID in hexadecimal. • tunnel-group —The tunnel group that IP address assignment is using for configuration","Validate the DHCP configuration for the tunnel group. Make sure that the DHCP server is online.","5","Notification","25","network","general"
+"%ASA-5-737004","737004","IPAA: Session=session, DHCP configured, request failed for tunnel-group ''tunnel-group''","%ASA-5-737004: IPAA: Session=session, DHCP configured, request failed for tunnel-group ''tunnel-group''","The DHCP server configuration for the given tunnel group is not valid. • session —The session is the VPN session ID in hexadecimal. • tunnel-group —The tunnel group that IP address assignment is using for configuration","Validate the DHCP configuration for the tunnel group. Make sure that the DHCP server is online.","5","Notification","35","network","general"
+"%ASA-6-737005","737005","IPAA: Session=session, DHCP configured, request succeeded for tunnel-group 'tunnel-group'","%ASA-6-737005: IPAA: Session=session, DHCP configured, request succeeded for tunnel-group 'tunnel-group'","The DHCP server request has succeeded. • session —The session is the VPN session ID in hexadecimal. • tunnel-group —The tunnel group that IP address assignment is using for configuration","None required.","6","Informational","5","network","general"
+"%ASA-6-737006","737006","IPAA: Session=session, Local pool request succeeded for tunnel-group 'tunnel-group'","%ASA-6-737006: IPAA: Session=session, Local pool request succeeded for tunnel-group 'tunnel-group'","The local pool request has succeeded. • session —The session is the VPN session ID in hexadecimal. • tunnel-group —The tunnel group that IP address assignment is using for configuration","None required.","6","Informational","5","network","general"
+"%ASA-5-737007","737007","IPAA: Session=session, Local pool request failed for tunnel-group 'tunnel-group'","%ASA-5-737007: IPAA: Session=session, Local pool request failed for tunnel-group 'tunnel-group'","The local pool request has failed. The pool assigned to the tunnel group may be exhausted. • session —The session is the VPN session ID in hexadecimal. • tunnel-group —The tunnel group that IP address assignment is using for configuration","Validate the IP local pool configuration by using the show ip local pool command.","5","Notification","35","network","general"
+"%ASA-5-737008","737008","IPAA: Session=session, tunnel-group ''tunnel-group'' not found","%ASA-5-737008: IPAA: Session=session, tunnel-group ''tunnel-group'' not found","The tunnel group was not found when trying to acquire an IP address for configuration. A software defect may cause this message to be generated. • session —The session is the VPN session ID in hexadecimal. • tunnel-group —The tunnel group that IP address assignment is using for configuration","Check the tunnel group configuration. Contact the Cisco TAC and report the issue.","5","Notification","25","network","general"
+"%ASA-6-737009","737009","IPAA: Session=session, AAA assigned address ip-address, request failed","%ASA-6-737009: IPAA: Session=session, AAA assigned address ip-address, request failed","The remote access client software requested the use of a particular address. The request to the AAA server to use this address failed. The address may be in use. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IPv4 or IPv6 address that the client requested","Check the AAA server status and the status of IP local pools.","6","Informational","25","network","general"
+"%ASA-6-737010","737010","IPAA: Session=session, AAA assigned address ip-address, succeeded","%ASA-6-737010: IPAA: Session=session, AAA assigned address ip-address, succeeded","The remote access client software requested the use of a particular address and successfully received this address. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IPv4 or IPv6 address that the client requested","None required.","6","Informational","5","network","general"
+"%ASA-5-737011","737011","IPAA: Session=session, AAA assigned address ip-address, not permitted, retrying","%ASA-5-737011: IPAA: Session=session, AAA assigned address ip-address, not permitted, retrying","The remote access client software requested the use of a particular address. The vpn-addr-assign aaa command is not configured. An alternatively configured address assignment method will be used. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IPv4 or IPv6 address that the client requested","If you want to permit clients to specify their own address, enable the vpn-addr-assign aaa command.","5","Notification","25","network","general"
+"%ASA-4-737012","737012","IPAA: Session=session, Address assignment failed","%ASA-4-737012: IPAA: Session=session, Address assignment failed","The remote access client software request of a particular address failed. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that the client requested","If using IP local pools, validate the local pool configuration. If using AAA, validate the configuration and status of the AAA server. If using DHCP, validate the configuration and status of the DHCP server. Increase the logging level (use notification or informational) to obtain additional messages to identify the reason for the failure.","4","Warning","55","network","general"
+"%ASA-4-737013","737013","IPAA: Session=session, Error freeing address ip-address, not found","%ASA-4-737013: IPAA: Session=session, Error freeing address ip-address, not found","The Secure Firewall ASA tried to free an address, but it was not on the allocated list because of a recent configuration change. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IPv4 or IPv6 address to be released","Validate your address assignment configuration. If this message recurs, it might be due to a software defect. Contact the Cisco TAC and report the issue.","4","Warning","45","network","general"
+"%ASA-6-737014","737014","IPAA: Session=session, Freeing AAA address ip-address","%ASA-6-737014: IPAA: Session=session, Freeing AAA address ip-address","The Secure Firewall ASA successfully released the IP address assigned through AAA. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IPv4 or IPv6 address to be released","None required.","6","Informational","5","network","general"
+"%ASA-6-737015","737015","IPAA: Session=session, Freeing DHCP address ip-address","%ASA-6-737015: IPAA: Session=session, Freeing DHCP address ip-address","The Secure Firewall ASA successfully released the IP address assigned through DHCP. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address to be released","None required.","6","Informational","5","network","general"
+"%ASA-6-737016","737016","IPAA: Session=session, Freeing local pool pool-name address ip-address","%ASA-6-737016: IPAA: Session=session, Freeing local pool pool-name address ip-address","The Secure Firewall ASA successfully released the IP address assigned through local pools. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IPv4 or IPv6 address to be released • pool-name —The pool to which the address is being returned to","None required.","6","Informational","5","network","general"
+"%ASA-6-737017","737017","IPAA: Session=session, DHCP request attempt num succeeded","%ASA-6-737017: IPAA: Session=session, DHCP request attempt num succeeded","The Secure Firewall ASA successfully sent a request to a DHCP server. • session —The session is the VPN session ID in hexadecimal. • num —The attempt number","None required.","6","Informational","5","network","general"
+"%ASA-5-737018","737018","IPAA: Session=session, DHCP request attempt num failed","%ASA-5-737018: IPAA: Session=session, DHCP request attempt num failed","The Secure Firewall ASA failed to send a request to a DHCP server. • session —The session is the VPN session ID in hexadecimal. • num —The attempt number","Validate the DHCP configuration and connectivity to the DHCP server.","5","Notification","35","network","general"
+"%ASA-4-737019","737019","IPAA: Session=session, Unable to get address from group-policy or tunnel-group local pools","%ASA-4-737019: IPAA: Session=session, Unable to get address from group-policy or tunnel-group local pools","The Secure Firewall ASA failed to acquire an address from the local pools configured on the group policy or tunnel group. The local pools may be exhausted. • session —The session is the VPN session ID in hexadecimal.","Validate the local pool configuration and status. Validate the group policy and tunnel group configuration of local pools.","4","Warning","55","network","general"
+"%ASA-5-737021","737021","IPAA: Address from local pool (ip-address) duplicates address from DHCP","%ASA-5-737021: IPAA: Address from local pool (ip-address) duplicates address from DHCP","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-5-737022","737022","IPAA: Address from local pool (ip-address) duplicates address from AAA","%ASA-5-737022: IPAA: Address from local pool (ip-address) duplicates address from AAA","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-5-737023","737023","IPAA: Session=session, Unable to allocate memory to store local pool address ip-address","%ASA-5-737023: IPAA: Session=session, Unable to allocate memory to store local pool address ip-address","The Secure Firewall ASA is low on memory. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that was acquired","The Secure Firewall ASA may be overloaded and need more memory, or there may be a memory leak caused by a software defect. Contact the Cisco TAC and report the issue.","5","Notification","35","network","general"
+"%ASA-5-737024","737024","IPAA: Session= , Client requested address : , already in use, retrying","%ASA-5-737024: IPAA: Session= , Client requested address : , already in use, retrying","The client requested an IP address that is already in use. The request will be tried using a new IP address. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that the client requested","None required.","5","Notification","5","network","general"
+"%ASA-5-737025","737025","IPAA:Session=session, Duplicate local pool address found, {ip-address|(ipv6-address)} in quarantine","%ASA-5-737025: IPAA:Session=session, Duplicate local pool address found, {ip-address|(ipv6-address)} in quarantine","The IP address that was to be given to the client is already in use. The IP address has been removed from the pool and will not be reused. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that was acquired","Validate the local pool configuration; there may be an overlap caused by a software defect. Contact the Cisco TAC and report the issue.","5","Notification","25","network","general"
+"%ASA-6-737026","737026","IPAA: Session= , Client assigned session from local pool ip-address","%ASA-6-737026: IPAA: Session= , Client assigned session from local pool ip-address","The client has assigned the given address from a local pool. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that was assigned to the client • pool-name—The pool from which the address was allocated","None required.","6","Informational","5","network","general"
+"%ASA-3-737027","737027","IPAA: Session= , No data for address request","%ASA-3-737027: IPAA: Session= , No data for address request","A software defect has been found. • session —The session is the VPN session ID in hexadecimal.","Contact the Cisco TAC and report the issue.","3","Error","65","network","general"
+"%ASA-4-737028","737028","IPAA: Session= , Unable to send session to standby: communication failure","%ASA-4-737028: IPAA: Session= , Unable to send session to standby: communication failure","The active Secure Firewall ASA was unable to communicate with the standby Secure Firewall ASA. The failover pair may be out-of-sync. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that was assigned to the client","Validate the failover configuration and status.","4","Warning","55","network","general"
+"%ASA-6-737029","737029","IPAA: Session=session, Added {ip_address | ipv6_address} to standby","%ASA-6-737029: IPAA: Session=session, Added {ip_address | ipv6_address} to standby","The standby Secure Firewall ASA accepted the IP address assignment. • session —The session is the VPN session ID in hexadecimal. • ip_address —The IP address that was assigned to the client","None required.","6","Informational","5","network","general"
+"%ASA-4-737030","737030","IPAA:Session=session, IPv6 address: ipv6-address","%ASA-4-737030: IPAA:Session=session, IPv6 address: ipv6-address","The standby Secure Firewall ASA has the given address already in use when the active Secure Firewall ASA attempted to acquire it. The failover pair may be out-of-sync. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address (IPv4 or IPv6) that was assigned to the client.","Validate the failover configuration and status.","4","Warning","55","network","general"
+"%ASA-6-737031","737031","IPAA: Session= , Removed session from standby","%ASA-6-737031: IPAA: Session= , Removed session from standby","The standby Secure Firewall ASA cleared the IP address assignment. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that was assigned to the client","None required.","6","Informational","5","network","general"
+"%ASA-4-737032","737032","IPAA: Session= , Unable to remove session from standby: address not found","%ASA-4-737032: IPAA: Session= , Unable to remove session from standby: address not found","The standby Secure Firewall ASA did not have an IP address in use when the active Secure Firewall ASA attempted to release it. The failover pair may be out-of-sync. • session —The session is the VPN session ID in hexadecimal. • ip-address —The IP address that was assigned to the client","Validate the failover configuration and status.","4","Warning","55","network","general"
+"%ASA-4-737033","737033","IPAA: Session=session , Unable to assign session provided IP address (addr_allocator) to Client. This IP address has already been assigned by ip_addr","%ASA-4-737033: IPAA: Session=session , Unable to assign session provided IP address (addr_allocator) to Client. This IP address has already been assigned by ip_addr","The address assigned by the AAA/DHCP/local pool is already in use. • session —The session is the VPN session ID in hexadecimal. • addr_allocator —The DHCP/AAA/local pool • ip_addr —The IP address allocated by the DHCP/AAA/local pool • previous_ addr_allocator —The address allocater that already assigned the IP address (local pool, AAA, or DHCP)","Validate the AAA/DHCP/local pool address configurations. Overlap may occur.","4","Warning","55","network","general"
+"%ASA-5-737034","737034","IPAA: Session=<session>, <IP version> address: <explanation>","%ASA-5-737034: IPAA: Session=<session>, <IP version> address: <explanation>","> • % ASA-5-737204: VPNFIP: Pool=poolmessage •","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","5","Notification","25","network","general"
+"%ASA-6-737035","737035","IPAA: Session=session, '&lt;address&gt;' message queued","%ASA-6-737035: IPAA: Session=session, '&lt;address&gt;' message queued","IP address assignment process has provided a DHCP provisioned address back to the VPN client. This message is not rate limited. • session —The session is the VPN session ID in hexadecimal.","No action required.","6","Informational","5","network","general"
+"%ASA-6-737036","737036","IPAA: Session=<session>, Client assigned <address> from DHCP","%ASA-6-737036: IPAA: Session=<session>, Client assigned <address> from DHCP","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","network","general"
+"%ASA-4-737038","737038","IPAA: Session=session, specified address ip-address was in-use, trying to get another.","%ASA-4-737038: IPAA: Session=session, specified address ip-address was in-use, trying to get another.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-7-737200","737200","VPNFIP: Pool=pool, Allocated ip-address from pool","%ASA-7-737200: VPNFIP: Pool=pool, Allocated ip-address from pool","This log occurs an address is allocated from a local pool. • pool —The local pool name. • ip-address —The IPv4 or IPv6 address specified by AAA","None required","7","Debugging","5","network","general"
+"%ASA-7-737201","737201","VPNFIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","%ASA-7-737201: VPNFIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","This log occurs when an address returned to a local pool. The recycle flag indicates whether this address should be re-used for the next request. For rare situation, the recycle flag will be FALSE. For example, when there is an address collision , the address has been assigned to a VPN session by other means such as by AAA or DHCP. In this case, we will not immediately try to reuse that address for the next request. • pool —The local pool name. • ip-address —The IPv4 or IPv6 address specified by AAA","None required","7","Debugging","5","network","general"
+"%ASA-3-737202","737202","VPNFIP: Pool=pool, ERROR: message","%ASA-3-737202: VPNFIP: Pool=pool, ERROR: message","This log is generated when an error event is detected related to the VPN FIP database. • pool —The local pool name. • message —The details for the event.","If error is persistent, contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-4-737203","737203","VPNFIP: Pool=pool, WARN: message","%ASA-4-737203: VPNFIP: Pool=pool, WARN: message","This log is generated to warn of an event related to the VPN FIP database. • pool —The local pool name. • message —The details for the event.","If warning is persistent, contact Cisco TAC.","4","Warning","45","network","general"
+"%ASA-5-737204","737204","VPNFIP: Pool=pool, NOTIFY: message","%ASA-5-737204: VPNFIP: Pool=pool, NOTIFY: message","This log is generated to notify of an event related to the VPN FIP database. • pool —The local pool name. • message —The details for the event.","None required","5","Notification","5","network","general"
+"%ASA-6-737205","737205","VPNFIP: Pool=pool, INFO: message","%ASA-6-737205: VPNFIP: Pool=pool, INFO: message","This log is generated to inform of an event related to the VPN FIP database. • pool —The local pool name. • message —The details for the event.","None required","6","Informational","5","network","general"
+"%ASA-7-737206","737206","VPNFIP: Pool=pool, DEBUG: message","%ASA-7-737206: VPNFIP: Pool=pool, DEBUG: message","This log is generated to debug an event related to the VPN FIP database. • pool —The local pool name.","None required","7","Debugging","5","network","general"
+"%ASA-7-737400","737400","POOLIP: Pool=pool, Allocated ip-address from pool","%ASA-7-737400: POOLIP: Pool=pool, Allocated ip-address from pool","This log occurs an address is allocated from a local pool. • pool —The local pool name • ip-address —The IPv4 or IPv6 address specified by AAA","None required","7","Debugging","5","network","general"
+"%ASA-7-737401","737401","POOLIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","%ASA-7-737401: POOLIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","This log occurs an address returned to a local pool. The recycle flag indicates whether this address should be re-used for the next request. For rare situation, the recycle flag will be FALSE. For example, when there is an address collision—the address has been assigned to a VPN session by other means such as by AAA or DHCP. In this case, we will not immediately try to reuse that address for the next request. • pool —The local pool name • ip-address —The IPv4 or IPv6 address specified by AAA","None required","7","Debugging","5","network","general"
+"%ASA-4-737402","737402","POOLIP: Pool=pool, Failed to return ip-address to pool (recycle=recycle). Reason: message","%ASA-4-737402: POOLIP: Pool=pool, Failed to return ip-address to pool (recycle=recycle). Reason: message","This log occurs unable to return an address to an address pool. • pool —The local pool name • ip-address —The IPv4 or IPv6 address specified by AAA • message—The details of the failure. (For example, address not in pool range)","None required","4","Warning","5","network","general"
+"%ASA-3-737403","737403","POOLIP: Pool=pool, ERROR: message","%ASA-3-737403: POOLIP: Pool=pool, ERROR: message","This log is generated when an error event is detected related to an IP local pool database. • pool —The local pool name • message —The details for the event.","If error is persistent, contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-4-737404","737404","POOLIP: Pool=pool, WARN: message","%ASA-4-737404: POOLIP: Pool=pool, WARN: message","This log is generated to warn of an event related to an IP local pool database. • pool —The local pool name • message —The details for the event.","If warning is persistent, contact Cisco TAC.","4","Warning","45","network","general"
+"%ASA-5-737405","737405","POOLIP: Pool=pool, NOTIFY: message","%ASA-5-737405: POOLIP: Pool=pool, NOTIFY: message","This log is generated to notify of an event related to an IP local pool database. • pool —The local pool name • message —The details for the event.","None required","5","Notification","5","network","general"
+"%ASA-6-737406","737406","POOLIP: Pool=pool, INFO: message","%ASA-6-737406: POOLIP: Pool=pool, INFO: message","This log is generated to inform of an event related to an IP local pool database. • pool —The local pool name • message —The details for the event.","None required","6","Informational","5","network","general"
+"%ASA-7-737407","737407","POOLIP: Pool=pool, DEBUG: message","%ASA-7-737407: POOLIP: Pool=pool, DEBUG: message","This log is generated to debug an event related to an IP local pool database. • pool —The local pool name • message —The details for the event.","None required","7","Debugging","5","network","general"
+"%ASA-6-741000","741000","Coredump filesystem image created on variable_1 - size variable_2 MB","%ASA-6-741000: Coredump filesystem image created on variable_1 - size variable_2 MB","A core dump file system was successfully created. The file system is used to manage core dumps by capping the amount of disk space that core dumps may use. • variable 1 —The file system on which the core dumps are placed (for example, disk0:, disk1:, and flash:) • variable 2 —The size of the created core dump file system in MB","Make sure that you save your configuration after creating the core dump file system.","6","Informational","15","network","general"
+"%ASA-6-741001","741001","Coredump filesystem image on variable - resized from variable MB to variable MB","%ASA-6-741001: Coredump filesystem image on variable - resized from variable MB to variable MB","The core dump file system has been successfully resized. • variable 1 —The file system on which the core dumps are placed • variable 2 —The size of the previous core dump file system in MB • variable 3 —The size of the current, newly resized core dump file system in MB","Make sure that you save your configuration after resizing the core dump file system. Resizing the core dump file system deletes the contents of the existing core dump file system. As a result, make sure that you archive any information before you resize the core dump file system.","6","Informational","15","network","general"
+"%ASA-6-741002","741002","Coredump log and filesystem contents cleared on variable_1","%ASA-6-741002: Coredump log and filesystem contents cleared on variable_1","All core dumps have been deleted from the core dump file system, and the core dump log has been cleared. The core dump file system and coredump log are always synchronized with each other. • variable 1 —The file system on which the core dumps are placed (for example, disk0:, disk1:,and flash:)","None required. You can clear the core dump file system to reset it to a known state using the clear coredump command.","6","Informational","5","network","general"
+"%ASA-6-741003","741003","Coredump filesystem and it's contents removed on variable_1","%ASA-6-741003: Coredump filesystem and it's contents removed on variable_1","The core dump file system and its contents have been removed, and the core dump feature has been disabled. • variable 1 —The file system on which the core dumps are placed (for example, disk0:, disk1:,and flash:)","Make sure that you save your configuration after the core dump feature has been disabled.","6","Informational","15","network","general"
+"%ASA-6-741004","741004","Coredump configuration reset to default values","%ASA-6-741004: Coredump configuration reset to default values","The core dump configuration has been reset to its default value, which is disabled.","Make sure that you save your configuration after the core dump feature has been disabled.","6","Informational","15","network","general"
+"%ASA-4-741005","741005","Coredump operation 'variable_1' failed with error variable_2_variable_3","%ASA-4-741005: Coredump operation 'variable_1' failed with error variable_2_variable_3","An error occurred during the performance of a core dump-related operation. • variable 1 —This variable may have the following values: - CREATE_FSYS—An error occurred when creating the core dump file system. - CLEAR_LOG—An error occurred when clearing the core dump log. - DELETE_FSYS—An error occurred when deleting the core dump file system. - CLEAR_FSYS—An error occurred when removing the contents of the core dump file system. - MOUNT_FSYS—An error occurred when mounting the core dump file system. • variable 2 —The decimal number that provides additional information about the cause of the error specified in variable 1 . • variable 3 —The descriptive ASCII string associated with variable 2. The ASCII string can have the following values: - coredump files already exist - unable to create coredump filesystem - unable to create loopback device - filesystem type not supported - unable to delete the coredump filesystem - unable to delete loopback device - unable to unmount coredump filesystem - unable to mount coredump filesystem - unable to mount loopback device - unable to clear coredump filesystem - coredump filesystem not found - requested coredump filesystem too big - coredump operation aborted by administrator - coredump command execution failed - coredump IFS error encountered - coredump, unidentified error encountered","Make sure that the core dump feature is disabled in the configuration, and send the message to the Cisco TAC for further analysis.","4","Warning","55","network","general"
+"%ASA-4-741006","741006","Unable to write Coredump Helper configuration, reason variable_1","%ASA-4-741006: Unable to write Coredump Helper configuration, reason variable_1","An error occurred when writing to the coredump helper configuration file. This error occurs only if disk0: is full. The configuration file is located in disk0:.coredumpinfo/coredump.cfg. • variable 1 —This variable includes a basic file system-related string that indicates why the writing of the core dump helper configuration file failed.","Disable the core dump feature, remove unneeded items from disk0:, and then reenable core dumps, if desired.","4","Warning","55","network","general"
+"%ASA-3-742001","742001","failed to read master key for password encryption from persistent store","%ASA-3-742001: failed to read master key for password encryption from persistent store","An attempt to read the primary password encryption key from the nonvolatile memory after bootup failed. Encrypted passwords in the configuration are not decrypted unless the primary key is set to the correct value using the key config-key password encryption command.","If there are encrypted passwords in the configuration that must be used, set the primary key to the previous value used to encrypt the password using the key config-key password encryption command. If there are no encrypted passwords or they can be discarded, set a new primary key. If password encryption is not used, no action is required.","3","Error","75","network","general"
+"%ASA-3-742002","742002","failed to set master key for password encryption","%ASA-3-742002: failed to set master key for password encryption","An attempt to read the key config-key password encryption command failed. The error may be caused by the following reasons: • Configuration from a nonsecure terminal (for example, over a Telnet connection) was made. • Failover is enabled, but it does not use an encrypted link. • Another user is setting the key at the same time. • When trying to change the key, the old key is incorrect. • The key is too small to be secure. Other reasons for the error may be valid. In these cases, the actual error is printed in response to the command.","Correct the problem indicated in the command response.","3","Error","75","network","general"
+"%ASA-3-742003","742003","failed to save master key for password encryption, reason=reason_text","%ASA-3-742003: failed to save master key for password encryption, reason=reason_text","An attempt to save the primary key to nonvolatile memory failed. The actual reason is specified by the reason_text parameter. The reason can be an out-of-memory condition, or the nonvolatile store can be inconsistent.","If the problem persists, reformat the nonvolatile store that is used to save the key by using the write erase command. Before performing this step, make sure that you back up the out-of-the-box configuration. Then reenter the write erase command.","3","Error","75","network","general"
+"%ASA-3-742004","742004","failed to sync master key for password encryption, reason=reason_text","%ASA-3-742004: failed to sync master key for password encryption, reason=reason_text","An attempt to synchronize the primary key to the peer failed. The actual reason is specified by the reason_text parameter.","Try to correct the problem specified in the reason_text parameter.","3","Error","75","network","general"
+"%ASA-3-742005","742005","cipher text enc_pass is not compatible with the configured master key or the cipher text has been tampered","%ASA-3-742005: cipher text enc_pass is not compatible with the configured master key or the cipher text has been tampered","An attempt to decrypt a password failed. The password may have been encrypted using a primary key that is different from the current primary key, or the encrypted password has been changed from its original form.","If the correct primary key is not being used, correct the problem. If the encrypted password has been modified, reapply the configuration in question with a new password.","3","Error","75","network","general"
+"%ASA-3-742006","742006","password decryption failed due to unavailable memory","%ASA-3-742006: password decryption failed due to unavailable memory","An attempt to decrypt a password failed because no memory was available. Features using this password will not work as desired.","Correct the memory problem.","3","Error","75","network","general"
+"%ASA-3-742007","742007","password encryption failed due to unavailable memory","%ASA-3-742007: password encryption failed due to unavailable memory","An attempt to encrypt a password failed because no memory was available. Passwords may be left in clear text form in the configuration.","Correct the memory problem, and reapply the configuration that failed password encryption.","3","Error","75","network","general"
+"%ASA-3-742008","742008","password enc_pass decryption failed due to decoding error","%ASA-3-742008: password enc_pass decryption failed due to decoding error","Password decryption failed because of decoding errors, which may occur if the encrypted password has been modified after being encrypted.","Reapply the configuration in question with a clear text password.","3","Error","75","network","general"
+"%ASA-3-742009","742009","password encryption failed due to encoding error","%ASA-3-742009: password encryption failed due to encoding error","Password encryption failed because of decoding errors, which may be an internal software error.","Reapply the configuration in question with a clear text password. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-742010","742010","encrypted password enc_pass is not well formed","%ASA-3-742010: encrypted password enc_pass is not well formed","The encrypted password provided in the command is not well formed. The password may not be a valid, encrypted password, or it may have been modified since it was encrypted. • reason_text —A string that represents the actual cause of the failure • enc_pass —The encrypted password that is related to the issue","Reapply the configuration in question with a clear text password.","3","Error","75","network","general"
+"%ASA-1-743000","743000","The PCI device with vendor ID: vendor_id device ID: device_id located at bus:device.function (hex) bus_num:dev_num.func_num has a link link_attr_name of actual_link_attr_val when it should have a link link_attr_name of expected_link_attr_val","%ASA-1-743000: The PCI device with vendor ID: vendor_id device ID: device_id located at bus:device.function (hex) bus_num:dev_num.func_num has a link link_attr_name of actual_link_attr_val when it should have a link link_attr_name of expected_link_attr_val","A PCI device in the system is not configured correctly, which may result in the system not performing at its optimum level.","Collect the output of the show controller pci detail command, and contact the Cisco TAC.","1","Alert","75","network","general"
+"%ASA-1-743001","743001","Backplane health monitoring detected link failure","%ASA-1-743001: Backplane health monitoring detected link failure","A hardware failure has probably occurred and has been detected on one of the links between the Secure Firewall ASA Services Module and the switch chassis.","Contact the Cisco TAC.","1","Alert","85","network","general"
+"%ASA-1-743002","743002","Backplane health monitoring detected link OK","%ASA-1-743002: Backplane health monitoring detected link OK","A link has been restored between the Secure Firewall ASA Services Module and the switch chassis. However, the failure and subsequent recovery probably indicates a hardware failure.","Contact the Cisco TAC.","1","Alert","85","network","general"
+"%ASA-1-743004","743004","System is not fully operational - The PCI device with vendor ID: vendor_id (vendor_name) device ID: device_id (device_name) could not be found in the system.","%ASA-1-743004: System is not fully operational - The PCI device with vendor ID: vendor_id (vendor_name) device ID: device_id (device_name) could not be found in the system.","A PCI device in the system that is needed for it to be fully operational was not found.","Collect the output of the show controller pci detail command and contact the Cisco TAC.","1","Alert","75","network","general"
+"%ASA-3-743010","743010","EOBC RPC server failed to start for client module client_name.","%ASA-3-743010: EOBC RPC server failed to start for client module client_name.","The service failed to start for a particular client of the EOBC RPC service on the server.","Call the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-743011","743011","EOBC RPC call failed, return code code.","%ASA-3-743011: EOBC RPC call failed, return code code.","The EOBC RPC client failed to make an RPC to the intended server.","Call the Cisco TAC.","3","Error","75","network","general"
+"%ASA-6-746001","746001","user-identity: user-to-IP_address_databases started","%ASA-6-746001: user-identity: user-to-IP_address_databases started","A database (user groups, hostnames, or IP addresses) download has started.","None required.","6","Informational","5","network","general"
+"%ASA-6-746002","746002","user-identity: user-to-IP_address_databases complete","%ASA-6-746002: user-identity: user-to-IP_address_databases complete","A database (user groups, hostnames, or IP addresses) download has completed.","None required.","6","Informational","5","network","general"
+"%ASA-3-746003","746003","user-identity: user-to-IP_address_databases failed - reason","%ASA-3-746003: user-identity: user-to-IP_address_databases failed - reason","A database (user groups, hostnames, or IP addresses) download has failed because of a timeout.","Check the off-box AD agent status. If the AD agent is down, resolve that issue first. If the AD agent is up and running, try to download the database again. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-4-746004","746004","user-identity: Total number of activated user groups exceeds the maximum number of max_groups groups for this platform","%ASA-4-746004: user-identity: Total number of activated user groups exceeds the maximum number of max_groups groups for this platform","The total number of activated user groups exceeds the maximum number of 256 user groups for this platform.","Too many user groups have been configured and activated. Reduce the number of configured user groups. Run the clear user-identity user no-policy-activated command to release user records that have not been activated in any policy. Run the show user-identity user all command to check the total number of users in the database.","4","Warning","45","network","general"
+"%ASA-3-746005","746005","user-identity: The AD Agent AD_agent_IP_address cannot be reached - reasonaction","%ASA-3-746005: user-identity: The AD Agent AD_agent_IP_address cannot be reached - reasonaction","The ASA cannot reach the AD agent. There has been no response from the AD agent, or the RADIUS registration failed because the buffer was too small.","Check the network connection between the AD agent and the ASA. Try to reach another AD agent, if one is configured and available. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-4-746006","746006","user-identity: Out of sync with AD Agent, start bulk download","%ASA-4-746006: user-identity: Out of sync with AD Agent, start bulk download","The AD agent cannot update the IP-user mapping events on the ASA and the AD agent event log overflows, which causes inconsistency between the AD agent and the ASA IP-user database.","None required. If this message persists, check the connection between the AD agent and the ASA.","4","Warning","5","network","general"
+"%ASA-5-746007","746007","user-identity: NetBIOS response failed from User user_name at user_ip","%ASA-5-746007: user-identity: NetBIOS response failed from User user_name at user_ip","No NetBIOS response was received for the number of retries made.","None required.","5","Notification","5","network","general"
+"%ASA-6-746008","746008","user-identity: NetBIOS Logout Probe Process started","%ASA-6-746008: user-identity: NetBIOS Logout Probe Process started","The NetBIOS process has started.","None required.","6","Informational","5","network","general"
+"%ASA-6-746009","746009","user-identity: NetBIOS Logout Probe Process stopped","%ASA-6-746009: user-identity: NetBIOS Logout Probe Process stopped","The NetBIOS process has stopped.","None required.","6","Informational","5","network","general"
+"%ASA-3-746010","746010","user-identity: Update import-user domain_name - Import Failed group_name","%ASA-3-746010: user-identity: Update import-user domain_name - Import Failed group_name","Entering the user-identity update import-user username command failed to update a user element. Reasons for failure include the following: timeout, partial update, import aborted, group does not exist, or no reason given.","If the reason for failure does not exist, verify that the group name is correct in the policy. Otherwise, check the connectivity between the ASA and the AD server.","3","Error","85","network","general"
+"%ASA-4-746011","746011","user-identity: Total number of users created exceeds the maximum number of max_users for this platform","%ASA-4-746011: user-identity: Total number of users created exceeds the maximum number of max_users for this platform","The AD group has more than the hard-coded maximum number (64000) of levels. Too many users have been configured in the activated policy.","Change your policies so that the number of configured users and users under configured groups does not exceed the limit.","4","Warning","45","network","general"
+"%ASA-7-746012","746012","user-identity: Add IP-User mapping ip_address - domain_name\user_name result - reason","%ASA-7-746012: user-identity: Add IP-User mapping ip_address - domain_name\user_name result - reason","A new user-IP mapping has been added to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reason is VPN user. The failure reasons include the following: Maximum user limit reached and Duplicated address.","None required.","7","Debugging","5","network","general"
+"%ASA-7-746013","746013","user-identity: Delete IP-User mapping ip_address - domain_name\user name - result reason","%ASA-7-746013: user-identity: Delete IP-User mapping ip_address - domain_name\user name - result reason","A change has been made to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reasons include the following: Inactive timeout, NetBIOS probing failed, PIP notification, VPN user logout, Cut-through-proxy user logout, and MAC address mismatch. The failure reason is PIP notification.","None required.","7","Debugging","5","network","general"
+"%ASA-5-746014","746014","user-identity: [FQDN] fqdn address IP_Address obsolete","%ASA-5-746014: user-identity: [FQDN] fqdn address IP_Address obsolete","A fully qualified domain name has become obsolete.","None required.","5","Notification","5","network","general"
+"%ASA-5-746015","746015","user-identity: [FQDN] fqdn resolved IP_address","%ASA-5-746015: user-identity: [FQDN] fqdn resolved IP_address","A fully qualified domain name lookup has succeeded.","None required.","5","Notification","5","network","general"
+"%ASA-3-746016","746016","user-identity: DNS lookup for ip failed, reason:reason","%ASA-3-746016: user-identity: DNS lookup for ip failed, reason:reason","A DNS lookup has failed. Failure reasons include timeout, unresolvable, and no memory.","Verify that the FQDN is valid, and that the DNS server is reachable from the ASA. If the problem persists, contact the Cisco TAC.","3","Error","85","network","general"
+"%ASA-6-746017","746017","user-identity: Update import-user domain_name issued","%ASA-6-746017: user-identity: Update import-user domain_name issued","The user-identity update import-user command has been issued.","None required.","6","Informational","5","network","general"
+"%ASA-6-746018","746018","user-identity: Update import-user domain_name done","%ASA-6-746018: user-identity: Update import-user domain_name done","The user-identity update import-user command has been issued, and the import has been completed successfully.","None requried.","6","Informational","15","network","general"
+"%ASA-3-746019","746019","user-identity: Update AD Agent Remove IP-user mapping AD_agent_IP_Address - user_IP\domain_name failed","%ASA-3-746019: user-identity: Update AD Agent Remove IP-user mapping AD_agent_IP_Address - user_IP\domain_name failed","The ASA failed to update or remove an IP-user mapping on the AD agent.","Check the status of the AD agent and the connectivity between the ASA and the AD agent. If the problem persists, contact the Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-747001","747001","Clustering: Recovered from state machine event queue depleted. Event (event-id , ptr-in-hex , ptr-in-hex ) dropped. Current state state-name , stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex","%ASA-3-747001: Clustering: Recovered from state machine event queue depleted. Event (event-id , ptr-in-hex , ptr-in-hex ) dropped. Current state state-name , stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex","The cluster FSM event queue is full, and a new event has been dropped.","None.","3","Error","85","system","resource"
+"%ASA-5-747002","747002","Clustering: Recovered from state machine dropped event (event-id , ptr-in-hex , ptr-in-hex ). Intended state: state-name . Current state: state-name .","%ASA-5-747002: Clustering: Recovered from state machine dropped event (event-id , ptr-in-hex , ptr-in-hex ). Intended state: state-name . Current state: state-name .","The cluster FSM received an event that is incompatible with the current state.","None.","5","Notification","45","system","resource"
+"%ASA-5-747003","747003","Clustering: Recovered from state machine failure to process event (event-id , ptr-in-hex , ptr-in-hex ) at state state-name .","%ASA-5-747003: Clustering: Recovered from state machine failure to process event (event-id , ptr-in-hex , ptr-in-hex ) at state state-name .","The cluster FSM failed to process an event for all reasons given.","None.","5","Notification","35","system","resource"
+"%ASA-6-747004","747004","Clustering: state machine changed from state state-name to state-name .","%ASA-6-747004: Clustering: state machine changed from state state-name to state-name .","The cluster FSM has progressed to a new state.","None.","6","Informational","15","system","resource"
+"%ASA-7-747005","747005","Clustering: State machine notify event event-name (event-id , ptr-in-hex , ptr-in-hex )","%ASA-7-747005: Clustering: State machine notify event event-name (event-id , ptr-in-hex , ptr-in-hex )","The cluster FSM has notified clients about an event.","None.","7","Debugging","5","system","resource"
+"%ASA-7-747006","747006","Clustering: State machine is at state state-name","%ASA-7-747006: Clustering: State machine is at state state-name","The cluster FSM moved to a stable state; that is, Disabled, Slave, or Master.","None.","7","Debugging","5","system","resource"
+"%ASA-5-747007","747007","Clustering: Recovered from finding stray config sync thread, stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex .","%ASA-5-747007: Clustering: Recovered from finding stray config sync thread, stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex .","Astray configuration sync thread has been detected.","None.","5","Notification","25","system","resource"
+"%ASA-4-747008","747008","Clustering: New cluster member name with serial number serial-number-A rejected due to name conflict with existing unit with serial number serial-number-B .","%ASA-4-747008: Clustering: New cluster member name with serial number serial-number-A rejected due to name conflict with existing unit with serial number serial-number-B .","The same unit name has been configured on multiple units.","None.","4","Warning","45","system","resource"
+"%ASA-2-747009","747009","Clustering: Fatal error due to failure to create RPC server for module module name .","%ASA-2-747009: Clustering: Fatal error due to failure to create RPC server for module module name .","The Secure Firewall ASA failed to create an RPC server.","Disable clustering on this unit and try to re-enable it. Contact the Cisco TAC if the problem persists.","2","Critical","95","system","resource"
+"%ASA-3-747010","747010","Clustering: RPC call failed, message message-name , return code code-value .","%ASA-3-747010: Clustering: RPC call failed, message message-name , return code code-value .","An RPC call failure has occurred. The system tries to recover from the failure.","None.","3","Error","75","system","resource"
+"%ASA-2-747011","747011","Clustering: Memory allocation error.","%ASA-2-747011: Clustering: Memory allocation error.","A memory allocation failure occurred in clustering.","Disable clustering on this unit and try to re-enable it. If the problem persists, check the memory usage on the Secure Firewall ASA.","2","Critical","95","system","resource"
+"%ASA-3-747012","747012","Clustering: Failed to replicate global object id hex-id-value in domain domain-name to peer unit-name , continuing operation.","%ASA-3-747012: Clustering: Failed to replicate global object id hex-id-value in domain domain-name to peer unit-name , continuing operation.","A global object ID replication failure has occurred.","None.","3","Error","75","system","resource"
+"%ASA-3-747013","747013","Clustering: Failed to remove global object id hex-id-value in domain domain-name from peer unit-name , continuing operation.","%ASA-3-747013: Clustering: Failed to remove global object id hex-id-value in domain domain-name from peer unit-name , continuing operation.","A global object ID removal failure has occurred.","None.","3","Error","75","system","resource"
+"%ASA-3-747014","747014","Clustering: Failed to install global object id hex-id-value in domain domain-name , continuing operation.","%ASA-3-747014: Clustering: Failed to install global object id hex-id-value in domain domain-name , continuing operation.","A global object ID installation failure has occurred.","None.","3","Error","75","system","resource"
+"%ASA-4-747015","747015","Clustering: Forcing stray member unit-name to leave the cluster.","%ASA-4-747015: Clustering: Forcing stray member unit-name to leave the cluster.","A stray cluster member has been found.","None.","4","Warning","45","system","resource"
+"%ASA-4-747016","747016","Clustering: Found a split cluster with both unit-name-A and unit-name-B as master units. Master role retained by unit-name-A , unit-name-B will leave, then join as a slave.","%ASA-4-747016: Clustering: Found a split cluster with both unit-name-A and unit-name-B as master units. Master role retained by unit-name-A , unit-name-B will leave, then join as a slave.","A split cluster has been found.","None.","4","Warning","45","system","resource"
+"%ASA-4-747017","747017","Clustering: Failed to enroll unit unit-name due to maximum member limit limit-value reached.","%ASA-4-747017: Clustering: Failed to enroll unit unit-name due to maximum member limit limit-value reached.","The Secure Firewall ASA failed to enroll a new unit because the maximum member limit has been reached.","None.","4","Warning","55","system","resource"
+"%ASA-3-747018","747018","Clustering: State progression failed due to timeout in module module-name .","%ASA-3-747018: Clustering: State progression failed due to timeout in module module-name .","The cluster FSM progression has timed out.","None.","3","Error","75","system","resource"
+"%ASA-4-747019","747019","Clustering: New cluster member name rejected due to Cluster Control Link IP subnet mismatch (ip-address /ip-mask on new unit, ip-address /ip-mask on local unit).","%ASA-4-747019: Clustering: New cluster member name rejected due to Cluster Control Link IP subnet mismatch (ip-address /ip-mask on new unit, ip-address /ip-mask on local unit).","The control unit found that a new joining unit has an incompatible cluster interface IP address.","None.","4","Warning","45","system","resource"
+"%ASA-4-747020","747020","Clustering: New cluster member unit-name rejected due to encryption license mismatch.","%ASA-4-747020: Clustering: New cluster member unit-name rejected due to encryption license mismatch.","The control unit found that a new joining unit has an incompatible encryption license.","None.","4","Warning","45","system","resource"
+"%ASA-3-747021","747021","Clustering: Master unit unit-name is quitting due to interface health check failure on interface-name .","%ASA-3-747021: Clustering: Master unit unit-name is quitting due to interface health check failure on interface-name .","The control unit has disabled clustering because of an interface health check failure.","None.","3","Error","75","system","resource"
+"%ASA-3-747022","747022","Clustering: Asking slave unit unit-name to quit because it failed interface health check x times, rejoin will be attempted after y min. Failed interface: interface-name .","%ASA-3-747022: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times, rejoin will be attempted after y min. Failed interface: interface-name .","This syslog message occurs when the maximum number of rejoin attempts has not been exceeded. A data unit has disabled clustering because of an interface health check failure for the specified amount of time. This unit will re-enable itself automatically after the specified amount of time (ms).","None.","3","Error","75","system","resource"
+"%ASA-3-747023","747023","Master unit %s[unit name] is quitting due to Security Service Module health check failure, and master's Security Service Module state is %s[SSM state, which can be UP/DOWN/INIT]. Rejoin will be attempted after %d[rejoin delay time] minutes.","%ASA-3-747023: Master unit %s[unit name] is quitting due to Security Service Module health check failure, and master's Security Service Module state is %s[SSM state, which can be UP/DOWN/INIT]. Rejoin will be attempted after %d[rejoin delay time] minutes.","SSM health check failure on data unit; control unit asks data unit to quit with rejoin.","None.","3","Error","75","system","resource"
+"%ASA-3-747024","747024","Asking slave unit %s[unit name] to quit due to its Security Service Module health check failure, and its Security Service Module state is %s[SSM state]. The slave will decide whether to rejoin based on the configurations.","%ASA-3-747024: Asking slave unit %s[unit name] to quit due to its Security Service Module health check failure, and its Security Service Module state is %s[SSM state]. The slave will decide whether to rejoin based on the configurations.","SSM health check failure on data unit; control unit asks data unit to quit. The data unit would decide whether to rejoin or not.","None.","3","Error","75","system","resource"
+"%ASA-4-747025","747025","Clustering: New cluster member unit-name rejected due to firewall mode mismatch.","%ASA-4-747025: Clustering: New cluster member unit-name rejected due to firewall mode mismatch.","A control unit found a joining unit that has an incompatible firewall mode.","None.","4","Warning","45","system","resource"
+"%ASA-4-747026","747026","Clustering: New cluster member unit-name rejected due to cluster interface name mismatch (ifc-name on new unit, ifc-name on local unit).","%ASA-4-747026: Clustering: New cluster member unit-name rejected due to cluster interface name mismatch (ifc-name on new unit, ifc-name on local unit).","A control unit found a joining unit that has an incompatible cluster control link interface name.","None.","4","Warning","45","system","resource"
+"%ASA-4-747027","747027","Clustering: Failed to enroll unit unit-name due to insufficient size of cluster pool pool-name in context-name .","%ASA-4-747027: Clustering: Failed to enroll unit unit-name due to insufficient size of cluster pool pool-name in context-name .","A control unit could not enroll a joining unit because of the size limit of the minimal cluster pool configured.","None.","4","Warning","55","system","resource"
+"%ASA-4-747028","747028","Clustering: New cluster member unit-name rejected due to interface mode mismatch (mode-name on new unit, mode-name on local unit).","%ASA-4-747028: Clustering: New cluster member unit-name rejected due to interface mode mismatch (mode-name on new unit, mode-name on local unit).","A control unit found a joining unit that has an incompatible interface-mode, either spanned or individual.","None.","4","Warning","45","system","resource"
+"%ASA-4-747029","747029","Clustering: Unit unit-name is quitting due to Cluster Control Link down.","%ASA-4-747029: Clustering: Unit unit-name is quitting due to Cluster Control Link down.","A unit disabled clustering because of a cluster interface failure.","None.","4","Warning","55","system","resource"
+"%ASA-3-747030","747030","Clustering: Asking slave unit unit-name to quit because it failed interface health check x times (last failure on interface-name ), Clustering must be manually enabled on the unit to re-join.","%ASA-3-747030: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times (last failure on interface-name ), Clustering must be manually enabled on the unit to re-join.","An interface health check has failed and the maximum number of rejoin attempts has been exceeded. A data unit has disabled clustering because of an interface health check failure.","None.","3","Error","75","system","resource"
+"%ASA-3-747031","747031","Clustering: Platform mismatch between cluster master (platform-type ) and joining unit unit-name (platform-type ). unit-name aborting cluster join.","%ASA-3-747031: Clustering: Platform mismatch between cluster master (platform-type ) and joining unit unit-name (platform-type ). unit-name aborting cluster join.","The joining unit's platform type does not match with that of the cluster control unit. • unit-name —Name of the unit in the cluster bootstrap • platform-type —Type of Secure Firewall ASA platform","Make sure that the joining unit has the same platform type as that of the cluster control unit.","3","Error","75","system","resource"
+"%ASA-3-747032","747032","Clustering: Service module mismatch between cluster master (module-name ) and joining unit unit-name (module-name )in slot slot-number . unit-name aborting cluster join.","%ASA-3-747032: Clustering: Service module mismatch between cluster master (module-name ) and joining unit unit-name (module-name )in slot slot-number . unit-name aborting cluster join.","The joining unit's external modules are not consistent (module type and order in which they are installed) with those on the cluster control unit. • module-name— Name of the external module • unit-name —Name of the unit in the cluster bootstrap • slot-number —The number of the slot in which the mismatch occurred","Make sure that the modules installed on the joining unit are of the same type and are in the same order as they are in the cluster control unit.","3","Error","75","system","resource"
+"%ASA-3-747033","747033","Clustering: Interface mismatch between cluster master and joining unit unit-name . unit-name aborting cluster join.","%ASA-3-747033: Clustering: Interface mismatch between cluster master and joining unit unit-name . unit-name aborting cluster join.","The joining unit's interfaces are not the same as those on the cluster control unit. • unit-name —Name of the unit in the cluster bootstrap","Make sure that the interfaces available on the joining unit are the same as those on the cluster control unit.","3","Error","75","system","resource"
+"%ASA-4-747034","747034","Unit %s is quitting due to Cluster Control Link down (%d times after last rejoin). Rejoin will be attempted after %d minutes.","%ASA-4-747034: Unit %s is quitting due to Cluster Control Link down (%d times after last rejoin). Rejoin will be attempted after %d minutes.","Cluster Control Link down and the unit is kicked out with rejoin.","Wait for the unit to rejoin.","4","Warning","45","system","resource"
+"%ASA-4-747035","747035","Unit %s is quitting due to Cluster Control Link down. Clustering must be manually enabled on the unit to rejoin.","%ASA-4-747035: Unit %s is quitting due to Cluster Control Link down. Clustering must be manually enabled on the unit to rejoin.","Cluster Control Link down and the unit is kicked out without rejoin.","Rejoin the unit manually.","4","Warning","45","system","resource"
+"%ASA-3-747036","747036","Application software mismatch between cluster master %s[Master unit name] (%s[Master application software name]) and joining unit (%s[Joining unit application software name]). %s[Joining member name] aborting cluster join.","%ASA-3-747036: Application software mismatch between cluster master %s[Master unit name] (%s[Master application software name]) and joining unit (%s[Joining unit application software name]). %s[Joining member name] aborting cluster join.","The applications on control unit and the joining data unit are not the same. Data unit will be kicked out.","Make sure that the data unit run the same applications/services, and manually rejoin the unit.","3","Error","75","system","resource"
+"%ASA-3-747037","747037","Asking slave unit %s to quit due to its Security Service Module health check failure %d times, and its Security Service Module state is %s. Rejoin will be attempted after %d minutes.","%ASA-3-747037: Asking slave unit %s to quit due to its Security Service Module health check failure %d times, and its Security Service Module state is %s. Rejoin will be attempted after %d minutes.","SSM health check failure on data unit; control unit asks data unit to quit with rejoin.","None.","3","Error","75","system","resource"
+"%ASA-3-747038","747038","Asking slave unit %s to quit due to Security Service Module health check failure %d times, and its Security Service Card Module is %s. Clustering must be manually enabled on this unit to rejoin.","%ASA-3-747038: Asking slave unit %s to quit due to Security Service Module health check failure %d times, and its Security Service Card Module is %s. Clustering must be manually enabled on this unit to rejoin.","SSM health check failure on data; control unit asks data unit to quit with rejoin.","Manually rejoin the unit.","3","Error","75","system","resource"
+"%ASA-3-747039","747039","Unit %s is quitting due to system failure for %d time(s) (last failure is %s[cluster system failure reason]). Rejoin will be attempted after %d minutes.","%ASA-3-747039: Unit %s is quitting due to system failure for %d time(s) (last failure is %s[cluster system failure reason]). Rejoin will be attempted after %d minutes.","Clustering system failure, and the unit kicks itself out with rejoin","None required.","3","Error","5","system","resource"
+"%ASA-3-747040","747040","Unit %s is quitting due to system failure for %d time(s) (last failure is %s[cluster system failure reason]). Clustering must be manually enabled on the unit to rejoin.","%ASA-3-747040: Unit %s is quitting due to system failure for %d time(s) (last failure is %s[cluster system failure reason]). Clustering must be manually enabled on the unit to rejoin.","Clustering system failure and the unit kicks itself out without rejoin","Manually rejoin the unit.","3","Error","75","system","resource"
+"%ASA-3-747041","747041","Master unit %s is quitting due to interface health check failure on %s[interface name], %d times. Clustering must be manually enabled on the unit to rejoin.","%ASA-3-747041: Master unit %s is quitting due to interface health check failure on %s[interface name], %d times. Clustering must be manually enabled on the unit to rejoin.","Interface health check failure on control unit; control unit kicks itself out with rejoin.","Manually rejoin the unit.","3","Error","75","system","resource"
+"%ASA-3-747042","747042","Clustering: Master received the config hash string request message from an unknown member with id cluster-member-id","%ASA-3-747042: Clustering: Master received the config hash string request message from an unknown member with id cluster-member-id","Control unit received the config hash string request event.","Verify requestor member is still in OnCall state.","3","Error","75","system","resource"
+"%ASA-3-747043","747043","Clustering: Get config hash string from master error: ret_code ret_code, string_len string_len","%ASA-3-747043: Clustering: Get config hash string from master error: ret_code ret_code, string_len string_len","Failed to get config hash string from control unit. • ret_code","Contact technical support to troubleshoot the issue on control unit. Ensure to turn on 'debug cluster ccp’ to identify the root cause.","3","Error","75","system","resource"
+"%ASA-6-747044","747044","Configuration Hash string verification result","%ASA-6-747044: Configuration Hash string verification result","The result of configuration hash string comparison.. • result","None required.","6","Informational","5","system","resource"
+"%ASA-5-748001","748001","Module slot_number in chassis chassis_number is leaving the cluster due to a chassis configuration change","%ASA-5-748001: Module slot_number in chassis chassis_number is leaving the cluster due to a chassis configuration change","A cluster control link has changed in the MIO, a cluster group has been removed in the MIO, or a blade module has been removed in the MIO configuration. • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","None required.","5","Notification","5","network","general"
+"%ASA-4-748002","748002","Clustering configuration on the chassis is missing or incomplete; clustering is disabled","%ASA-4-748002: Clustering configuration on the chassis is missing or incomplete; clustering is disabled","Configurations are missing or incomplete in the MIO (for example, a cluster group is not configured, or a cluster control link is not configured). • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","Go to the MIO console and configure the cluster service type, add the module to the service type, and define the cluster control link accordingly.","4","Warning","45","network","general"
+"%ASA-4-748003","748003","Module slot_number in chassis chassis_number is leaving the cluster due to a chassis health check failure","%ASA-4-748003: Module slot_number in chassis chassis_number is leaving the cluster due to a chassis health check failure","The blade cannot talk to the MIO, so it relies on the MIO to detect this communication problem and de-bundle the data ports. If data ports are de-bundled, the Secure Firewall ASA will be kicked out by an interface health check. • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","Check if the MIO card is up or if the communication between the MIO and the blade is still up.","4","Warning","45","network","general"
+"%ASA-5-748004","748004","Module slot_number in chassis chassis_number is re-joining the cluster due to a chassis health check recovery","%ASA-5-748004: Module slot_number in chassis chassis_number is re-joining the cluster due to a chassis health check recovery","The MIO blade health check has recovered, and the Secure Firewall ASA tries to rejoin the cluster. • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","Check if the MIO card is up or if the communication between the MIO and the blade is still up","5","Notification","25","network","general"
+"%ASA-3-748005","748005","Failed to bundle the ports for module slot_number in chassis chassis_number ; clustering is disabled","%ASA-3-748005: Failed to bundle the ports for module slot_number in chassis chassis_number ; clustering is disabled","The MIO failed to bundle the ports for itself. • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","Check if the MIO is operating correctly.","3","Error","75","network","general"
+"%ASA-3-748006","748006","Asking module slot_number in chassis chassis_number to leave the cluster due to a port bundling failure","%ASA-3-748006: Asking module slot_number in chassis chassis_number to leave the cluster due to a port bundling failure","The MIO failed to bundle ports for a blade, so the blade has been kicked out. • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","Check if the MIO is operating correctly.","3","Error","75","network","general"
+"%ASA-2-748007","748007","Failed to de-bundle the ports for module slot_number in chassis chassis_number ; traffic may be black holed","%ASA-2-748007: Failed to de-bundle the ports for module slot_number in chassis chassis_number ; traffic may be black holed","The MIO failed to de-bundle the ports. • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","Check if the MIO is operating correctly.","2","Critical","95","network","general"
+"%ASA-6-748008","748008","[CPU load percentage | memory load percentage ] of module slot_number in chassis chassis_number (member-name ) exceeds overflow protection threshold [CPU percentage | memory percentage ]. System may be oversubscribed on member failure.","%ASA-6-748008: [CPU load percentage | memory load percentage ] of module slot_number in chassis chassis_number (member-name ) exceeds overflow protection threshold [CPU percentage | memory percentage ]. System may be oversubscribed on member failure.","The CPU load has exceeded (N-1)/N, where N is the total number of active cluster members, or the memory load has exceeded (100 – x) * (N – 1) / N + x, where N is the number of cluster members, and x is the baseline memory usage of the last joining member. • percentage —The CPU load or memory load percentile data • slot_number —The blade slot ID within the chassis • chassis_number —The chassis ID, which is unique for each chassis","Re-plan the network and clustering deployment. Either reduce the amount of traffic or add more blades/chassis.","6","Informational","25","network","general"
+"%ASA-6-748009","748009","[CPU load percentage | memory load percentage ] of chassis chassis_number exceeds overflow protection threshold [CPU percentage | memory percentage }. System may be oversubscribed on chassis failure.","%ASA-6-748009: [CPU load percentage | memory load percentage ] of chassis chassis_number exceeds overflow protection threshold [CPU percentage | memory percentage }. System may be oversubscribed on chassis failure.","The chassis traffic load exceeded a certain threshold. • percentage —The CPU load or memory load percentile data • chassis_number —The chassis ID, which is unique for each chassis","Re-plan the network and clustering deployment. Either reduce the amount of traffic or add more blades/chassis.","6","Informational","25","network","general"
+"%ASA-3-748100","748100","&lt;application_name&gt; application status is changed from &lt;status&gt; to &lt;status&gt;.","%ASA-3-748100: &lt;application_name&gt; application status is changed from &lt;status&gt; to &lt;status&gt;.","Detect the application status change from one state to another. Application status change will trigger application health check mechanism. • application name—snort or disk_full • status—init, up, down","Verify the status of the application.","3","Error","75","network","general"
+"%ASA-3-748101","748101","Peer unit &lt;unit_id&gt; reported its &lt;application_name&gt; application status is &lt;status&gt;.","%ASA-3-748101: Peer unit &lt;unit_id&gt; reported its &lt;application_name&gt; application status is &lt;status&gt;.","Peer unit reported application status change that will trigger application health check mechanism. • unit id—the unit id • application name—snort or disk_full","Verify the status of the application.","3","Error","75","network","general"
+"%ASA-3-748102","748102","Master unit &lt;unit_id&gt; is quitting due to &lt;application_name&gt; Application health check failure, and master's application state is &lt;status&gt;.","%ASA-3-748102: Master unit &lt;unit_id&gt; is quitting due to &lt;application_name&gt; Application health check failure, and master's application state is &lt;status&gt;.","Application health check detects that the control unit is not healthy. The control unit will leave the cluster group. • unit id—the unit id • application name—snort or disk_full • status—init, up, down","Verify the status of the application. When the application (snort) is up again, the unit will rejoin automatically.","3","Error","75","network","general"
+"%ASA-3-748103","748103","Asking slave unit &lt;unit_id&gt; to quit due to &lt;application_name&gt; Application health check failure, and slave's application state is &lt;status&gt;.","%ASA-3-748103: Asking slave unit &lt;unit_id&gt; to quit due to &lt;application_name&gt; Application health check failure, and slave's application state is &lt;status&gt;.","Application health check detects that the data unit is not healthy. Control unit will evict the data node. • unit id—the unit id • application name—snort or disk_full • status—init, up, down","Verify the status of the application. When the application (snort) is up again, the unit will rejoin automatically.","3","Error","75","network","general"
+"%ASA-4-748201","748201","&lt;Application name&gt; application on module &lt;module id&gt; in chassis &lt;chassis id&gt; is &lt;status&gt;.","%ASA-4-748201: &lt;Application name&gt; application on module &lt;module id&gt; in chassis &lt;chassis id&gt; is &lt;status&gt;.","Status of the application in the service chain gets changed. • status—up, down","Verify the status of the application in the service chain.","4","Warning","55","network","general"
+"%ASA-3-748202","748202","Module &lt;module_id&gt; in chassis &lt;chassis id&gt; is leaving the cluster due to &lt;application name&gt; application failure\n.","%ASA-3-748202: Module &lt;module_id&gt; in chassis &lt;chassis id&gt; is leaving the cluster due to &lt;application name&gt; application failure\n.","Unit will be kicked out of cluster if the application such as vDP, fails.","Verify the status of the application in the service chain.","3","Error","75","network","general"
+"%ASA-5-748203","748203","Module &lt;module_id&gt; in chassis &lt;chassis id&gt; is re-joining the cluster due to a service chain application recovery\n.","%ASA-5-748203: Module &lt;module_id&gt; in chassis &lt;chassis id&gt; is re-joining the cluster due to a service chain application recovery\n.","Unit automatically rejoins the cluster if the service chain application such as vDP, recovers.","Verify the status of the application in the service chain.","5","Notification","35","network","general"
+"%ASA-5-750001","750001","Local:local IP :local port Remote:remote IP : remote port Username: username Received request to request an IPsec tunnel; local traffic selector = local selectors: range, protocol, port range ; remote traffic selector = remote selectors: range, protocol, port range","%ASA-5-750001: Local:local IP :local port Remote:remote IP : remote port Username: username Received request to request an IPsec tunnel; local traffic selector = local selectors: range, protocol, port range ; remote traffic selector = remote selectors: range, protocol, port range","A request is being made for an operation on the IPsec tunnel such as a rekey, a request to establish a connection, and so on. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection • remote IP:remote port — Remote IP address for this request. Peer IP address and port number that the connection is coming from • username —Username of the requester for remote access, if known, or the tunnel group • local selectors —Locally configured traffic selectors or proxies that are being used for this IPsec tunnel • remote selectors —Remote peers requested traffic selectors or proxies for this IPsec tunnel","None required.","5","Notification","5","network","general"
+"%ASA-5-750002","750002","Local:local IP :local port Remote: remote IP : remote port Username: username Received a IKE_INIT_SA request","%ASA-5-750002: Local:local IP :local port Remote: remote IP : remote port Username: username Received a IKE_INIT_SA request","An incoming tunnel or SA initiation request (IKE_INIT_SA request) has been received. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection • remote IP:remote port — Remote IP address for this request. Peer IP address and port number that the connection is coming from • username —Username of the requester for remote access, if known, or the tunnel group","None required.","5","Notification","5","network","general"
+"%ASA-4-750003","750003","Local: local IP:local port Remote: remote IP:remote port Username: username Negotiation aborted due to ERROR: error","%ASA-4-750003: Local: local IP:local port Remote: remote IP:remote port Username: username Negotiation aborted due to ERROR: error","The negotiation of an SA was aborted because of the provided error reason. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection • remote IP:remote port — Remote IP address for this request. Peer IP address and port number that the connection is coming from • username —Username of the requester for remote access, if known yet • error —Error reason for aborting the negotiation. Errors include the following: - Failed to send data on the network - Asynchronous request queued - Failed to enqueue packet - A supplied parameter is incorrect - Failed to allocate memory - Failed the cookie negotiation - Failed to find a matching policy - Failed to locate an item in the database - Failed to initialize the policy database - Failed to insert a policy into the database - The peer's proposal is invalid - Failed to compute the DH value - Failed to construct a NONCE - An expected payload is missing from the packet - Failed to compute the SKEYSEED - Failed to create child SA keys - The peer's KE payload contained the wrong DH group - Received invalid KE notify, yet we've tried all configured DH groups - Failed to compute a hash value - Failed to authenticate the IKE SA - Failed to compute or verify a signature - Failed to validate the certificate - The certificate has been revoked and is consequently invalid - Failed to build or process a certificate request - We requested a certificate, but the peer supplied none - While sending the certificate chain, peer did not send its certificate as the first in the chain - Detected an unsupported ID type - Failed to construct an encrypted payload - Failed to decrypt an encrypted payload","Review the syslog and follow the flow of the logs to determine if this syslog is the final in the exchange and if it is the cause of a potential failure or a transient error that was renegotiated through. For example, a peer may suggest a DH group via the KE payload that is not configured that causes an initial request to fail, but the correct DH group is communicated so that the peer can come back with the correct group in a new request.","4","Warning","65","network","general"
+"%ASA-5-750004","750004","Local: local IP: local port Remote: remote IP: remote port Username: username Sending COOKIE challenge to throttle possible DoS","%ASA-5-750004: Local: local IP: local port Remote: remote IP: remote port Username: username Sending COOKIE challenge to throttle possible DoS","An incoming connection request was challenged with a cookie based on the cookie challenge thresholds that are configured to prevent a possible DoS attack. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection • remote IP:remote port — Remote IP address for this request. Peer IP address and port number that the connection is coming from • username —Username of the requester for remote access, if known yet","None required.","5","Notification","45","network","general"
+"%ASA-5-750005","750005","Local: local IP: local port Remote: remote IP: remote port Username: username IPsec rekey collision detected. I am lowest nonce initiator, deleting SA with inbound SPI SPI","%ASA-5-750005: Local: local IP: local port Remote: remote IP: remote port Username: username IPsec rekey collision detected. I am lowest nonce initiator, deleting SA with inbound SPI SPI","A rekey collision was detected (both peers trying to initiate a rekey at the same time), and it was resolved by keeping the one initiated by this Secure Firewall ASA because it had the lowest nonce. This action caused the indicated SA referenced by the SPI to be deleted. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection • remote IP:remote port — Remote IP address for this request. Peer IP address and port number that the connection is coming from • username —Username of the requester for remote access, if known yet • SPI —SPI handle of the SA being deleted by resolving the rekey collision that was detected","None required.","5","Notification","5","network","general"
+"%ASA-5-750006","750006","Local: local IP: local port Remote: remote IP: remote port Username: username SA UP. Reason: reason","%ASA-5-750006: Local: local IP: local port Remote: remote IP: remote port Username: username SA UP. Reason: reason","An SA came up for the given reason, such as for a newly established connection or a rekey.","None required.","5","Notification","5","network","general"
+"%ASA-5-750007","750007","Local: local IP: local port Remote: remote IP: remote port Username: username SA DOWN. Reason: reason","%ASA-5-750007: Local: local IP: local port Remote: remote IP: remote port Username: username SA DOWN. Reason: reason","An SA was torn down or deleted for the given reason, such as a request by the peer, operator request (via an administrator action), rekey, and so on. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection • remote IP:remote port — Remote IP address for this request. Peer IP address and port number that the connection is coming from • username —Username of the requester for remote access, if known yet • reason —Reason that the SA came into the DOWN state","None required.","5","Notification","5","network","general"
+"%ASA-5-750008","750008","Local: local IP: local port Remote: remote IP: remote port Username: username SA rejected due to system resource low","%ASA-5-750008: Local: local IP: local port Remote: remote IP: remote port Username: username SA rejected due to system resource low","An SA request was rejected to alleviate a low system resource condition. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection • remote IP:remote port — Remote IP address for this request. Peer IP address and port number that the connection is coming from • username —Username of the requester for remote access, if known yet","Check CAC settings for IKEv2 to determine if this is expected behavior based on configured thresholds; otherwise, if the condition persists, investigate further to alleviate the issue.","5","Notification","35","network","general"
+"%ASA-5-750009","750009","Local: local IP: local port Remote: remote IP: remote port Username: username SA request rejected due to CAC limit reached: Rejection reason: reason","%ASA-5-750009: Local: local IP: local port Remote: remote IP: remote port Username: username SA request rejected due to CAC limit reached: Rejection reason: reason","A Connection Admission Control (CAC) limiting threshold was reached, which caused the SA request to be rejected. • local IP:local port — Local IP address for this request. The Secure Firewall ASA IP address and port number used for this connection","Check CAC settings for IKEv2 to determine if this is expected behavior based on configured thresholds; otherwise, if the condition persists, investigate further to alleviate the issue.","5","Notification","35","network","general"
+"%ASA-5-750010","750010","Local: local-ip Remote: remote-ip Username:username IKEv2 local throttle-request queue depth threshold of threshold reached; increase the window size on peer peer for better performance","%ASA-5-750010: Local: local-ip Remote: remote-ip Username:username IKEv2 local throttle-request queue depth threshold of threshold reached; increase the window size on peer peer for better performance","The Secure Firewall ASA overflowed its throttle request queue to the specified peer, indicating that the peer is slow. The throttle request queue holds requests destined for the peer, which cannot be sent immediately because the maximum number of requests allowed to be in-flight based on the IKEv2 window size were already in-flight. As in-flight requests are completed, requests are pulled off of the throttle request queue and sent to the peer. If the peer is not processing these requests quickly, the throttle queue backs up.","If possible, increase the IKEv2 window size on the remote peer to allow more concurrent requests to be in-flight, which may improve performance. The Secure Firewall ASA does not currently support an increased IKEv2 window size setting. Note","5","Notification","25","network","general"
+"%ASA-3-750011","750011","Tunnel Rejected: Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).","%ASA-3-750011: Tunnel Rejected: Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).","The tunnel was rejected because the selected IKEv2 encryption algorithm is not strong enough to secure the proposed IPSEC encryption algorithm.","Configure a stronger IKEv2 encryption algorithm to match or exceed the strength of the IPsec child SA encryption algorithm.","3","Error","65","network","general"
+"%ASA-4-750012","750012","Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).","%ASA-4-750012: Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).","The selected IKEv2 encryption algorithm is not strong enough to secure the proposed IPSEC encryption algorithm.","Configure a stronger IKEv2 encryption algorithm to match or exceed the strength of the IPsec child SA encryption algorithm.","4","Warning","45","network","general"
+"%ASA-5-750013","750013","IKEv2 SA (iSPI ISPI rRSP rSPI) Peer Moved: Previous prev_remote_ip:prev_remote_port/prev_local_ip:prev_local_port. Updated new_remote_ip:new_remote_port/new_local_ip:new_local_port","%ASA-5-750013: IKEv2 SA (iSPI ISPI rRSP rSPI) Peer Moved: Previous prev_remote_ip:prev_remote_port/prev_local_ip:prev_local_port. Updated new_remote_ip:new_remote_port/new_local_ip:new_local_port","The new mobike feature allows peer IP to be changed without tearing down the tunnel. For example, a mobile device (smartphone) acquires new IP after connecting to a different network.The following list describes the message values: • ip —Specifies the previous, the new local, and remote IP addresses • port —Specifies the previous, the new local, and remote port information • SPI —Indicates the Initiator and Responder SPI • iSPI —Specifies the Initiator SPI • rSPI —Specifies the Responder SPI","Contact the Development engineers.","5","Notification","25","network","general"
+"%ASA-4-750014","750014","Local:self ip:self port Remote:peer ip:peer port Username:TG or Username IKEv2 Session aborted. Reason: Initial Contact received for Local ID: self ID, Remote ID: peer ID from remote peer:peer ip:peer port to self ip:self port","%ASA-4-750014: Local:self ip:self port Remote:peer ip:peer port Username:TG or Username IKEv2 Session aborted. Reason: Initial Contact received for Local ID: self ID, Remote ID: peer ID from remote peer:peer ip:peer port to self ip:self port","For ASA IKEv2, the initial contact (IC) processing is done based on peer IP/Port and ASA IP/Port pairs and the stale sessions get deleted based on these IP/Port pairs. This could be a problem with NAT as IP/Port of peer may change for connections and the stale sessions would not get cleaned up based on IP/Port pairs. As per the IKEv2 RFC , the Initial Contact processing will be switched to use Identity pairs so that the stale sessions can be identified based on peer and ASA identities and clear them. The identities can be IPs, hostnames, Certificate DNs, and so on. This syslog displays the exact reason for clearing the stale sessions. This syslog will be generated on ASA after clearing a stale session from a peer while negotiating a new IKEv2 session with the same peer. This syslog is applicable only for standalone and clustering site-to-site VPNs and not for RA.","IKEv2 session Initial Contact processing is done to reset state between peers and clear the stale sessions. If sessions are getting cleared unexpectedly due to Initial Contact processing, ensure that all peers are configured with unique identities.","4","Warning","45","network","general"
+"%ASA-4-750015","750015","Local:self ip:self port Remote:peer ip:peer port Username:TG or Username deleting IPSec SA. Reason: invalid SPI notification received for SPI 0xSPI; local traffic selector = Address Range: start address-end address Protocol: protocol number Port Range: start port-end port ; remote traffic selector = Address Range: start address-end address Protocol: protocol number Port Range: start port-end port","%ASA-4-750015: Local:self ip:self port Remote:peer ip:peer port Username:TG or Username deleting IPSec SA. Reason: invalid SPI notification received for SPI 0xSPI; local traffic selector = Address Range: start address-end address Protocol: protocol number Port Range: start port-end port ; remote traffic selector = Address Range: start address-end address Protocol: protocol number Port Range: start port-end port","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","An out-of-sync IKEv2 child condition was detected and handled. No action is required.","4","Warning","45","network","general"
+"%ASA-7-750016","750016","Local: localIP:port Remote:remoteIP:port Username:username Need to send a DPD message to peer","%ASA-7-750016: Local: localIP:port Remote:remoteIP:port Username:username Need to send a DPD message to peer","The device may have terminated a connection to the peer. Dead peer detection needs to be performed for the specified peer to determine if it is still alive. The following describes the message values: • localIP:port —The local IP address and port number • remoteIP:port —The remote IP address and port number • username —The username associated with this connection attempt","No action is required.","7","Debugging","5","network","general"
+"%ASA-3-751001","751001","Failed to complete Diffie-Hellman operation. Error: error.","%ASA-3-751001: Failed to complete Diffie-Hellman operation. Error: error.","A failure to complete a Diffie-Hellman operation occurred, as indicated by the error. • error —The error string that indicates the specific error","A low memory issue or other internal error that should be resolved has occurred. If it persists, use the memory tracking tool to isolate the issue.","3","Error","75","system","cluster"
+"%ASA-3-751002","751002","No pre-shared key or trustpoint configured for self in tunnel group group","%ASA-3-751002: No pre-shared key or trustpoint configured for self in tunnel group group","The Secure Firewall ASA was unable to find any type of authentication information in the tunnel group that it could use to authenticate itself to the peer. • group —The name of the tunnel group","Check the tunnel group configuration, and configure a preshared key or certificate for self-authentication in the indicated tunnel group.","3","Error","75","system","cluster"
+"%ASA-7-751003","751003","Need to send a DPD message to peer","%ASA-7-751003: Need to send a DPD message to peer","Dead peer detection needs to be performed for the specified peer to determine if it is still alive. The Secure Firewall ASA may have terminated a connection to the peer.","None required.","7","Debugging","5","system","cluster"
+"%ASA-3-751004","751004","No remote authentication method configured for peer in tunnel group group","%ASA-3-751004: No remote authentication method configured for peer in tunnel group group","A method to authenticate the remote peer was not found in the configuration to allow the connection. • group —The name of the tunnel group","Check the configuration to make sure that a valid remote peer authentication setting is present.","3","Error","65","system","cluster"
+"%ASA-3-751005","751005","AnyConnect client reconnect authentication failed. Session ID: session_id, Error: error","%ASA-3-751005: AnyConnect client reconnect authentication failed. Session ID: session_id, Error: error","A failure occurred during an AnyConnect client reconnection attempt using the session token. • session_id —The session ID used to try to reconnect • error —The error string to indicate the specific error that occurred during the reconnection attempt","Take action according to the error specified, if necessary. The error may indicate that a session was removed instead of remaining in resume state because a client disconnect was detected or sessions were cleared on the Secure Firewall ASA. If necessary, also compare this message to the event logs on the Anyconnect client.","3","Error","95","system","cluster"
+"%ASA-3-751006","751006","Certificate authentication failed. Error: error","%ASA-3-751006: Certificate authentication failed. Error: error","A failure related to certificate authentication occurred. • error —The error string to indicate the specific certificate authentication failure","Take action according to the error specified, if necessary. Check the certificate trustpoint configuration and make sure that the necessary CA certificate exists to be able to correctly verify client certificate chains. Use the debug crypto ca commands to isolate the failure.","3","Error","100","system","cluster"
+"%ASA-5-751007","751007","Configured attribute not supported for IKEv2. Attribute: attribute","%ASA-5-751007: Configured attribute not supported for IKEv2. Attribute: attribute","A configured attribute could not be applied to the IKE version 2 connection because it is not supported for IKE version 2 connections. • attribute —The attribute that is configured to be applied","None required, To eliminate this message from being generated, you can remove the IKE version 2 configuration setting.","5","Notification","5","system","cluster"
+"%ASA-3-751008","751008","Group=group, Tunnel rejected: IKEv2 not enabled in group policy","%ASA-3-751008: Group=group, Tunnel rejected: IKEv2 not enabled in group policy","IKE version 2 is not allowed based on the enabled protocols for the indicated group to which a connection attempt was mapped, and the connection was rejected. • group —The tunnel group used for connection","Check the group policy VPN tunnel protocol setting and enable IKE version 2, if desired.","3","Error","65","system","cluster"
+"%ASA-3-751009","751009","Unable to find tunnel group for peer.","%ASA-3-751009: Unable to find tunnel group for peer.","A tunnel group could not be found for the peer.","Check the configuration and tunnel group mapping rules, then configure them to allow the peer to land on a configured group.","3","Error","75","system","cluster"
+"%ASA-3-751010","751010","Local: localIP:port Remote:remoteIP:port Username: username/group Unable to determine self-authentication method. No crypto map setting or tunnel group found.","%ASA-3-751010: Local: localIP:port Remote:remoteIP:port Username: username/group Unable to determine self-authentication method. No crypto map setting or tunnel group found.","A method for authenticating the Secure Firewall ASA to the peer could not be found in either the tunnel group or crypto map. • localIP:port —The local IP address and port number • remoteIP:port —The remote IP address and port number • username/group —The username or group associated with this connection attempt","Check the configuration, and configure a self-authentication method in the crypto map for the initiator L2L or in the applicable tunnel group.","3","Error","65","system","cluster"
+"%ASA-3-751011","751011","Failed user authentication. Error: error","%ASA-3-751011: Failed user authentication. Error: error","A failure occurred during user authentication within EAP for an IKE version 2 remote access connection. • error —The error string that indicates the specific error","Make sure that the correct authentication credentials were provided and debug further to determine the exact cause of failure, if necessary.","3","Error","75","system","cluster"
+"%ASA-3-751012","751012","Failure occurred during Configuration Mode processing. Error: error","%ASA-3-751012: Failure occurred during Configuration Mode processing. Error: error","A failure occurred during configuration mode processing while settings were being applied to the connection. • error —The error string that indicates the specific error","Take action based on the indicated error. Use the debug crypto ikev2 commands to determine the cause of the failure, or debug the indicated subsystem that is specified by the error, if necessary.","3","Error","75","system","cluster"
+"%ASA-3-751013","751013","Failed to process Configuration Payload request for attribute attribute_id. Error: error","%ASA-3-751013: Failed to process Configuration Payload request for attribute attribute_id. Error: error","The Configuration Payload request failed to process and generate a Configuration Payload response for an attribute that was requested by the peer. • attribute_id — The attribute ID on which the failure occurred • error —The error string that indicates the specific error","A memory error, configuration error, or another type of error has occurred. Use the debug crypto ikev2 commands to help isolate the cause of the failure.","3","Error","75","system","cluster"
+"%ASA-4-751014","751014","Warning Configuration Payload request for attribute attribute_id could not be processed. Error: error","%ASA-4-751014: Warning Configuration Payload request for attribute attribute_id could not be processed. Error: error","A warning occurred while processing a CP request to generate a CP response for a requested attribute. • attribute_id — The attribute ID on which the failure occurred • error —The error string that indicates the specific error","Take action based on the attribute indicated in the warning and the indicated warning message. For example, a newer client is being used with an older Secure Firewall ASA image, which does not understand a new attribute that has been added to the client. An upgrade of the Secure Firewall ASA image may be necessary to allow the attribute to be processed.","4","Warning","65","system","cluster"
+"%ASA-4-751015","751015","SA request rejected by CAC. Reason: reason","%ASA-4-751015: SA request rejected by CAC. Reason: reason","The connection was rejected by the call admission control to protect the Secure Firewall ASA based on configured thresholds or conditions indicated by the reason listed. • reason —The reason that the SA request was rejected","Check the reason and resolve the condition if a new connection should have been accepted or change the configured thresholds.","4","Warning","45","system","cluster"
+"%ASA-4-751016","751016","Remote L2L Peer initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!","%ASA-4-751016: Remote L2L Peer initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!","The peer may be configured for originate-only connections based on the received outer and inner IP addresses for the tunnel.","Check the L2L peer configuration.","4","Warning","45","system","cluster"
+"%ASA-3-751017","751017","Configuration Error: error_description.","%ASA-3-751017: Configuration Error: error_description.","An error in the configuration that prevented the connection has been detected. • error description —A brief description of the configuration error","Correct the configuration based on the indicated error.","3","Error","65","system","cluster"
+"%ASA-3-751018","751018","Terminating the VPN connection attempt from attempted group.","%ASA-3-751018: Terminating the VPN connection attempt from attempted group.","The tunnel group over which the connection is attempted is not the same as the tunnel group set in the group lock. • attempted group —The tunnel group over which the connection came in","Check the group-lock value in the group policy or the user attributes.","3","Error","65","system","cluster"
+"%ASA-4-751019","751019","Failed to obtain an licenseType license. Maximum license limit limit exceeded.","%ASA-4-751019: Failed to obtain an licenseType license. Maximum license limit limit exceeded.","A session creation failed because the maximum license limit was exceeded, which caused a failure to either initiate or respond to a tunnel request. • licenseType — License type that was exceeded (other VPN or AnyConnect Premium/Essentials) • limit —Number of licenses allowed and was exceeded","Make sure that enough licenses are available for all allowed users and/or obtain more licenses to allow the rejected connections. For multiple context mode, allow more licenses for the context that reported the failure, if necessary.","4","Warning","55","system","cluster"
+"%ASA-3-751020","751020","Local:%A:%u Remote:%A:%u Username:%s An %s remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (%s) without an AnyConnect Premium license.","%ASA-3-751020: Local:%A:%u Remote:%A:%u Username:%s An %s remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (%s) without an AnyConnect Premium license.","An IKEv2 remote access tunnel could not be created because the AnyConnect Premium license was applied but explicitly disabled with the anyconnect-essentials command in the webvpn configuration mode.","Make sure that an AnyConnect Premium license is installed on the Secure Firewall ASA is configured in the remote access IKEv2 policies or IPsec proposals.","3","Error","65","system","cluster"
+"%ASA-4-751021","751021","variable_1 variable_2 with variable_3 encryption is not supported with this version of the AnyConnect Client. Please upgrade to the latest Anyconnect Client.","%ASA-4-751021: variable_1 variable_2 with variable_3 encryption is not supported with this version of the AnyConnect Client. Please upgrade to the latest Anyconnect Client.","An out-of-date AnyConnect client tried to connect to an Secure Firewall ASA that has IKEv2 with AES-GCM encryption policy configured. • variable_1 —Username of the AnyConnect client (may be unknown because this occurs before the user enters a username) • variable_2 —Connection protocol type (IKEv1, IKEv2) • variable_3 —Combined mode encryption type (AES-GCM, AES-GCM 256)","Upgrade the AnyConnect client to the latest version to use IKEv2 with AES-GCM encryption.","4","Warning","55","system","cluster"
+"%ASA-3-751022","751022","Tunnel rejected: Crypto Map Policy not found for remote traffic selector rem-ts-start/rem-ts-end/rem-ts.startport/rem-ts.endport/rem-ts.protocol local traffic selector local-ts-start/local-ts-end/local-ts.startport/local-ts.endport/local-ts.protocol!","%ASA-3-751022: Tunnel rejected: Crypto Map Policy not found for remote traffic selector rem-ts-start/rem-ts-end/rem-ts.startport/rem-ts.endport/rem-ts.protocol local traffic selector local-ts-start/local-ts-end/local-ts.startport/local-ts.endport/local-ts.protocol!","The Secure Firewall ASA was not able to find security policy information for the private networks or hosts indicated in the message. These networks or hosts were sent by the initiator and do not match any crypto ACLs at the Secure Firewall ASA. This is most likely a misconfiguration. • rem-ts-start —Remote traffic selector start address • rem-ts-end —Remote traffic selector end address • rem-ts.startport —Remote traffic selector start port • rem-ts.endport —Remote traffic selector end port • rem-ts.protocol —Remote traffic selector protocol • local-ts-start —Local traffic selector start address • local-ts-end —Local traffic selector end address • local-ts.startport —Local traffic selector start port • local-ts.endport —Local traffic selector end port • local-ts.protocol —Local traffic selector protocol","Check the protected network configuration in the crypto ACLs on both sides and make sure that the local network on the initiator is the remote network on the responder and vice-versa. Pay special attention to wildcard masks and host addresses as compared to network addresses. Non-Cisco implementations may have the private addresses labeled as proxy addresses or “red” networks.","3","Error","65","system","cluster"
+"%ASA-6-751023","751023","Unknown client connection.","%ASA-6-751023: Unknown client connection.","An unknown non-Cisco IKEv2 client has connected to the Secure Firewall ASA.","Upgrade to a Cisco-supported IKEv2 client.","6","Informational","25","system","cluster"
+"%ASA-3-751024","751024","IPv6 User Filter tempipv6 configured. This setting has been deprecated, terminating connection","%ASA-3-751024: IPv6 User Filter tempipv6 configured. This setting has been deprecated, terminating connection","The IPv6 VPN filter has been deprecated and if it is configured instead of a unified filter for IPv6 traffic access control, the connection will be terminated.","Configure a unified filter with IPv6 entries to control IPv6 traffic for the user.","3","Error","65","system","cluster"
+"%ASA-5-751025","751025","Group:group-policy IPv4 Address=assigned_IPv4_addr IPv6 address=assigned_IPv6_addr assigned to session","%ASA-5-751025: Group:group-policy IPv4 Address=assigned_IPv4_addr IPv6 address=assigned_IPv6_addr assigned to session","This message displays the assigned IP address information for the AnyConnect IKEv2 connection of the specified user. • group-policy —The group policy that allowed the user to gain access • assigned_IPv4_addr —The IPv4 address that is assigned to the client • assigned_IPv6_addr —The IPv6 address that is assigned to the client","None required.","5","Notification","5","system","cluster"
+"%ASA-6-751026","751026","Client OS: client-os Client: client-name client-version","%ASA-6-751026: Client OS: client-os Client: client-name client-version","The indicated user is attempting to connect with the shown operating system and client version. • client-os —The operating system reported by the client • client-name —The client name reported by the client (usually AnyConnect) • client-version —The client version reported by the client","None required.","6","Informational","5","system","cluster"
+"%ASA-4-751027","751027","Received INVALID_SELECTORS Notification. Peer received a packet (SPI= spi). The decapsulated inner packet didn't match the negotiated policy in the SA. Packet destination pkt_daddr, port pkt_dest_port, source pkt_saddr, port pkt_src_port, protocol pkt_prot.","%ASA-4-751027: Received INVALID_SELECTORS Notification. Peer received a packet (SPI= spi). The decapsulated inner packet didn't match the negotiated policy in the SA. Packet destination pkt_daddr, port pkt_dest_port, source pkt_saddr, port pkt_src_port, protocol pkt_prot.","A peer received a packet on an IPsec security association (SA) that did not match the negotiated traffic descriptors for that SA. The peer sent an INVALID_SELECTORS notification containing the SPI and packet data for the offending packet.","Copy the error message, the configuration, and any details about the events leading up to this error, then submit them to Cisco TAC.","4","Warning","55","system","cluster"
+"%ASA-5-751028","751028","Overriding configured keepalive values of threshold:config_threshold/retry:config_retry to threshold:applied_threshold/retry:applied_retry.","%ASA-5-751028: Overriding configured keepalive values of threshold:config_threshold/retry:config_retry to threshold:applied_threshold/retry:applied_retry.","When configured for distributed-site to site with clustering, the keepalive threshold and retry intervals should be increased to prevent overloading the system. If the configured values are below these required values, the required values will be applied. The following list describes the message values: • config_threshold — The configured keepalive threshold for tunnel-group • config_retry — The configured keepalive retry for tunnel-group • applied_threshold — The keepalive threshold being applied • applied_retry — The keepalive retry being applied","Configure to at least the required minimum values.","5","Notification","25","system","cluster"
+"%ASA-2-752001","752001","Tunnel Manager received invalid parameter to remove record","%ASA-2-752001: Tunnel Manager received invalid parameter to remove record","A failure to remove a record from the tunnel manager that might prevent future tunnels to the same peer from initiating has occurred.","Reloading the device will remove the record, but if the error persists or recurs, perform additional debugging of the specific tunnel attempt.","2","Critical","100","network","general"
+"%ASA-7-752002","752002","Tunnel Manager Removed entry. Map Tag = mapTag . Map Sequence Number = mapSeq .","%ASA-7-752002: Tunnel Manager Removed entry. Map Tag = mapTag . Map Sequence Number = mapSeq .","An entry to initiate a tunnel was successfully removed. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","None required.","7","Debugging","5","network","general"
+"%ASA-5-752003","752003","Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2. Map Tag = mapTag . Map Sequence Number = mapSeq","%ASA-5-752003: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2. Map Tag = mapTag . Map Sequence Number = mapSeq","An attempt is being made to initiate an IKEv2 tunnel that was based on the crypto map indicated. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","None required.","5","Notification","5","network","general"
+"%ASA-5-752004","752004","Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = mapTag . Map Sequence Number = mapSeq","%ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = mapTag . Map Sequence Number = mapSeq","An attempt is being made to initiate an IKEv1 tunnel that was based on the crypto map indicated. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","None required.","5","Notification","5","network","general"
+"%ASA-2-752005","752005","Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Memory may be low. Map Tag = mapTag . Map Sequence Number = mapSeq.","%ASA-2-752005: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Memory may be low. Map Tag = mapTag . Map Sequence Number = mapSeq.","An attempt to dispatch a tunnel initiation attempt failed because of an internal error, such as a memory allocation failure. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","Use the memory tracking tools and additional debugging to isolate the issue.","2","Critical","95","network","general"
+"%ASA-3-752006","752006","Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group. Map Tag = Tag . Map Sequence Number = num, SRC Addr: address port: port Dst Addr: address port: port .","%ASA-3-752006: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group. Map Tag = Tag . Map Sequence Number = num, SRC Addr: address port: port Dst Addr: address port: port .","An attempt to dispatch a tunnel initiation attempt failed because of a configuration error of the indicated crypto map or associated tunnel group. • Tag —Name of the crypto map for which the initiation entry was removed • num —Sequence number of the crypto map for which the initiation entry was removed • address —The source IP address or destination IP address • port —The source port number or destination port number","Check the configuration of the tunnel group and crypto map indicated to make sure that it is complete.","3","Error","75","network","general"
+"%ASA-3-752007","752007","Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Entry already in Tunnel Manager. Map Tag = mapTag . Map Sequence Number = mapSeq","%ASA-3-752007: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Entry already in Tunnel Manager. Map Tag = mapTag . Map Sequence Number = mapSeq","An attempt was made to re-add an existing entry into the tunnel manager. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","If the issue persists, make sure that the configuration of the peer will allow the tunnel, and debug further to make sure that the tunnel manager entries are being added and removed correctly during tunnel initiation and successful or failed initiation attempts. Debug IKE version 2 or IKE version 1 connections further, because they may still be in the process of creating the tunnel.","3","Error","75","network","general"
+"%ASA-7-752008","752008","Duplicate entry already in Tunnel Manager","%ASA-7-752008: Duplicate entry already in Tunnel Manager","A duplicate request to initiate a tunnel was made, and the tunnel manager is already attempting to initiate the tunnel.","None required. If the issue persists, either IKE version 1 or IKE version 2 may have attempted a tunnel initiation and not have timed out yet. Debug further using the applicable commands to make sure that the tunnel manager entry is removed after successful or failed initiation attempts.","7","Debugging","5","network","general"
+"%ASA-4-752009","752009","IKEv2 Doesn't support Multiple Peers","%ASA-4-752009: IKEv2 Doesn't support Multiple Peers","An attempt to initiate a tunnel with IKE version 2 failed because the crypto map is configured with multiple peers, which is not supported for IKE version 2. Only IKE version 1 supports multiple peers.","Check the configuration to make sure that multiple peers are not expected for IKE version 2 site-to-site initiation.","4","Warning","55","network","general"
+"%ASA-4-752010","752010","IKEv2 Doesn't have a proposal specified","%ASA-4-752010: IKEv2 Doesn't have a proposal specified","No IPsec proposal was found to be able to initiate an IKE version 2 tunnel .","Check the configuration, then configure an IKE version 2 proposal that can be used to initiate the tunnel, if necessary.","4","Warning","45","network","general"
+"%ASA-4-752011","752011","IKEv1 Doesn't have a transform set specified","%ASA-4-752011: IKEv1 Doesn't have a transform set specified","No IKE version 1 transform set was found to be able to initiate an IKE version 2 tunnel.","Check the configuration, then configure an IKE version 2 transform set that can be used to initiate the tunnel, if necessary.","4","Warning","45","network","general"
+"%ASA-4-752012","752012","IKEv protocol was unsuccessful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .","%ASA-4-752012: IKEv protocol was unsuccessful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .","The indicated protocol failed to initiate a tunnel using the configured crypto map. • protocol— IKE version number 1 or 2 for IKEv1 or IKEv2 • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","Check the configuration, then debug further within the indicated protocol to determine the cause of the failed tunnel attempt.","4","Warning","55","network","general"
+"%ASA-4-752013","752013","Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .","%ASA-4-752013: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .","The tunnel manager is attempting to initiate the tunnel again after it failed. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","Check the configuration, and make sure that the crypto maps are correctly configured. Then determine if the tunnel is successfully created on the second attempt.","4","Warning","55","network","general"
+"%ASA-4-752014","752014","Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .","%ASA-4-752014: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .","The tunnel manager is falling back and attempting to initiate the tunnel using IKE version 1 after the tunnel failed. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","Check the configuration, and make sure that the crypto maps are correctly configured. Then determine if the tunnel is successfully created on the second attempt.","4","Warning","55","network","general"
+"%ASA-3-752015","752015","Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .","%ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .","An attempt to bring up an L2L tunnel to a peer failed after trying with all configured protocols. • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","Check the configuration, and make sure that the crypto maps are correctly configured. Debug the individual protocols to isolate the cause of the failure.","3","Error","75","network","general"
+"%ASA-5-752016","752016","IKEv protocol was successful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq.","%ASA-5-752016: IKEv protocol was successful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq.","The indicated protocol (IKE version 1 or IKE version 2) successfully created an L2L tunnel. • protocol— IKE version number 1 or 2 for IKEv1 or IKEv2 • mapTag —Name of the crypto map for which the initiation entry was removed • mapSeq —Sequence number of the crypto map for which the initiation entry was removed","None required.","5","Notification","5","network","general"
+"%ASA-4-752017","752017","IKEv2 Backup L2L tunnel initiation denied on interface interface matching crypto map name, sequence number number . Unsupported configuration.","%ASA-4-752017: IKEv2 Backup L2L tunnel initiation denied on interface interface matching crypto map name, sequence number number . Unsupported configuration.","The Secure Firewall ASA uses IKEv1 to initiate the connection because IKEv2 does not support the backup L2L feature.","None required if IKEv1 is enabled. You must enable IKEv1 to use the backup L2L feature.","4","Warning","65","network","general"
+"%ASA-4-753001","753001","Unexpected IKEv2 packet received from ip_address:port. Error: reason","%ASA-4-753001: Unexpected IKEv2 packet received from ip_address:port. Error: reason","This syslog is generated when an IKEv2 packet is received when the cluster is operating in Distributed VPN clustering mode and fails early consistency and/or error checks performed on it in the datapath. • ip_address—source IP address from where the packet was received • port—source port from where the packet was received • reason—Reason why the packet is considered invalid. This value could be Corrupted SPI detected or Expired SPI received.","None required if IKEv1 is enabled. You must enable IKEv1 to use the backup L2L feature.","4","Warning","75","network","general"
+"%ASA-6-767001","767001","Inspect-name : Dropping an unsupported IPv6/IP46/IP64 packet from interface :IP Addr to interface :IP Addr (fail-close)","%ASA-6-767001: Inspect-name : Dropping an unsupported IPv6/IP46/IP64 packet from interface :IP Addr to interface :IP Addr (fail-close)","A fail-close option was set for a service policy, and a particular inspect received an IPv6, IP64, or IP46 packet. Based on the fail-close option setting, this syslog message is generated and the packet is dropped.","None required.","6","Informational","35","network","general"
+"%ASA-3-768001","768001","QUOTA: resource utilization is high: requested req, current curr, warning level level","%ASA-3-768001: QUOTA: resource utilization is high: requested req, current curr, warning level level","A system resource allocation level has reached its warning threshold. In the case of a management session, the resource is simultaneous administrative sessions. • resource— The name of the system resource; in this case, it is a management session. • req —The number requested; for a management session, it is always 1. • curr —The current number allocated; equals level for a management session • level —The warning threshold, which is 90 percent of the configured limit","None required.","3","Error","5","network","general"
+"%ASA-3-768002","768002","QUOTA: resource quota exceeded: requested req, current curr, limit limit","%ASA-3-768002: QUOTA: resource quota exceeded: requested req, current curr, limit limit","A request for a system resource would have exceeded its configured limit and was denied. In the case of a management session, the maximum number of simultaneous administrative sessions on the system has been reached. • resource— The name of the system resource; in this case, it is a management session. • req —The number requested; for a management session, it is always 1. • curr —The current number allocated; equals level for a management session • limit —The configured resource limit","None required.","3","Error","95","network","general"
+"%ASA-3-768003","768003","QUOTA: management_session quota exceeded for user user_name: current 3,user limit 3","%ASA-3-768003: QUOTA: management_session quota exceeded for user user_name: current 3,user limit 3","The current management session exceeded the configured limits for the user. • current —The current number allocated for management session for the user • limit —The configured management session limit. The default value being 15.","None required.","3","Error","5","network","general"
+"%ASA-3-768004","768004","QUOTA: management_session quota exceeded for ssh/telnet/http protocol: current 2, protocol limit 2","%ASA-3-768004: QUOTA: management_session quota exceeded for ssh/telnet/http protocol: current 2, protocol limit 2","The maximum number of management sessions for the protocol - ssh, telnet, or http exceeded the configured limit. • current —The current number allocated for a management session • limit —The configured resource limit per protocol. The default values being 5.","None required.","3","Error","5","network","general"
+"%ASA-5-769001","769001","UPDATE: ASA image 'src' was added to system boot list","%ASA-5-769001: UPDATE: ASA image 'src' was added to system boot list","The system image has been updated. The name of a file previously downloaded onto the system has been added to the system boot list. • src— The name or URL of the source image file","None required.","5","Notification","5","network","general"
+"%ASA-5-769002","769002","UPDATE: ASA image 'src' was copied to 'dest'","%ASA-5-769002: UPDATE: ASA image 'src' was copied to 'dest'","The system image has been updated. An image file has been copied onto the system. • src— The name or URL of the source image file • dest —The name of the destination image file","None required.","5","Notification","5","network","general"
+"%ASA-5-769003","769003","UPDATE: ASA image 'src' was renamed to 'dest'","%ASA-5-769003: UPDATE: ASA image 'src' was renamed to 'dest'","The system image has been updated. An existing image file has been renamed to an image file name in the system boot list. • src— The name or URL of the source image file • dest —The name of the destination image file","None required.","5","Notification","5","network","general"
+"%ASA-2-769004","769004","UPDATE: ASA image 'src_file' failed verification, reason: failure_reason","%ASA-2-769004: UPDATE: ASA image 'src_file' failed verification, reason: failure_reason","The image failed verification from either the copy command or verify command. • src_file — The file name or URL of the source image file • failure_reason —The file name of the destination image file","Possible failure reasons are: insufficient system memory, no image found in file, checksum failed, signature not found in file, signature invalid, signature algorithm not supported, signature processing issue","2","Critical","100","network","general"
+"%ASA-5-769005","769005","UPDATE: ASA image 'image_name' passed verification","%ASA-5-769005: UPDATE: ASA image 'image_name' passed verification","This is a notification message indicating that the image passed verification. • image_name — The file name of the Secure Firewall ASA image file","None Required.","5","Notification","5","network","general"
+"%ASA-3-769006","769006","UPDATE: ASA boot system image 'image_name' was not found on disk","%ASA-3-769006: UPDATE: ASA boot system image 'image_name' was not found on disk","This is an error message indicating that the file configured in the boot system list could not be located on disk. • image_name — The file name of the Secure Firewall ASA image file","If the device fails to boot, change the boot system command to point to a valid file or install the missing file to the disk before rebooting the device.","3","Error","65","network","general"
+"%ASA-6-769007","769007","UPDATE: Image version is version_number","%ASA-6-769007: UPDATE: Image version is version_number","This message appears when the device is upgraded. • version_number — The version number of the Secure Firewall ASA image file","None required.","6","Informational","5","network","general"
+"%ASA-4-769009","769009","UPDATE: Image booted image_name is different from boot images","%ASA-4-769009: UPDATE: Image booted image_name is different from boot images","This is an error message appears after upgrading the device indicating that the file configured is different from the existing list of boot images. • image_name — The file name of the Secure Firewall ASA image file","None required.","4","Warning","5","network","general"
+"%ASA-4-770001","770001","Resource resource allocation is more than the permitted limit of limit. If this condition persists, the ASA will be rebooted","%ASA-4-770001: Resource resource allocation is more than the permitted limit of limit. If this condition persists, the ASA will be rebooted","The CPU or memory resource allocation for the Secure Firewall ASA virtual machine has exceeded the allowed limit for this platform. This condition does not occur unless the setting for the Secure Firewall ASA virtual machine has been changed from that specified in the software downloaded from Cisco.com.","To continue Secure Firewall ASA operation, change the CPU or memory resource allocation of the virtual machine to what was specified with the software downloaded from Cisco.com.or to the resource limits specified in the Cisco ASA 1000V CLI Configuration Guide for this platform.","4","Warning","55","network","general"
+"%ASA-1-770002","770002","Resource resource allocation is more than the permitted limit of limit, Device will be rebooted","%ASA-1-770002: Resource resource allocation is more than the permitted limit of limit, Device will be rebooted","The CPU or memory resource allocation for the Secure Firewall ASA virtual machine has exceeded the allowed limit for this platform. This condition does not occur unless the setting for the Secure Firewall ASA virtual machine has been changed from that specified in the software downloaded from Cisco.com. The Secure Firewall ASA will continue to reboot if the resource allocation is not changed.","Change the CPU or memory reosurce allocation to the virtual machine to what was specified with the software downloaded from Cisco.com.or to the resource limits specified in the Cisco ASA 1000V CLI Configuration Guide for this platform.","1","Alert","85","network","general"
+"%ASA-4-770003","770003","Resource resource allocation is less than the minimum requirement of value.","%ASA-4-770003: Resource resource allocation is less than the minimum requirement of value.","The CPU or memory resource allocation to the Secure Firewall ASA virtual machine is less than the minimum requirement for this platform. If this condition persists, performance will be lower than normal.","To continue Secure Firewall ASA operation, change the CPU or memory reosurce allocation of the virtual machine to what was specified with the software downloaded from Cisco.","4","Warning","45","network","general"
+"%ASA-5-771001","771001","CLOCK: System clock set, source: src, before: time, after: time","%ASA-5-771001: CLOCK: System clock set, source: src, before: time, after: time","The system clock was set from a local source. • src— The time protocol, which can be any of the following: NTP, SNTP, VINES, or the RFC-868 time protocol • ip —The IP address of the time server • time —The time string in the form, “Sun Apr 1 12:34:56.789 EDT 2012”","None required.","5","Notification","5","network","general"
+"%ASA-5-771002","771002","CLOCK: System clock set, source: src, IP: ip, before: time, after: time","%ASA-5-771002: CLOCK: System clock set, source: src, IP: ip, before: time, after: time","The system clock was set from a remote source. • src— The time source, which can be either manual or hardware calendar • ip —The IP address of the time server • time —The time string in the form, “Sun Apr 1 12:34:56.789 EDT 2012”","None required.","5","Notification","5","network","general"
+"%ASA-3-771003","771003","CLOCK: Hardware clock UIP bit is set to 1, for duration secs, start time duration secs, end time duration secs. Read clock time from linux system clock","%ASA-3-771003: CLOCK: Hardware clock UIP bit is set to 1, for duration secs, start time duration secs, end time duration secs. Read clock time from linux system clock","Rate-limited.","None required.","3","Error","5","network","general"
+"%ASA-3-772002","772002","PASSWORD: console login warning, user username, cause: password expired","%ASA-3-772002: PASSWORD: console login warning, user username, cause: password expired","A user logged into the system console with an expired password, which is permitted to avoid system lockout. • username— The name of the user","The user should change the login password.","3","Error","65","network","general"
+"%ASA-2-772003","772003","PASSWORD: session login failed, user username, IP ip, cause: password expired","%ASA-2-772003: PASSWORD: session login failed, user username, IP ip, cause: password expired","A user logged tried to log into the system with an expired password and was denied access. • session— The session type, which can be SSH or Telnet • username— The name of the user • ip —The IP address of the user","If the user has authorized access, an administrator must change the password for the user. Unauthorized access attempts should trigger an appropriate response, for example. traffic from that IP address can be blocked.","2","Critical","100","network","general"
+"%ASA-3-772004","772004","PASSWORD: session login failed, user username, IP ip, cause: password expired","%ASA-3-772004: PASSWORD: session login failed, user username, IP ip, cause: password expired","A user logged tried to log into the system with an expired password and was denied access. • session— The session type, which is ASDM • username— The name of the user • ip —The IP address of the user","If the user has authorized access, an administrator must change the password for the user. Unauthorized access attempts should trigger an appropriate response, for example. traffic from that IP address can be blocked.","3","Error","95","network","general"
+"%ASA-6-772005","772005","REAUTH: user 'username' passed authentication","%ASA-6-772005: REAUTH: user 'username' passed authentication","The user authenticated successfully after changing the password. • username— The name of the user","None required.","6","Informational","5","network","general"
+"%ASA-2-772006","772006","REAUTH: user 'username' failed authentication","%ASA-2-772006: REAUTH: user 'username' failed authentication","The user entered the wrong password while trying to change it. As a result, the password was not changed. • username— The name of the user","The user should retry changing the password using the change-password command.","2","Critical","95","network","general"
+"%ASA-2-774001","774001","POST: unspecified error","%ASA-2-774001: POST: unspecified error","The crypto service provider failed the power on self-test.","Contact the Cisco TAC.","2","Critical","95","network","general"
+"%ASA-2-774002","774002","POST: error 'err', func 'func', engine eng, algorithm alg, mode mode, dir dir, key len len","%ASA-2-774002: POST: error 'err', func 'func', engine eng, algorithm alg, mode mode, dir dir, key len len","The crypto service provider failed the power on self-test. • err —The failure cause • func —The function • eng —The engine, which can be NPX, Nlite, or software • alg —The algorithm, which can be any of the following: RSA, DSA, DES, 3DES, AES, RC4, MD5, SHA1, SHA256, SHA386, SHA512, HMAC-MD5, HMAC-SHA1, HMAC-SHA2, or AES-XCBC • mode —The mode, which can be any of the following: none, CBC, CTR, CFB, ECB, stateful-RC4, or stateless-RC4 • dir —Either encryption or decryption • len —The key length in bits","Contact the Cisco TAC.","2","Critical","95","network","general"
+"%ASA-6-775001","775001","Scansafe: protocol connection conn_id from interface_name:real_address/real_port (idfw_user) to interface_name:real_address/real_port redirected to server_interface_name:server_ip_address","%ASA-6-775001: Scansafe: protocol connection conn_id from interface_name:real_address/real_port (idfw_user) to interface_name:real_address/real_port redirected to server_interface_name:server_ip_address","A ScanSafe server is configured, and traffic matches a policy that has been configured to redirect the connection to the ScanSafe server for content scanning and other malware protection services.","None required.","6","Informational","35","network","general"
+"%ASA-4-775002","775002","Scansafe: Reason - protocol connection conn_id from interface_name:real_address/real_port (idfw_user) to interface_name:real_address/real_port is action locally","%ASA-4-775002: Scansafe: Reason - protocol connection conn_id from interface_name:real_address/real_port (idfw_user) to interface_name:real_address/real_port is action locally","If the source IP address and port of the new ScanSafe redirected connection matches the existing connection, then the ASA drops the new connection and this syslog message is generated. • Reason —Duplicate connection with same source address and port port","Make sure of all of the following: • The ScanSafe license key is configured. • The public key is configured. • The ScanSafe server is reachable by the ASA. • The maximum number of connections has not been reached. Configuring PAT and ScanSafe on a single connection are not recommended. Note","4","Warning","65","network","general"
+"%ASA-6-775003","775003","Scansafe: protocol connection conn_id from interface_name:real_address/real_port (idfw_user) to interface_name:real_address/real_port is whitelisted","%ASA-6-775003: Scansafe: protocol connection conn_id from interface_name:real_address/real_port (idfw_user) to interface_name:real_address/real_port is whitelisted","The traffic has been matched and does not need to be redirected to the ScanSafe server for content scanning, but can be sent directly to the intended web server.","None required.","6","Informational","35","network","general"
+"%ASA-4-775004","775004","Scansafe: Primary server server-name:ip_address is unreachable","%ASA-4-775004: Scansafe: Primary server server-name:ip_address is unreachable","The primary ScanSafe server is not reachable on either of the configured HTTP or HTTPS ports.","None required.","4","Warning","65","network","general"
+"%ASA-6-775005","775005","Scansafe: Primary server server-name:ip_address is now reachable","%ASA-6-775005: Scansafe: Primary server server-name:ip_address is now reachable","The primary ScanSafe server is reachable on both of the configured HTTP and HTTPS ports.","None required.","6","Informational","35","network","general"
+"%ASA-6-775006","775006","Scansafe: Reachable backup server interface:ip_address is now active","%ASA-6-775006: Scansafe: Reachable backup server interface:ip_address is now active","If the primary ScanSafe server becomes unreachable, the ASA checks the connectivity to the configured backup ScanSafe server; if the backup server is reachable, it becomes the active server.","None required.","6","Informational","35","network","general"
+"%ASA-2-775007","775007","Scansafe: No reachable servers found","%ASA-2-775007: Scansafe: No reachable servers found","Neither the primary nor backup ScanSafe server is reachable. Based on the configured default action( fail_close or fail_open), traffic is getting dropped or sent to the web server without being redirected.","If both the ScanSafe servers are not reachable, you can change the ScanSafe configuration to fail_open to send traffic to the web server without having it redirected to the ScanSafe server. This configuration changes the default action to permit.","2","Critical","100","network","general"
+"%ASA-3-776001","776001","CTS SXP: Configured source IP source ip error","%ASA-3-776001: CTS SXP: Configured source IP source ip error","An error occurred while using this configured source IP address to set up an SXP connection. • source ip —IPv4 or IPv6 source address • error —Detailed message regarding what type of error occurs while using the configured address to set up the SXP connection, which can be one of the following: - Does not belong to this device. - Does not match outbound interface IP address.","Reconfigure the SXP connection to have a valid source IP address. Alternatively, unconfigure the source IP address and let the device select the correct source IP address based on a route lookup.","3","Error","75","system","hardware"
+"%ASA-3-776002","776002","CTS SXP: Invalid message from peer peer IP : error","%ASA-3-776002: CTS SXP: Invalid message from peer peer IP : error","An error occurred while parsing an SXP message. • peer IP —IPv4 or IPv6 peer address • error — Description of message parsing problem","Contact the Cisco TAC for assistance.","3","Error","75","system","hardware"
+"%ASA-3-776003","776003","CTS SXP: Connection with peer peer IP failed: error","%ASA-3-776003: CTS SXP: Connection with peer peer IP failed: error","An SXP configuration error occurred. The connection cannot be set up correctly.","Make sure that the connection configurations on both ends have the correct mode and IP addresses.","3","Error","75","system","hardware"
+"%ASA-3-776004","776004","CTS SXP: Fail to start listening socket after TCP process restart.","%ASA-3-776004: CTS SXP: Fail to start listening socket after TCP process restart.","The SXP on this device cannot accept SXP connection setup requests from remote devices, because it cannot update the binding manager.","Disable and reenable the SXP feature to see if the listening socket can be restarted.","3","Error","65","system","hardware"
+"%ASA-3-776005","776005","CTS SXP: Binding Binding IP - SGname (SGT ) from peer IP instance connection instance num error .","%ASA-3-776005: CTS SXP: Binding Binding IP - SGname (SGT ) from peer IP instance connection instance num error .","An SXP binding update error has occurred. • Binding IP —IPv4 or IPv6 binding address • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT . • peer IP —IPv4 or IPv6 peer address that sent the binding • connection instance num —Instance number of the SXP connection from which the binding came • error —Detailed message about the binding error","Contact the Cisco TAC for assistance.","3","Error","65","system","hardware"
+"%ASA-3-776006","776006","CTS SXP: Internal error: error","%ASA-3-776006: CTS SXP: Internal error: error","The CTS SXP system encountered an internal failure. • error —Detailed message about the SXP internal error, which can be one of the following: - Source IP address of existing SXP connection cannot change. - Password type of existing connection cannot change. - Connection mode is the same as the existing configuration. - IP address does not exist.","Contact the Cisco TAC for assistance.","3","Error","75","system","hardware"
+"%ASA-3-776007","776007","CTS SXP: Connection with peer peer IP (instance connection instance num ) state changed from original state to Off.","%ASA-3-776007: CTS SXP: Connection with peer peer IP (instance connection instance num ) state changed from original state to Off.","The CTS SXP system encountered an internal failure, because the SXP connection with the specified instance number changed its state to off. • peer IP —IPv4 or IPv6 peer address • connection instance num —SXP connection instance number • original state —Original connection state","None required.","3","Error","5","system","hardware"
+"%ASA-6-776008","776008","CTS SXP: Connection with peer IP (instance connection instance num ) state changed from original state to final state .","%ASA-6-776008: CTS SXP: Connection with peer IP (instance connection instance num ) state changed from original state to final state .","The SXP connection with the specified instance number changed state. • peer IP —IPv4 or IPv6 peer address • source IP —IPv4 or IPv6 source address • connection instance num —SXP connection instance number • original state —Original connection state • final state —Final connection state, which can be any state except the Off state.","None required.","6","Informational","5","system","hardware"
+"%ASA-5-776009","776009","CTS SXP: password changed.","%ASA-5-776009: CTS SXP: password changed.","The SXP system password has been changed.","None required.","5","Notification","5","system","hardware"
+"%ASA-5-776010","776010","CTS SXP: SXP default source IP is changed original source IP final source IP .","%ASA-5-776010: CTS SXP: SXP default source IP is changed original source IP final source IP .","The SXP default source IP address has been changed on this device. • original source IP —IPv4 or IPv6 original default source IP address • final source IP —IPv4 or IPv6 final default source IP address","None required.","5","Notification","5","system","hardware"
+"%ASA-5-776011","776011","CTS SXP: operational state .","%ASA-5-776011: CTS SXP: operational state .","The SXP feature has changed operational state and works only when the feature is enabled. • operational state —Flags the state whether CTS SXP is enabled or disabled.","None required.","5","Notification","5","system","hardware"
+"%ASA-7-776012","776012","CTS SXP: timer name timer started for connection with peer peer IP .","%ASA-7-776012: CTS SXP: timer name timer started for connection with peer peer IP .","The specified SXP timer started. • peer IP —IPv4 or IPv6 peer address. For timers that are not triggered by connection-based events, that is, the retry open timer, a default IP address of 0.0.0.0 is used. • timer name —Timer name","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776013","776013","CTS SXP: timer name timer stopped for connection with peer peer IP .","%ASA-7-776013: CTS SXP: timer name timer stopped for connection with peer peer IP .","The specified SXP timer stopped. • peer IP —IPv4 or IPv6 peer address. For timers that are not triggered by connection-based events, that is, the retry open timer, a default IP address of 0.0.0.0 is used. • timer name —Timer name","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776014","776014","CTS SXP: SXP received binding forwarding request (action ) binding binding IP - SGname (SGT ).","%ASA-7-776014: CTS SXP: SXP received binding forwarding request (action ) binding binding IP - SGname (SGT ).","The SXP received a binding forwarding request. The request comes from the binding manager when it wants SXP to broadcast the latest net binding changes within the binding manager. • action —Add or delete operation • binding IP —IPv4 or IPv6 binding address • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT .","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776015","776015","CTS SXP: Binding binding IP - SGname (SGT ) is forwarded to peer peer IP (instance connection instance num ).","%ASA-7-776015: CTS SXP: Binding binding IP - SGname (SGT ) is forwarded to peer peer IP (instance connection instance num ).","The SXP forwarded binding to the peer. • binding IP —IPv4 or IPv6 binding address • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT . • peer IP —IPv4 or IPv6 peer address • connection instance num —SXP connection instance number","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776016","776016","CTS SXP: Binding binding IP - SGName (SGT ) from peer peer IP (instance binding's connection instance num ) changed from old instance: old instance num , old sgt: old SGName (SGT ).","%ASA-7-776016: CTS SXP: Binding binding IP - SGName (SGT ) from peer peer IP (instance binding's connection instance num ) changed from old instance: old instance num , old sgt: old SGName (SGT ).","Binding changed in the SXP database. • binding IP —IPv4 or IPv6 binding address • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT . • peer IP —Binding source IPv4 or IPv6 address • binding’s connection instance num —SXP connection instance number • old instance num —Old connection instance number on which the binding was learned • old SGName (SGT )—Binding old SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT .","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776017","776017","CTS SXP: Binding binding IP - SGname (SGT) from peer peer IP (instance connection instance num ) deleted in SXP database.","%ASA-7-776017: CTS SXP: Binding binding IP - SGname (SGT) from peer peer IP (instance connection instance num ) deleted in SXP database.","Binding was deleted in the SXP database. • binding IP —IPv4 or IPv6 binding address • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT . • peer IP —Binding source IPv4 or IPv6 peer address • connection instance num —SXP connection instance number","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776018","776018","CTS SXP: Binding binding IP - SGname (SGT) from peer peer IP (instance connection instance num ) added in SXP database.","%ASA-7-776018: CTS SXP: Binding binding IP - SGname (SGT) from peer peer IP (instance connection instance num ) added in SXP database.","Binding was aded in the SXP database. • binding IP —IPv4 or IPv6 binding address • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT . • peer IP —Binding source IPv4 or IPv6 peer address • connection instance num —SXP connection instance number","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776019","776019","CTS SXP: Binding binding IP - SGname (SGT ) action taken . Update binding manager.","%ASA-7-776019: CTS SXP: Binding binding IP - SGname (SGT ) action taken . Update binding manager.","The SXP updated the binding manager with the binding change. • binding IP —IPv4 or IPv6 binding address • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT . • action taken —Action taken, which can be one of the following: added, deleted, or changed.","None required.","7","Debugging","5","system","hardware"
+"%ASA-3-776020","776020","CTS SXP: Unable to locate egress interface to peer peer IP .","%ASA-3-776020: CTS SXP: Unable to locate egress interface to peer peer IP .","The ASA cannot locate the egress interface to the SXP peer. • binding IP —IPv4 or IPv6 address","Make sure that the SXP peer is routable from the device.","3","Error","75","system","hardware"
+"%ASA-4-776201","776201","CTS Env: PAC for Server IP_address, A-ID PAC_issuer_name will expire in number days","%ASA-4-776201: CTS Env: PAC for Server IP_address, A-ID PAC_issuer_name will expire in number days","A CTS PAC is nearing its expiration date.","Obtain a new PAC and import it.","4","Warning","45","system","hardware"
+"%ASA-3-776202","776202","CTS Env: PAC for Server IP_address, A-ID PAC_issuer_name has expired","%ASA-3-776202: CTS Env: PAC for Server IP_address, A-ID PAC_issuer_name has expired","A CTS PAC has expired.","Obtain a new PAC and import it.","3","Error","65","system","hardware"
+"%ASA-3-776203","776203","CTS Env: Unable to retrieve data from source_type: source, reason","%ASA-3-776203: CTS Env: Unable to retrieve data from source_type: source, reason","The ASA was unable to retrieve the CTS environment data and SGT name table for one of the following reasons: • PAC has expired •","If this message persists, contact the Cisco TAC for assistance.","3","Error","75","system","hardware"
+"%ASA-3-776204","776204","CTS Env: Data from source has expired, policies based on security-group names are enforced using old mappings","%ASA-3-776204: CTS Env: Data from source has expired, policies based on security-group names are enforced using old mappings","The CTS environment data and SGT name table have expired, which is likely to occur after unresolved environment data retrieval failures have occurred.","If this message persists, contact the Cisco TAC for assistance.","3","Error","75","system","hardware"
+"%ASA-6-776251","776251","CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name added to binding manager.","%ASA-6-776251: CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name added to binding manager.","Binding from the specified source was added to the binding manager. • binding IP —IPv4 or IPv6 binding address. • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT. • source name —Name of the contributing source.","None required.","6","Informational","5","system","hardware"
+"%ASA-5-776252","776252","CTS SGT-MAP: CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name deleted from binding manager.","%ASA-5-776252: CTS SGT-MAP: CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name deleted from binding manager.","Binding from the specified source was deleted from the binding manager. Binding from the specified source was added to the binding manager. • binding IP —IPv4 or IPv6 binding address. • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT. • source name —Name of the contributing source.","None required.","5","Notification","5","system","hardware"
+"%ASA-6-776253","776253","CTS SGT-MAP: Binding binding IP - new SGname (SGT ) from new source name changed from old sgt: old SGname (SGT ) from old source old source name .","%ASA-6-776253: CTS SGT-MAP: Binding binding IP - new SGname (SGT ) from new source name changed from old sgt: old SGname (SGT ) from old source old source name .","A particular IP to SGT binding has changed in the binding manager. • binding IP —IPv4 or IPv6 binding address. • new SGname (SGT )—New binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT. • new source name —Name of the new contributing source. • old SGname (SGT )—Old binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT. • old source name —Name of the old contributing source.","None required.","6","Informational","5","system","hardware"
+"%ASA-3-776254","776254","CTS SGT-MAP: Binding manager unable to action binding binding IP - SGname (SGT ) from source name.","%ASA-3-776254: CTS SGT-MAP: Binding manager unable to action binding binding IP - SGname (SGT ) from source name.","The binding manager cannot insert, delete, or update the binding • action— Binding manager operation. Either insert, delete or update. • binding IP —IPv4 or IPv6 binding address. • SGname (SGT )—Binding SGT information. Has the following format if SGname is available: SGname (SGT ) and the following format if SGname is unavailable: SGT. • source name —Name of the contributing source.","Contact the Cisco TAC for assistance.","3","Error","75","system","hardware"
+"%ASA-7-776301","776301","CTS Policy: Security-group tag sgt is mapped to security-group name ""sgname""","%ASA-7-776301: CTS Policy: Security-group tag sgt is mapped to security-group name ""sgname""","The security group tag referenced in the policy is known and the lookup in the security group table is successful. As a result, the tag name mapping is derived. • sgt —Security group tag referenced in the policy • sgname —Security group name mapping derived from the table","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776302","776302","CTS Policy: Unknown security-group tag sgt referenced in policies","%ASA-7-776302: CTS Policy: Unknown security-group tag sgt referenced in policies","The security group tag referenced in the policy was unknown and the lookup in the security group table failed. However, the policy referencing the tag can still be enforced. • sgt —Security group tag referenced in the policy","Check to see if the security group tag exists in the ISE. If the tag exists, it will become known after the next refresh. If the tag does not exist in the ISE, consider removing all associated policies on the ASA.","7","Debugging","15","system","hardware"
+"%ASA-6-776303","776303","CTS Policy: Security-group name ""sgname"" is resolved to security-group tag sgt","%ASA-6-776303: CTS Policy: Security-group name ""sgname"" is resolved to security-group tag sgt","The securitygroup name referenced in the policy was resolved and the lookup in the security group table was successful. As a result, the tag derived from the table is used for policy enforcement. • sgname —Security group name referenced in the policy • sgt —Security group tag mapping derived from the table","None required.","6","Informational","5","system","hardware"
+"%ASA-4-776304","776304","CTS Policy: Unresolved security-group name ""sgname"" referenced, policies based on this name will be inactive","%ASA-4-776304: CTS Policy: Unresolved security-group name ""sgname"" referenced, policies based on this name will be inactive","The securitygroup name referenced in the policy cannot be resolved to a tag and the lookup in the security group table failed. AS a result, the policy referencing the name is inactive, but remains in the configuration. • sgname —Security group name referenced in the policy","Check to see if the security group name exists in the ISE. If the name exists, the table can be refreshed so the name gets resolved and policies can be enforced. If the name does not exist in the ISE, consider removing all associated policies on the ASA.","4","Warning","55","system","hardware"
+"%ASA-4-776305","776305","CTS Policy: Security-group table cleared, all polices referencing security-group names will be deactivated","%ASA-4-776305: CTS Policy: Security-group table cleared, all polices referencing security-group names will be deactivated","The security group table downloaded from the ISE is cleared on the ASA and policies based on security group tags continue to be enforced. However, policies based on names become inactive, but remain in the configuration.","Refresh the security group table on the ASA so all policies based on security group names can be enforced.","4","Warning","45","system","hardware"
+"%ASA-7-776307","776307","CTS Policy: Security-group name for security-group tag sgt renamed from ""old_sgname"" to ""new_sgname""","%ASA-7-776307: CTS Policy: Security-group name for security-group tag sgt renamed from ""old_sgname"" to ""new_sgname""","In the newly downloaded security group table on the ASA, a change in the security group name for a security group tag was detected; however, there was no change in policy status. • sgt —Security group tag referenced in the policy • old_sgname —Old security group name","None required.","7","Debugging","5","system","hardware"
+"%ASA-7-776308","776308","CTS Policy: Previously unknown security-group tag sgt is now mapped to security-group name ""sgname""","%ASA-7-776308: CTS Policy: Previously unknown security-group tag sgt is now mapped to security-group name ""sgname""","In the newly downloaded security group table on the ASA, a previously unknown security group tag was found in the table; however, there was no change in policy status. • sgt —Security group tag referenced in the policy • sgname —Security group name derived from the new security group table","None required.","7","Debugging","5","system","hardware"
+"%ASA-5-776309","776309","CTS Policy: Previously known security-group tag sgt is now unknown","%ASA-5-776309: CTS Policy: Previously known security-group tag sgt is now unknown","In the newly downloaded security group table on the ASA, a previously known security group tag no longer exists. There is no change in policy status, and the policy can still be enforced. • sgt —Security group tag referenced in the policy","If the security group tag does not exist in the new table, the security group has been removed in the ISE. Consider removing all policies that reference the tag.","5","Notification","25","system","hardware"
+"%ASA-5-776310","776310","CTS Policy: Security-group name ""sgname"" remapped from security-group tag old_sgt to new_sgt","%ASA-5-776310: CTS Policy: Security-group name ""sgname"" remapped from security-group tag old_sgt to new_sgt","In the newly downloaded security group table on the ASA, a change in the security group tag for a security group name was detected. All policies referencing the name are updated to reflect the new tag, and policies are enforced based on the new tag. • sgname —Security group name referenced in the policy • old_sgt —Old security group tag • new_sgt —New security group tag","Because of the change in tag value, make sure that the configured policies are still accurate.","5","Notification","25","system","hardware"
+"%ASA-6-776311","776311","CTS Policy: Previously unresolved security-group name ""sgname"" is now resolved to security-group tag sgt","%ASA-6-776311: CTS Policy: Previously unresolved security-group name ""sgname"" is now resolved to security-group tag sgt","In the newly downloaded security group table on the ASA, a previously unresolved security group name was resolved to a tag, and the new tag can be used to enforce policies.","None required.","6","Informational","5","system","hardware"
+"%ASA-4-776312","776312","CTS Policy: Previously resolved security-group name ""sgname"" is now unresolved, policies based on this name will be deactivated","%ASA-4-776312: CTS Policy: Previously resolved security-group name ""sgname"" is now unresolved, policies based on this name will be deactivated","In the newly downloaded security group table on the ASA, a previously resolved security group name no longer exists. As a result, all policies based on this security group name become inactive, but remain in the configuration. • sgname —Security group name referenced in the policy","If the security group name does not exist in the new table, the security group has been removed in the ISE. Check the policy configuration on the ASA, consider removing policies referencing the name.","4","Warning","45","system","hardware"
+"%ASA-3-776313","776313","CTS Policy: Failure to update policies for security-group ""sgname""-&gt;sgt","%ASA-3-776313: CTS Policy: Failure to update policies for security-group ""sgname""-&gt;sgt","An error was encountered in updating the policies. Policy enforcement will continue based on old tag values and is no longer accurate. • sgname —Security group name that has a change in tag value • sgt —New security group tag value","To reflect the correct tag value, remove all policies referencing the security group name and reapply them. If the error persists, contact the Cisco TAC for assistance.","3","Error","75","system","hardware"
+"%ASA-6-778001","778001","VXLAN: Packet was discarded with invalid segment-id segment_id for protocol from ifc_name:ip_address/port to ip_address/port","%ASA-6-778001: VXLAN: Packet was discarded with invalid segment-id segment_id for protocol from ifc_name:ip_address/port to ip_address/port","The Secure Firewall ASA tries to create an inner connection for a VXLAN packet, but the VXLAN packet has an invalid segment ID.","None required.","6","Informational","5","network","general"
+"%ASA-6-778002","778002","VXLAN: There is no VNI interface for segment-id. Packet was discarded segment_id","%ASA-6-778002: VXLAN: There is no VNI interface for segment-id. Packet was discarded segment_id","A decapsulated ingress VXLAN packet is discarded, because the segment ID in the VXLAN header does not match the segment ID of any VNI interface configured on the Secure Firewall ASA.","None required.","6","Informational","5","network","general"
+"%ASA-6-778003","778003","VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.","%ASA-6-778003: VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.","The Secure Firewall ASA Fast Path sees a VXLAN packet with an invalid segment ID.","Check the VNI interface segment ID configurations to see if the dropped packet has the VXLAN segment ID that does not match any VNI segment ID configuration.","6","Informational","45","network","general"
+"%ASA-6-778004","778004","VXLAN: Invalid VXLAN header for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.","%ASA-6-778004: VXLAN: Invalid VXLAN header for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.","The Secure Firewall ASA VTEP sees a VXLAN packet with an invalid VXLAN header.","None required.","6","Informational","5","network","general"
+"%ASA-6-778005","778005","VXLAN: Packet with VXLAN segment-id segment-id from ifc-name is denied by FP L2 check.","%ASA-6-778005: VXLAN: Packet with VXLAN segment-id segment-id from ifc-name is denied by FP L2 check.","A VXLAN packet is denied by a Fast Path L2 check.","Check the VNI interface segment ID configurations to see if the dropped packet has the VXLAN segment ID that does not match any VNI segment ID configuration. Check to see if the STS table has an entry that matches the dropped packet’s segment ID.","6","Informational","35","network","general"
+"%ASA-6-778006","778006","VXLAN: Invalid VXLAN UDP checksum from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.","%ASA-6-778006: VXLAN: Invalid VXLAN UDP checksum from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.","The Secure Firewall ASA VTEP received a VXLAN packet with an invalid UDP checksum value.","None required.","6","Informational","5","network","general"
+"%ASA-6-778007","778007","VXLAN: Packet from ifc-name :IP-address/port to IP-address/port was discarded due to invalid NVE peer.","%ASA-6-778007: VXLAN: Packet from ifc-name :IP-address/port to IP-address/port was discarded due to invalid NVE peer.","The Secure Firewall ASA VTEP received a VXLAN packet from an IP address that is different from the configured NVE peer.","None required.","6","Informational","5","network","general"
+"%ASA-6-778008","778008","VXLAN: There is no VNI interface for segment-id. Packet was discarded","%ASA-6-778008: VXLAN: There is no VNI interface for segment-id. Packet was discarded","The packet was discarded.","None required.","6","Informational","5","network","general"
+"%ASA-6-779001","779001","STS: Out-tag lookup failed for in-tag segment-id of protocol from ifc-name :IP-address /port to IP-address /port .","%ASA-6-779001: STS: Out-tag lookup failed for in-tag segment-id of protocol from ifc-name :IP-address /port to IP-address /port .","The Secure Firewall ASA tries to create a connection for a VXLAN packet, but failed to use the STS lookup table to locate the out-tag for the in-tag (segment ID) in the VXLAN packet.","None required.","6","Informational","5","network","general"
+"%ASA-6-779002","779002","STS: STS and NAT locate different egress interface for segment-id segment-id, protocol from ifc-name:IP-address/port to IP-address/port. Packet was discarded","%ASA-6-779002: STS: STS and NAT locate different egress interface for segment-id segment-id, protocol from ifc-name:IP-address/port to IP-address/port. Packet was discarded","The Secure Firewall ASA tries to create a connection for a VXLAN packet, but the STS lookup table and NAT policy locate a different egress interface.","None required.","6","Informational","5","network","general"
+"%ASA-3-779003","779003","STS: Failed to read tag-switching table - reason","%ASA-3-779003: STS: Failed to read tag-switching table - reason","The Secure Firewall ASA tried to read the tag-switching table, but failed.","None required.","3","Error","5","network","general"
+"%ASA-3-779004","779004","STS: Failed to write tag-switching table - reason","%ASA-3-779004: STS: Failed to write tag-switching table - reason","The Secure Firewall ASA tried to write to the tag-switching table, but failed.","None required.","3","Error","5","network","general"
+"%ASA-3-779005","779005","STS: Failed to parse tag-switching request from http - reason","%ASA-3-779005: STS: Failed to parse tag-switching request from http - reason","The Secure Firewall ASA tried to parse the HTTP request to see what to do on the tag-switching table, but failed.","None required.","3","Error","5","network","general"
+"%ASA-3-779006","779006","STS: Failed to save tag-switching table to flash - reason","%ASA-3-779006: STS: Failed to save tag-switching table to flash - reason","The Secure Firewall ASA tried to save the tag-switching table to flash memory, but failed.","None required.","3","Error","5","network","general"
+"%ASA-3-779007","779007","STS: Failed to replicate tag-switching table to peer - reason","%ASA-3-779007: STS: Failed to replicate tag-switching table to peer - reason","The Secure Firewall ASA attempts to replicate the tag-switching table to the failover standby unit or clustering data units, but failed to do so.","None required.","3","Error","5","network","general"
+"%ASA-6-780001","780001","RULE ENGINE: Started compilation for access-group transaction - description of the transaction.","%ASA-6-780001: RULE ENGINE: Started compilation for access-group transaction - description of the transaction.","The rule engine has started compilation for an access group transaction. The description of the transaction is the command line input of the access group itself.","None required.","6","Informational","5","network","general"
+"%ASA-6-780002","780002","RULE ENGINE: Finished compilation for access-group transaction - description of the transaction.","%ASA-6-780002: RULE ENGINE: Finished compilation for access-group transaction - description of the transaction.","The rule engine has finished compilation for a transaction. Taking access group as an example, the description of the transaction is the command line input of the access group itself.","None required.","6","Informational","5","network","general"
+"%ASA-6-780003","780003","RULE ENGINE: Started compilation for nat transaction - description_of_the_transaction.","%ASA-6-780003: RULE ENGINE: Started compilation for nat transaction - description_of_the_transaction.","The rule engine has started compilation for a NAT transaction. The description of the transaction is the command line input of the nat command itself.","None required.","6","Informational","5","network","general"
+"%ASA-6-780004","780004","RULE ENGINE: Finished compilation for nat transaction - description_of_the_transaction.","%ASA-6-780004: RULE ENGINE: Finished compilation for nat transaction - description_of_the_transaction.","The rule engine has finished compilation for a NAT transaction. The description of the transaction is the command line input of the nat command itself.","None required.","6","Informational","5","network","general"
+"%ASA-6-780005","780005","RULE ENGINE: Started compilation for session transaction - description of the","%ASA-6-780005: RULE ENGINE: Started compilation for session transaction - description of the","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","network","general"
+"%ASA-6-780006","780006","RULE ENGINE: Finished compilation for session transaction - description of the","%ASA-6-780006: RULE ENGINE: Finished compilation for session transaction - description of the","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","6","Informational","15","network","general"
+"%ASA-7-785001","785001","Clustering: Ownership for existing flow from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port moved from unit old-owner-unit-id at site old-site-id to unit new-owner-unit-id at site old-site-id due to reason","%ASA-7-785001: Clustering: Ownership for existing flow from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port moved from unit old-owner-unit-id at site old-site-id to unit new-owner-unit-id at site old-site-id due to reason","This syslog is generated when clustering moved the flow from one unit in one site to another unit in another site in inter-DC environment. Reason must be whatever triggered the move, such as LISP notification.","Verify the flow status in the new unit at new site. Messages 861001 to 861013","7","Debugging","15","network","general"
+"%ASA-6-801001","801001","Dropping UDP from address/port to address/port on interface interface_name.","%ASA-6-801001: Dropping UDP from address/port to address/port on interface interface_name.","Dropping UDP.","None required.","6","Informational","35","network","general"
+"%ASA-6-801002","801002","Dropping TCP from address/port to address/port flags on interface interface_name","%ASA-6-801002: Dropping TCP from address/port to address/port flags on interface interface_name","Dropping TCP.","None required.","6","Informational","35","network","general"
+"%ASA-6-801003","801003","Dropping ICMP type=number, code=code from address to address on interface interface_name","%ASA-6-801003: Dropping ICMP type=number, code=code from address to address on interface interface_name","Dropping ICMP.","None required.","6","Informational","35","network","general"
+"%ASA-6-802005","802005","IP ip_address Received MDM request details","%ASA-6-802005: IP ip_address Received MDM request details","A new MDM request has been received while the MDM proxy service is active.","None required.","6","Informational","5","network","general"
+"%ASA-4-802006","802006","IP ip_address MDM request details has been rejected: details","%ASA-4-802006: IP ip_address MDM request details has been rejected: details","An MDM request has been rejected by the device.","None required.","4","Warning","5","network","general"
+"%ASA-6-803001","803001","bypass is continuing after power up, no protection will be provided by the system for traffic over GigabitEthernet 1/3-1/4","%ASA-6-803001: bypass is continuing after power up, no protection will be provided by the system for traffic over GigabitEthernet 1/3-1/4","Informational message to the user that the hardware bypass will be continued after bootup.","None required.","6","Informational","5","network","general"
+"%ASA-6-803002","803002","no protection will be provided by the system for traffic over GigabitEthernet 1/3-1/4","%ASA-6-803002: no protection will be provided by the system for traffic over GigabitEthernet 1/3-1/4","Informational message to the user that hardware bypass is manually enabled.","None required.","6","Informational","5","network","general"
+"%ASA-6-803003","803003","User disabled bypass manually on GigabitEthernet 1/3-1/4.","%ASA-6-803003: User disabled bypass manually on GigabitEthernet 1/3-1/4.","Informational message to the user that hardware bypass is manually disabled.","None required.","6","Informational","5","network","general"
+"%ASA-6-804001","804001","Interface GigabitEthernet1/3 1000BaseSX SFP has been inserted","%ASA-6-804001: Interface GigabitEthernet1/3 1000BaseSX SFP has been inserted","Informational message to the user about the online insertion of the supported SFP module.","None required.","6","Informational","5","network","general"
+"%ASA-6-804002","804002","Interface GigabitEthernet1/3 SFP has been removed","%ASA-6-804002: Interface GigabitEthernet1/3 SFP has been removed","Informational message to the user about removal of the supported SFP module.","None required.","6","Informational","5","network","general"
+"%ASA-6-805001","805001","Offloaded conn Flow for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)","%ASA-6-805001: Offloaded conn Flow for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)","Indicates flow is offloaded to the super-fast path.","None required.","6","Informational","5","network","general"
+"%ASA-6-805002","805002","conn Flow is no longer offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)","%ASA-6-805002: conn Flow is no longer offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)","Indicates flow offloading is disabled on a flow which was offloaded to the super-fast path.","None required.","6","Informational","5","network","general"
+"%ASA-6-805003","805003","TCP Flow could not be offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port) reason","%ASA-6-805003: TCP Flow could not be offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port) reason","Indicates flow could not be offloaded. For example, due to flow entry collision on the offload flow table.","None required.","6","Informational","5","network","general"
+"%ASA-6-806001","806001","Primary alarm CPU temperature is High temp","%ASA-6-806001: Primary alarm CPU temperature is High temp","The CPU has reached temperature over primary alarm temperature setting for high temperature and such alarm is enabled. • temperature – Current CPU temperature (in Celsius).","Contact Administrator who configured this alarm on following actions.","6","Informational","15","network","general"
+"%ASA-6-806002","806002","Primary alarm for CPU high temperature is cleared","%ASA-6-806002: Primary alarm for CPU high temperature is cleared","The CPU temperature goes down to under primary alarm temperature setting for high temperature.","None required.","6","Informational","5","network","general"
+"%ASA-6-806003","806003","Primary alarm CPU temperature is Low temp","%ASA-6-806003: Primary alarm CPU temperature is Low temp","The CPU has reached temperature under primary alarm temperature setting for low temperature and such alarm is enabled. • temperature – Current CPU temperature (in Celsius).","Contact Administrator who configured this alarm on following actions.","6","Informational","15","network","general"
+"%ASA-6-806004","806004","Primary alarm for CPU Low temperature is cleared","%ASA-6-806004: Primary alarm for CPU Low temperature is cleared","The CPU temperature goes up to over primary alarm temperature setting for low temperature.","None required.","6","Informational","5","network","general"
+"%ASA-6-806005","806005","Secondary alarm CPU temperature is High temp","%ASA-6-806005: Secondary alarm CPU temperature is High temp","The CPU has reached temperature over secondary alarm temperature setting for high temperature and such alarm is enabled. • temperature – Current CPU temperature (in Celsius).","Contact Administrator who configured this alarm on following actions.","6","Informational","15","network","general"
+"%ASA-6-806006","806006","Secondary alarm for CPU High temperature is cleared","%ASA-6-806006: Secondary alarm for CPU High temperature is cleared","The CPU temperature goes down to under secondary alarm temperature setting for high temperature.","None required.","6","Informational","5","network","general"
+"%ASA-6-806007","806007","Secondary alarm CPU temperature is Low temp","%ASA-6-806007: Secondary alarm CPU temperature is Low temp","The CPU has reached temperature under secondary alarm temperature setting for low temperature and such alarm is enabled. • temperature – Current CPU temperature (in Celsius).","Contact Administrator who configured this alarm on following actions.","6","Informational","15","network","general"
+"%ASA-6-806008","806008","Secondary alarm for CPU Low temperature is cleared","%ASA-6-806008: Secondary alarm for CPU Low temperature is cleared","The CPU temperature goes up to over secondary alarm temperature setting for low temperature.","None required.","6","Informational","5","network","general"
+"%ASA-6-806009","806009","Alarm asserted for ALARM_IN_1 description","%ASA-6-806009: Alarm asserted for ALARM_IN_1 description","Alarm input port 1 is triggered. • description – Alarm description configured by user for this alarm input port.","Contact Administrator who configured this alarm on following actions.","6","Informational","15","network","general"
+"%ASA-6-806010","806010","Alarm cleared for ALARM_IN_1 description","%ASA-6-806010: Alarm cleared for ALARM_IN_1 description","Alarm input port 1 is cleared. • description – Alarm description configured by user for this alarm input port.","None required.","6","Informational","5","network","general"
+"%ASA-6-806011","806011","Alarm asserted for ALARM_IN_2 description","%ASA-6-806011: Alarm asserted for ALARM_IN_2 description","Alarm input port 2 is triggered. • description – Alarm description configured by user for this alarm input port.","Contact Administrator who configured this alarm on following actions.","6","Informational","15","network","general"
+"%ASA-6-806012","806012","Alarm cleared for ALARM_IN_2 description","%ASA-6-806012: Alarm cleared for ALARM_IN_2 description","Alarm input port 2 is cleared. • description – Alarm description configured by user for this alarm input port.","None required.","6","Informational","5","network","general"
+"%ASA-4-812005","812005","Link-State-Propagation activated on inline-pair due to failure of interface interface-name bringing down pair interface interface-name","%ASA-4-812005: Link-State-Propagation activated on inline-pair due to failure of interface interface-name bringing down pair interface interface-name","This message is generated when the link state propagation is activated on the inline pair due to failure of an interface.","None.","4","Warning","55","network","general"
+"%ASA-4-812006","812006","Link-State-Propagation de-activated on inline-pair due to recovery of interface interface-name bringing up pair interface interface-name","%ASA-4-812006: Link-State-Propagation de-activated on inline-pair due to recovery of interface interface-name bringing up pair interface interface-name","This message is generated when the link state propagation is deactivated on the inline pair due to recovery of failed interface.","None.","4","Warning","55","network","general"
+"%ASA-6-812007","812007","Inline-set hardware-bypass mode configuration status","%ASA-6-812007: Inline-set hardware-bypass mode configuration status","This message is generated when the state (succeeded or failed) of hardware and software bypass modes for the IPS inline interfaces changes.","None.","6","Informational","25","network","general"
+"%ASA-2-815002","815002","Denied packet, hard limit, hard_limit_value, for object-group search exceeded for UDP from source:source_IP_address/port to destination:destination_IP_address/port","%ASA-2-815002: Denied packet, hard limit, hard_limit_value, for object-group search exceeded for UDP from source:source_IP_address/port to destination:destination_IP_address/port","When object-group-search threshold (by default threshold is 10K) is configured in ASA, and if any OGS search crosses 10k limit, packets are dropped and this message is generated.","None.","2","Critical","100","network","general"
+"%ASA-4-815003","815003","Object-Group-Search threshold exceeded current value threshold (10000) for packet UDP from source IP address/port to destination IP address/port","%ASA-4-815003: Object-Group-Search threshold exceeded current value threshold (10000) for packet UDP from source IP address/port to destination IP address/port","When object-group-search threshold is not configured in ASA, and if any OGS search crosses 10000 limit, packets are dropped and this message is generated.","None.","4","Warning","75","network","general"
+"%ASA-7-815004","815004","OGS: Packet protocol from source IP address/port to destination IP address/port matched number of source network objects source network objects and number of source network objects destination network objects total search entries total number of entries. Resultant key-set has number of entries entries","%ASA-7-815004: OGS: Packet protocol from source IP address/port to destination IP address/port matched number of source network objects source network objects and number of source network objects destination network objects total search entries total number of entries. Resultant key-set has number of entries entries","This message is generated to provide a detailed information on the object group search entries: • Source network object count • Destination network object count • Total search (product of source and destination count) • Resultant Key-set value (to be queried in the ACL Lookup)","None.","7","Debugging","5","network","general"
+"%ASA-3-840001","840001","Failed to create the backup for an IKEv2 session (Local:Local_IP:Local_port SPI:index, Remote:Remote_IP:Remote_port SPI:index)","%ASA-3-840001: Failed to create the backup for an IKEv2 session (Local:Local_IP:Local_port SPI:index, Remote:Remote_IP:Remote_port SPI:index)","In the high-availability setup of distributed site-to-site VPN, an attempt to create a backup session is made when a IKEv2 session is established or when the cluster membership changes. However, the attempt may fail for reasons such as capacity limit. Hence this message is generated on the unit of a session owner whenever it is notified of failing to create a backup.","None.","3","Error","75","network","general"
+"%ASA-3-850001","850001","SNORT ID (&lt;snort-instance-id&gt;/&lt;snort-process-id&gt;) Automatic-Application-Bypass due to delay of &lt;delay&gt;ms (threshold &lt;AAB-threshold&gt;ms) with &lt;connection-info&gt;","%ASA-3-850001: SNORT ID (&lt;snort-instance-id&gt;/&lt;snort-process-id&gt;) Automatic-Application-Bypass due to delay of &lt;delay&gt;ms (threshold &lt;AAB-threshold&gt;ms) with &lt;connection-info&gt;","The Automatic-Application-Bypass (AAB) event is triggered due to packet delay exceeding the AAB threshold.","Collect troubleshoot archive, snort core files and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-850002","850002","SNORT ID (snort-instance-id/snort-process-id) Automatic-Application-Bypass due to SNORT not responding to traffic for timeout-delayms (threshold AAB-thresholdms)","%ASA-3-850002: SNORT ID (snort-instance-id/snort-process-id) Automatic-Application-Bypass due to SNORT not responding to traffic for timeout-delayms (threshold AAB-thresholdms)","The Automatic-Application-Bypass (AAB) event is triggered due to SNORT not responding to traffics for a period exceeding the AAB threshold.","Collect troubleshoot archive, snort core files and contact Cisco TAC.","3","Error","65","network","general"
+"%ASA-3-861001","861001","AVC: Creating AVC app directory directory_name failed; reason_string.","%ASA-3-861001: AVC: Creating AVC app directory directory_name failed; reason_string.","The system could not create a directory for the AVC data.","Contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-861002","861002","AVC: Downloading file from link link to directory directory_name succeeded.","%ASA-3-861002: AVC: Downloading file from link link to directory directory_name succeeded.","The VDB download succeeded.","No action required.","3","Error","5","network","general"
+"%ASA-3-861003","861003","AVC: Downloading file from link link to directory directory_name failed; reason_string.","%ASA-3-861003: AVC: Downloading file from link link to directory directory_name failed; reason_string.","The VDB download failed because there was no route to the server.","Check your DNS configuration and routing table to ensure names can be resolved and a route exists.","3","Error","75","network","general"
+"%ASA-3-861004","861004","AVC: Getting VDB version from file file failed; reason_string.","%ASA-3-861004: AVC: Getting VDB version from file file failed; reason_string.","The system downloads a version file to determine if there is a new VDB available for download. This file could not be found on the download server. The version file is likely corrupted and cannot extract the version number from the file.","Contact Cisco TAC.","3","Error","95","network","general"
+"%ASA-3-861005","861005","AVC: Getting VDB file path from file file failed; reason_string.","%ASA-3-861005: AVC: Getting VDB file path from file file failed; reason_string.","The system could not find the path to the VDB for download.","Contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-3-861006","861006","AVC: Getting VDB file name from file file failed; reason_string.","%ASA-3-861006: AVC: Getting VDB file name from file file failed; reason_string.","The system could not find the VDB file name.","Contact Cisco TAC.","3","Error","75","network","general"
+"%ASA-6-861007","861007","AVC: Loading network service (app) definition file (file) failed; reason_string.","%ASA-6-861007: AVC: Loading network service (app) definition file (file) failed; reason_string.","The system could not create network-service objects for the applications.","Try downloading the VDB again. If the problem persists, contact Cisco TAC.","6","Informational","15","network","general"
+"%ASA-3-861008","861008","AVC Loading network service (app) definition file (file) success.","%ASA-3-861008: AVC Loading network service (app) definition file (file) success.","The system successfully created network-service objects for the applications.","No action required.","3","Error","5","network","general"
+"%ASA-6-861009","861009","AVC: Loading app category definition file file failed; reason_string.","%ASA-6-861009: AVC: Loading app category definition file file failed; reason_string.","The system could not open the application category definition file.","Try downloading the VDB again. If the problem persists, contact Cisco TAC.","6","Informational","25","network","general"
+"%ASA-3-861010","861010","AVC: Loading app category definition file warning; reason_string.","%ASA-3-861010: AVC: Loading app category definition file warning; reason_string.","The system could not find any application for the named category. If you are using this category in a policy, re-evaluate your rules and perhaps delete them, as they will not apply to any connections that use the application ID that is specified in the application category. The application likely has been obsoleted.","No action required.","3","Error","5","network","general"
+"%ASA-4-861011","861011","AVC: Loading app category definition file file success.","%ASA-4-861011: AVC: Loading app category definition file file success.","The system successfully loaded the application category definition file.","No action required.","4","Warning","5","network","general"
+"%ASA-6-861012","861012","AVC: Installing visibility NSG failed; error_string.","%ASA-6-861012: AVC: Installing visibility NSG failed; error_string.","The system could not create the application visibility network-service object group named _avc_visibility_nsg_, or there are errors adding member applications to the visibility NSG. The ‘error_string’ shows more detail about the error.","No action required.","6","Informational","5","network","general"
+"%ASA-3-861013","861013","AVC: Installing visibility NSG success.","%ASA-3-861013: AVC: Installing visibility NSG success.","The system successfully created network-service object groups for the application categories.","No action required. Messages 801001 to 880002 and 8300001 to 8300006 This section includes messages from 801001 to 880002 and 8300001 to 8300006.","3","Error","5","network","general"
+"%ASA-4-870001","870001","policy-route path-monitoring, remote peer interface_name:IP_Address reachable_status","%ASA-4-870001: policy-route path-monitoring, remote peer interface_name:IP_Address reachable_status","This message appears to display whether the interface on the policy based route identified through path monitoring is reacheable or not: • reacheable_status—reacheable or unreacheable","None required.","4","Warning","5","network","general"
+"%ASA-6-880001","880001","Ingress ifc Ingress_interface, For traffic [source_ipaddress-&gt;destination_ipaddress], PBR picked outside_interface_1 as its metric-type metrics became better than outside_interface_2","%ASA-6-880001: Ingress ifc Ingress_interface, For traffic [source_ipaddress-&gt;destination_ipaddress], PBR picked outside_interface_1 as its metric-type metrics became better than outside_interface_2","This message is generated whenever the interface chosen is different from previous while forwarding the traffic. Where, metric-types are jitter, cost, mos, packet loss, rtt.","None.","6","Informational","15","network","general"
+"%ASA-4-880002","880002","Internal-Data no-buffer counter stats: 57423,51396,6027, 1126,0,1126","%ASA-4-880002: Internal-Data no-buffer counter stats: 57423,51396,6027, 1126,0,1126","The firewall monitors the Internal-Data 'no buffer' counters every one minute. This message is generated whenever there is an increase in the 'no buffer' counters. Following are the counter stats details:","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","4","Warning","45","network","general"
+"%ASA-1-1199012","1199012","Stack smash during new_stack_call in process/fiber process/fiber, call target f, stack","%ASA-1-1199012: Stack smash during new_stack_call in process/fiber process/fiber, call target f, stack","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for full explanation.","See Cisco Secure Firewall ASA Series Syslog Messages guide (asa-syslog.pdf) for recommended action.","1","Alert","75","network","general"
+"%ASA-6-8300001","8300001","VPN session redistribution &lt;variable 1&gt;","%ASA-6-8300001: VPN session redistribution &lt;variable 1&gt;","These events notify the administrator that the operation related to ‘cluster redistribute vpn-sessiondb’ has started or completed. Where, • <variable 1>—Action: started or completed","None.","6","Informational","15","network","general"
+"%ASA-6-8300002","8300002","Moved &lt;variable 1&gt; sessions to &lt;variable 2&gt;","%ASA-6-8300002: Moved &lt;variable 1&gt; sessions to &lt;variable 2&gt;","Provides details on how many active sessions were moved to another member of the cluster. • <variable 1>— number of active sessions moved (this can be less than the number requested) • <variable 2>—name of the cluster member the sessions where moved to","None.","6","Informational","15","network","general"
+"%ASA-3-8300003","8300003","Failed to send session redistribution message to &lt;variable 1&gt;","%ASA-3-8300003: Failed to send session redistribution message to &lt;variable 1&gt;","There was an error sending a request to another cluster member. This could be due to an internal error or the cluster member the message was destined for is not available. • <variable 1>— name of the cluster member the message was destined for","If this message is persistent contact customer support.","3","Error","75","network","general"
+"%ASA-6-8300004","8300004","&lt;variable 1&gt; request to move &lt;variable 2&gt; sessions from &lt;variable 3&gt; to &lt;variable 4&gt;","%ASA-6-8300004: &lt;variable 1&gt; request to move &lt;variable 2&gt; sessions from &lt;variable 3&gt; to &lt;variable 4&gt;","This event is displayed when a member receives a request from the director to move a specific number of active sessions to another member in the group. • <variable 1>—Action: Received, Sent • <variable 2>—number of active sessions to move • <variable 3>—name of member receiving the move session request • <variable 4>—name of the member to receive the active sessions","None.","6","Informational","15","network","general"
+"%ASA-3-8300005","8300005","Failed to receive session move response from &lt;variable 1&gt;","%ASA-3-8300005: Failed to receive session move response from &lt;variable 1&gt;","The director has requested a member to move active sessions to another member. If the director has not received a response to this request within a defined period, it will display this event and terminate the redistribution process. • <variable 1>—name of member which failed to send a move response within timeout period","Re-issue the ‘’cluster redistribute vpn-sessiondb” and if the problem persists, contact support.","3","Error","75","network","general"
+"%ASA-5-8300006","8300006","Cluster topology change detected. VPN session redistribution aborted.","%ASA-5-8300006: Cluster topology change detected. VPN session redistribution aborted.","The VPN session redistribution move calculations are based on the active members at the time the process is started. If a member joins or leaves during this process, the director will terminate the session redistribution.","Retry the operation when all of the members have joined or left the group.","5","Notification","25","network","general"
\ No newline at end of file
diff --git a/cisco_asa/resource/cisco_asa_syslog_messages.meta b/cisco_asa/resource/cisco_asa_syslog_messages.meta
new file mode 100644
index 00000000..f0d4fe2d
--- /dev/null
+++ b/cisco_asa/resource/cisco_asa_syslog_messages.meta
@@ -0,0 +1,12 @@
+{
+	"VersionNumber": 1,
+	"ResourceName": "cisco_asa_syslog_messages",
+	"Description": "This is intended to be used as a lookup file providing additional information regarding all Cisco Adaptive Security Appliance (ASA) SysLog Messages. It is used within the Cisco ASA Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.\n\nfields:\ncisco_id,msg_id,description,error_msg,explanation,recommended_action,sev_id,severity,risk_score\n  - cisco_id: this is the full Cisco Syslog Message ID (e.g. %ASA-1-101001) which breaks out into %{Cisco Firewall Appliance}-{Cisco Assigned Severity}-{Cisco Message ID}\n  - msg_id: this is the Cisco Syslog Message ID which is part of the full Cisco Syslog Message ID\n  - description: this is the short description of the Cisco Syslog message often seen on the Cisco firewall appliance itself\n  - error_msg: this is the full Cisco Message compromised of {cisco_id}: {description}\n  - explanation: this is a more detailed explanation of the Cisco Syslog Message\n  - recommended_action: this is the Cisco Recommended Action provided within their documentation\n  - sev_id: this the Cisco assigned severity (id) provided within their documentation\n  - severity: this the Cisco assigned severity (name) provided within their documentation \n  - risk_score: this is a Gravwell assigned value for dashboards, queries, and alerting purposes\n\nReference(s):\n  - Cisco \n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html\n    - https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs-sev-level.html\n\nUsage: lookup -r cisco_asa_syslog_messages \u003cmatch the EV containing the cisco_id\u003e cisco_id (cisco_id msg_id description error_msg explanation recommended_action sev_id severity risk_score)",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	],
+	"Size": 1321330,
+	"Hash": "eEJczTpnnQ08e6qW79ILGg==",
+	"Data": ""
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.meta b/cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.meta
new file mode 100644
index 00000000..4fe52d3f
--- /dev/null
+++ b/cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Severity [chart]",
+	"Description": "Displays a chart of event types (error message) by Severity. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "04605cfd-f1e7-427f-a41e-f1d38f889720",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.query b/cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.query
new file mode 100644
index 00000000..d4600098
--- /dev/null
+++ b/cisco_asa/searchlibrary/04605cfd-f1e7-427f-a41e-f1d38f889720.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (severity)
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.meta b/cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.meta
new file mode 100644
index 00000000..601ab89e
--- /dev/null
+++ b/cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [chart]",
+	"Description": "Displays a chart of event types (error message) by Subcategory. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "094bf60b-7382-4e43-9867-8de7ac4c3444",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.query b/cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.query
new file mode 100644
index 00000000..727c10bc
--- /dev/null
+++ b/cisco_asa/searchlibrary/094bf60b-7382-4e43-9867-8de7ac4c3444.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (subcategory)
+| stats count by subcategory
+| alias count " "
+| chart " " by subcategory
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.meta b/cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.meta
new file mode 100644
index 00000000..b52b3a07
--- /dev/null
+++ b/cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Subcategory [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Subcategory. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "0d1d3288-09a7-47a0-adde-f01f4dc0134f",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.query b/cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.query
new file mode 100644
index 00000000..ca4ad62c
--- /dev/null
+++ b/cisco_asa/searchlibrary/0d1d3288-09a7-47a0-adde-f01f4dc0134f.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (subcategory)
+| stats count by subcategory
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.meta b/cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.meta
new file mode 100644
index 00000000..01984631
--- /dev/null
+++ b/cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Tag [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Tag. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "2671528e-99d4-4d09-b497-cb75926c5d0b",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.query b/cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.query
new file mode 100644
index 00000000..3cff221c
--- /dev/null
+++ b/cisco_asa/searchlibrary/2671528e-99d4-4d09-b497-cb75926c5d0b.query
@@ -0,0 +1,4 @@
+tag=$CISCO_ASA 
+| stats count by TAG
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.meta b/cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.meta
new file mode 100644
index 00000000..ac343d9c
--- /dev/null
+++ b/cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Category \u0026 Subcategory [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Category \u0026 Subcategory. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "5dbb1e3b-6a8e-44a6-9be3-134b4704f094",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.query b/cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.query
new file mode 100644
index 00000000..5594e32f
--- /dev/null
+++ b/cisco_asa/searchlibrary/5dbb1e3b-6a8e-44a6-9be3-134b4704f094.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (category subcategory)
+| stats count by category subcategory
+| alias count " "
+| numbercard " " 
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.meta b/cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.meta
new file mode 100644
index 00000000..0c7b9fef
--- /dev/null
+++ b/cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Category [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Category. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "6d3deabc-1f6b-4478-affe-274a6e5783ad",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.query b/cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.query
new file mode 100644
index 00000000..bca8a1e2
--- /dev/null
+++ b/cisco_asa/searchlibrary/6d3deabc-1f6b-4478-affe-274a6e5783ad.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (category)
+| stats count by category
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.meta b/cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.meta
new file mode 100644
index 00000000..bf060768
--- /dev/null
+++ b/cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Tag [chart]",
+	"Description": "Displays a chart of event types (error message) by Tag. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "6d7375c4-15e1-4578-bde8-fec4912fae1d",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.query b/cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.query
new file mode 100644
index 00000000..51032d36
--- /dev/null
+++ b/cisco_asa/searchlibrary/6d7375c4-15e1-4578-bde8-fec4912fae1d.query
@@ -0,0 +1,4 @@
+tag=$CISCO_ASA 
+| stats count by TAG
+| alias count " "
+| chart " " by TAG
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.meta b/cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.meta
new file mode 100644
index 00000000..b3587d33
--- /dev/null
+++ b/cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Severity. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "835fbc22-f2db-4b63-9acf-9d9013b59f3e",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.query b/cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.query
new file mode 100644
index 00000000..2b34caf6
--- /dev/null
+++ b/cisco_asa/searchlibrary/835fbc22-f2db-4b63-9acf-9d9013b59f3e.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (severity)
+| stats count by severity
+| alias count " "
+$CISCO_ASA_SEVERITY_ORDER
+| numbercard " " 
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.meta b/cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.meta
new file mode 100644
index 00000000..7e5acd7a
--- /dev/null
+++ b/cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Category [chart]",
+	"Description": "Displays a chart of event types (error message) by Category. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.query b/cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.query
new file mode 100644
index 00000000..8120445b
--- /dev/null
+++ b/cisco_asa/searchlibrary/abe3dffb-ef2a-43d8-8fcf-25585bbe2c2f.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (category)
+| stats count by category
+| alias count " "
+| chart " " by category
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.meta b/cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.meta
new file mode 100644
index 00000000..6e0db580
--- /dev/null
+++ b/cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Category \u0026 Subcategory [chart]",
+	"Description": "Displays a chart of event types (error message) by Category \u0026 Subcategory. \n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "ac7861cf-7a72-4efd-ac26-2e08a833ebf5",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.query b/cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.query
new file mode 100644
index 00000000..1dcb186c
--- /dev/null
+++ b/cisco_asa/searchlibrary/ac7861cf-7a72-4efd-ac26-2e08a833ebf5.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (category subcategory)
+| stats count by category subcategory
+| alias count " "
+| chart " " by category subcategory
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.meta b/cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.meta
new file mode 100644
index 00000000..380a527b
--- /dev/null
+++ b/cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Category, Subcategory \u0026 Severity.\n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "bd053ad9-2882-465a-a265-cbe41a1c55d6",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.query b/cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.query
new file mode 100644
index 00000000..5986f01d
--- /dev/null
+++ b/cisco_asa/searchlibrary/bd053ad9-2882-465a-a265-cbe41a1c55d6.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (category subcategory severity)
+| stats count by category subcategory severity
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.meta b/cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.meta
new file mode 100644
index 00000000..146b0193
--- /dev/null
+++ b/cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - ASA - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [chart]",
+	"Description": "Displays a chart of event types (error message) by Category, Subcategory \u0026 Severity.\n\nReference(s):\n- Cisco Adaptive Security Appliance (ASA)\n    - [Cisco Secure Firewall ASA Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/about.html)\n    - [Cisco ASA Syslog Messages 101001 to 199027](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-101001-to-199021.html)\n    - [Cisco ASA Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-201002-to-219002.html)\n    - [Cisco ASA Syslog Messages 302003 to 342008](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-302003-to-342008.html)\n    - [Cisco ASA Syslog Messages 400000 to 450002](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-400000-to-450001.html)\n    - [Cisco ASA Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-500000-to-520025.html)\n    - [Cisco ASA Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-602101-to-622102.html)\n    - [Cisco ASA Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-701001-to-714011.html)\n    - [Cisco ASA Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-715001-to-721019.html)\n    - [Cisco ASA Syslog Messages 722001 to 776020](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-722001-to-776020.html)\n    - [Cisco ASA Syslog Messages 776201 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/syslog-messages-776201-to-8300006.html)",
+	"GUID": "bdcc39a0-ec42-4086-af44-072fd2de8a5c",
+	"Labels": [
+		"cisco asa",
+		"cisco"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.query b/cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.query
new file mode 100644
index 00000000..53d73d1b
--- /dev/null
+++ b/cisco_asa/searchlibrary/bdcc39a0-ec42-4086-af44-072fd2de8a5c.query
@@ -0,0 +1,5 @@
+tag=$CISCO_ASA ax 
+| lookup -r cisco_asa_syslog_messages msgid msg_id (category subcategory severity)
+| stats count by category subcategory severity
+| alias count " "
+| chart " " by category subcategory severity
\ No newline at end of file
diff --git a/cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.meta b/cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.meta
new file mode 100644
index 00000000..ae6abd3a
--- /dev/null
+++ b/cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb",
+	"Name": "Template - Cisco - ASA - Firewall - Threat - Events by User and/or IP [table]",
+	"Description": "Displays a table of Threat events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.query b/cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.query
new file mode 100644
index 00000000..486ec3f8
--- /dev/null
+++ b/cisco_asa/template/07acb5cf-8fdf-4d91-b0f6-f97ac0bb9ddb.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA_THREAT ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.meta b/cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.meta
new file mode 100644
index 00000000..ef99404b
--- /dev/null
+++ b/cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "10ba1a95-b8b0-48b5-b6da-0c4d239b6723",
+	"Name": "Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Threat events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.query b/cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.query
new file mode 100644
index 00000000..43b337ce
--- /dev/null
+++ b/cisco_asa/template/10ba1a95-b8b0-48b5-b6da-0c4d239b6723.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_THREAT ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.meta b/cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.meta
new file mode 100644
index 00000000..2e84535b
--- /dev/null
+++ b/cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "1ed766ff-be55-4260-a78d-455a153dd2c2",
+	"Name": "Template - Cisco - ASA - Firewall - Combined - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.query b/cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.query
new file mode 100644
index 00000000..1cf49d1c
--- /dev/null
+++ b/cisco_asa/template/1ed766ff-be55-4260-a78d-455a153dd2c2.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.meta b/cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.meta
new file mode 100644
index 00000000..c7705259
--- /dev/null
+++ b/cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "25d1c7eb-1374-489c-8921-aaae39080640",
+	"Name": "Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Authentication events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.query b/cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.query
new file mode 100644
index 00000000..b4362bfe
--- /dev/null
+++ b/cisco_asa/template/25d1c7eb-1374-489c-8921-aaae39080640.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_AUTH ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.meta b/cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.meta
new file mode 100644
index 00000000..f0ba6795
--- /dev/null
+++ b/cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "27eaeef9-b4e5-447d-9507-ef4c956e8628",
+	"Name": "Template - Cisco - ASA - Firewall - Authentication - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Authentication events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.query b/cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.query
new file mode 100644
index 00000000..74e6bb3a
--- /dev/null
+++ b/cisco_asa/template/27eaeef9-b4e5-447d-9507-ef4c956e8628.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_AUTH ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.meta b/cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.meta
new file mode 100644
index 00000000..2e15ef62
--- /dev/null
+++ b/cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "3b5ef009-c2dc-4e3f-997f-4926ec43d5bb",
+	"Name": "Template - Cisco - ASA - Firewall - Combined - Event Count by Severity [chart]",
+	"Description": "Displays a chart of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.query b/cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.query
new file mode 100644
index 00000000..e26dbf77
--- /dev/null
+++ b/cisco_asa/template/3b5ef009-c2dc-4e3f-997f-4926ec43d5bb.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.meta b/cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.meta
new file mode 100644
index 00000000..f83b2b8c
--- /dev/null
+++ b/cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "40c8245f-831a-4b79-89bf-8bde22cc6a14",
+	"Name": "Template - Cisco - ASA - Firewall - System - Event Count by Severity [chart]",
+	"Description": "Displays a chart of System events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.query b/cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.query
new file mode 100644
index 00000000..75c7be82
--- /dev/null
+++ b/cisco_asa/template/40c8245f-831a-4b79-89bf-8bde22cc6a14.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_SYSTEM ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.meta b/cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.meta
new file mode 100644
index 00000000..1e936996
--- /dev/null
+++ b/cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "47d8c36b-fbfe-42d7-869d-29899bb65dca",
+	"Name": "Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [chart]",
+	"Description": "Displays a chart of VPN events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.query b/cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.query
new file mode 100644
index 00000000..ea200847
--- /dev/null
+++ b/cisco_asa/template/47d8c36b-fbfe-42d7-869d-29899bb65dca.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_VPN ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.meta b/cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.meta
new file mode 100644
index 00000000..b91c8248
--- /dev/null
+++ b/cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "581bde9b-2fed-4c15-9399-b88e5e9d9906",
+	"Name": "Template - Cisco - ASA - Firewall - Authentication - Events by User and/or IP [table]",
+	"Description": "Displays a table of Authentication events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.query b/cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.query
new file mode 100644
index 00000000..79c735b0
--- /dev/null
+++ b/cisco_asa/template/581bde9b-2fed-4c15-9399-b88e5e9d9906.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA_AUTH ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.meta b/cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.meta
new file mode 100644
index 00000000..6dc50afc
--- /dev/null
+++ b/cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "611dffdb-4690-44e2-b879-02c10a7f0491",
+	"Name": "Template - Cisco - ASA - Firewall - System - Events by User and/or IP [table]",
+	"Description": "Displays a table of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.query b/cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.query
new file mode 100644
index 00000000..10a65242
--- /dev/null
+++ b/cisco_asa/template/611dffdb-4690-44e2-b879-02c10a7f0491.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA_SYSTEM ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.meta b/cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.meta
new file mode 100644
index 00000000..d06f39e3
--- /dev/null
+++ b/cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "6355fe94-d78b-4907-953f-90f326bf2068",
+	"Name": "Template - Cisco - ASA - Firewall - Combined - Events by User and/or IP [table]",
+	"Description": "Displays a table of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.query b/cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.query
new file mode 100644
index 00000000..f297f489
--- /dev/null
+++ b/cisco_asa/template/6355fe94-d78b-4907-953f-90f326bf2068.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.meta b/cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.meta
new file mode 100644
index 00000000..cb47c435
--- /dev/null
+++ b/cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "6b59baee-fe04-485b-ac08-409e3019676f",
+	"Name": "Template - Cisco - ASA - Firewall - Events - Events by User and/or IP [table]",
+	"Description": "Displays a table of events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.query b/cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.query
new file mode 100644
index 00000000..1618c071
--- /dev/null
+++ b/cisco_asa/template/6b59baee-fe04-485b-ac08-409e3019676f.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA_EVENTS ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.meta b/cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.meta
new file mode 100644
index 00000000..0acc72a9
--- /dev/null
+++ b/cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "6cb9a8c5-1105-4ffd-86ce-a187a5e627e0",
+	"Name": "Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Traffic events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.query b/cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.query
new file mode 100644
index 00000000..fa1033dc
--- /dev/null
+++ b/cisco_asa/template/6cb9a8c5-1105-4ffd-86ce-a187a5e627e0.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_TRAFFIC ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.meta b/cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.meta
new file mode 100644
index 00000000..a9ecee56
--- /dev/null
+++ b/cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "7036eb99-c22a-47c4-80a7-98305bf2a2bc",
+	"Name": "Template - Cisco - ASA - Firewall - Config - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Config events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.query b/cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.query
new file mode 100644
index 00000000..5c8479bf
--- /dev/null
+++ b/cisco_asa/template/7036eb99-c22a-47c4-80a7-98305bf2a2bc.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_CONFIG ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.meta b/cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.meta
new file mode 100644
index 00000000..bf020714
--- /dev/null
+++ b/cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "9661c35b-5fcd-4680-a978-3ef27a4773ba",
+	"Name": "Template - Cisco - ASA - Firewall - Traffic - Events by User and/or IP [table]",
+	"Description": "Displays a table of Traffic events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.query b/cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.query
new file mode 100644
index 00000000..d69ca197
--- /dev/null
+++ b/cisco_asa/template/9661c35b-5fcd-4680-a978-3ef27a4773ba.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA_TRAFFIC ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.meta b/cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.meta
new file mode 100644
index 00000000..971dc26f
--- /dev/null
+++ b/cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "9dfd4836-c89d-4a07-87fc-252c4de215b9",
+	"Name": "Template - Cisco - ASA - Firewall - VPN - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of VPN events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.query b/cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.query
new file mode 100644
index 00000000..2ee0df56
--- /dev/null
+++ b/cisco_asa/template/9dfd4836-c89d-4a07-87fc-252c4de215b9.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_VPN ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.meta b/cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.meta
new file mode 100644
index 00000000..96d4e547
--- /dev/null
+++ b/cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f",
+	"Name": "Template - Cisco - ASA - Firewall - VPN - Events by User and/or IP [table]",
+	"Description": "Displays a table of VPN events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.query b/cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.query
new file mode 100644
index 00000000..ae60c725
--- /dev/null
+++ b/cisco_asa/template/a9a633dc-7c08-45a1-a3ce-2836dbcdbf2f.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA_VPN ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.meta b/cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.meta
new file mode 100644
index 00000000..04ad007a
--- /dev/null
+++ b/cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "afee5a3c-b9a1-4401-91d1-6606578ac7eb",
+	"Name": "Template - Cisco - ASA - Firewall - Config - Events by User and/or IP [table]",
+	"Description": "Displays a table of Config events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.query b/cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.query
new file mode 100644
index 00000000..5068c50b
--- /dev/null
+++ b/cisco_asa/template/afee5a3c-b9a1-4401-91d1-6606578ac7eb.query
@@ -0,0 +1,9 @@
+tag=$CISCO_ASA_CONFIG ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_ASA_SEVERITY
+| lookup -r cisco_asa_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.meta b/cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.meta
new file mode 100644
index 00000000..3b91eba0
--- /dev/null
+++ b/cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb",
+	"Name": "Template - Cisco - ASA - Firewall - Traffic - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Traffic events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.query b/cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.query
new file mode 100644
index 00000000..07663ef9
--- /dev/null
+++ b/cisco_asa/template/bd9fb0ba-2e0d-4ba5-8a3e-e81f89bb5ccb.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_TRAFFIC ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.meta b/cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.meta
new file mode 100644
index 00000000..213b1f00
--- /dev/null
+++ b/cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "c4f13f36-82d9-4979-9674-62c47c4afcbf",
+	"Name": "Template - Cisco - ASA - Firewall - Config - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Config events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.query b/cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.query
new file mode 100644
index 00000000..c1236fc5
--- /dev/null
+++ b/cisco_asa/template/c4f13f36-82d9-4979-9674-62c47c4afcbf.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_EVENTS ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.meta b/cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.meta
new file mode 100644
index 00000000..6e64b453
--- /dev/null
+++ b/cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "d5b4a66b-24da-4db0-bc86-bdf5813e6a7f",
+	"Name": "Template - Cisco - ASA - Firewall - Threat - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Threat events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.query b/cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.query
new file mode 100644
index 00000000..a0cf29f9
--- /dev/null
+++ b/cisco_asa/template/d5b4a66b-24da-4db0-bc86-bdf5813e6a7f.query
@@ -0,0 +1,7 @@
+tag=$CISCO_ASA_THREAT ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.meta b/cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.meta
new file mode 100644
index 00000000..d54b5a61
--- /dev/null
+++ b/cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "d9ca6be9-e6b2-47bd-b848-5e7688279504",
+	"Name": "Template - Cisco - ASA - Firewall - Events - Event Count by Severity [chart]",
+	"Description": "Displays a chart of events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.query b/cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.query
new file mode 100644
index 00000000..c1236fc5
--- /dev/null
+++ b/cisco_asa/template/d9ca6be9-e6b2-47bd-b848-5e7688279504.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_EVENTS ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.meta b/cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.meta
new file mode 100644
index 00000000..126339fe
--- /dev/null
+++ b/cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "f430c1df-81bc-445c-b61a-1ef49fb083ec",
+	"Name": "Template - Cisco - ASA - Firewall - System - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of System events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.query b/cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.query
new file mode 100644
index 00000000..a660d46b
--- /dev/null
+++ b/cisco_asa/template/f430c1df-81bc-445c-b61a-1ef49fb083ec.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_SYSTEM ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.meta b/cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.meta
new file mode 100644
index 00000000..6a624c7e
--- /dev/null
+++ b/cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "fd7b6b7a-299d-453a-8920-07a1eea1b263",
+	"Name": "Template - Cisco - ASA - Firewall - Events - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "\u0026\u0026"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.query b/cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.query
new file mode 100644
index 00000000..a641d32e
--- /dev/null
+++ b/cisco_asa/template/fd7b6b7a-299d-453a-8920-07a1eea1b263.query
@@ -0,0 +1,6 @@
+tag=$CISCO_ASA_EVENTS ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_ASA_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_ftd/BUILD b/cisco_ftd/BUILD
new file mode 100644
index 00000000..97f66315
--- /dev/null
+++ b/cisco_ftd/BUILD
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+#
+#
+# To build the kit you will need the Gravwell kitctl command
+# If you have a functioning Go build environment execute the following command:
+#	go install github.com/gravwell/gravwell/v3/kitctl
+#
+#
+# Then "pack" the kit into a kit file by executing the "pack" kitctl command
+#
+#
+# You can also just execute this file using bash
+#
+#
+OUT = "cisco_ftd.kit"
+
+cmd=$(which kitctl)
+if [ "$?" != "0" ]; then
+	echo "Missing the kitctl command"
+	exit -1
+fi
+
+
+set -e
+$cmd pack $OUT
\ No newline at end of file
diff --git a/cisco_ftd/MANIFEST b/cisco_ftd/MANIFEST
new file mode 100644
index 00000000..1fdf1f29
--- /dev/null
+++ b/cisco_ftd/MANIFEST
@@ -0,0 +1,588 @@
+{
+	"ID": "io.gravwell.cisco_ftd",
+	"Name": "Cisco FTD",
+	"Desc": "A toolkit for interacting with Cisco FTD data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, and dashboards to help streamline Cisco analysis and monitoring across Authentication, Config, Connection, Events (catch-all), File, Intrusion, Malware, System, Threat, Traffic, and VPN log sources.",
+	"Readme": "***\n\nA toolkit for interacting with Cisco FTD data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, dashboards, alerts, scheduled searches, and flows to help streamline Cisco FTD analysis across Authentication, Config, Events (catch-all), System, Threat, Traffic, and VPN log sources.\n\n***\n\n## Table of Contents  \n0. [Data Ingestion](#0-data-ingestion)  \n    0.1. [Simple Relay Ingester](#0-1-simple-relay-ingester)  \n    0.2. [Install \u0026 Configure Simple Relay](#0-2-install--configure)  \n1. [Tags \u0026 Macros](#1-tags--macros)  \n    1.1. [Tags](#1-1-tags)  \n    1.2. [Autoextractors](#1-2-autoextractors)  \n    1.3. [Macros](#1-3-macros)  \n2. [Query Library](#2-query-library)  \n3. [Naming Schema](#3-naming-schema)  \n4. [Resources](#4-resources)  \n    4.1. [Lookups](#4-1-lookups)  \n5. [Alerts](#5-alerts)  \n    5.1 [Dispatchers](#5-1-dispatchers)  \n    5.2 [Consumers](#5-2-consumers)\n6. [Scheduled Searches](#6-scheduled-searches)  \n    6.1. [Flows](#6-1-flows)\n7. [Playbooks](#7-playbooks)  \n8. [Searches](#8-searches)  \n    8.1. [Dashboard Searches](#8-2-dashboard-searches)  \n    8.2. [Alert Queries](#8-1-alert-queries)  \n9. [Templates](#9-templates)  \n10. [Dashboards](#10-dashboards)  \n    10.1 [Actionables](#10-1-actionables)\n11. [Useful Resources \u0026 References](#11-useful-resources--references)  \n12. [Notes](#12-notes)  \n13. [Image credits](#13-image-credits)  \n\n***\n\n## 0. [Data Ingestion](#0-data-ingestion)\n\nBefore you can use the kit, you'll need to get logs flowing from your Cisco FTD Firewall(s) into Gravwell. The recommended method is via syslog forwarding. Gravwell can receive syslog using the [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html) ingester.\n\n#### 0.1 [Simple Relay Ingester](#0-1-simple-relay-ingester)\n\n- Simple Relay is the go-to ingester for text based data sources that can be delivered over plaintext TCP, encrypted TCP, or plaintext UDP network connections via either IPv4 or IPv6.\n    - [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html)\n\n#### 0.2 [Install \u0026 Configure Simple Relay](#0-2-install--configure)\n\n- Deploy Simple Relay on a server which is accessible from the FTD device(s) and can route to the Gravwell indexer(s). Configure it with the correct _Ingest-Secret_ and point either _Cleartext-Backend-Target_ or _Encrypted-Backend-Target_ at the indexer address(es). See [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html).\n- Drop the following config snippet into a new file named \u003ckbd\u003e/opt/gravwell/etc/simple\\_relay.conf.d/cisco\\_firewall.conf\u003c/kbd\u003e then restart the ingester with \u003ckbd\u003esudo systemctl restart gravwell\\_simple\\_relay.service\u003c/kbd\u003e. This will make it start listening for incoming syslog on TCP the configured port, with special rules to route Cisco FTD and Cisco FTD events into different Gravwell tags.\n```ini\n[Listener \"syslogtcp_cisco_ftd\"]\n    Bind-String=\"tcp://0.0.0.0:6901\"\n    Reader-Type=rfc5424\n    Tag-Name=cisco-ftd-events\n    Assume-Local-Timezone=true\n    Preprocessor=\"Cisco FTD 43000X Router\"\n    Preprocessor=\"Cisco FTD Class Router\"\n\n# Route 43000X security-event syslogs \n[preprocessor \"Cisco FTD 43000X Router\"]\n    Type=regexrouter\n    Drop-Misses=false\n    Regex=`%FTD-[0-7]-(?P\u003cmsgid\u003e43000[0-9]):`\n    Route-Extraction=msgid\n    Route=430001:cisco-ftd-intrusion\n    Route=430002:cisco-ftd-connection\n    Route=430003:cisco-ftd-connection\n    Route=430004:cisco-ftd-file\n    Route=430005:cisco-ftd-malware\n\n# Route non-43000X messages by 3-digit class prefix\n[preprocessor \"Cisco FTD Class Router\"]\n    Type=regexrouter\n    Drop-Misses=false\n    # Match any FTD message id EXCEPT 43000X (handled above).\n    Regex=`%FTD-[0-7]-(?P\u003cclass\u003e(?!43000)\\d{3})\\d{3}:`\n    Route-Extraction=class\n\n    # auth\n    Route=109:cisco-ftd-auth\n    Route=113:cisco-ftd-auth\n\n    # config\n    Route=111:cisco-ftd-config\n    Route=112:cisco-ftd-config\n    Route=208:cisco-ftd-config\n    Route=308:cisco-ftd-config\n\n    # vpn\n    Route=213:cisco-ftd-vpn\n    Route=316:cisco-ftd-vpn\n    Route=320:cisco-ftd-vpn\n    Route=402:cisco-ftd-vpn\n    Route=403:cisco-ftd-vpn\n    Route=404:cisco-ftd-vpn\n    Route=501:cisco-ftd-vpn\n    Route=602:cisco-ftd-vpn\n    Route=603:cisco-ftd-vpn\n    Route=611:cisco-ftd-vpn\n    Route=702:cisco-ftd-vpn\n    Route=713:cisco-ftd-vpn\n    Route=714:cisco-ftd-vpn\n    Route=715:cisco-ftd-vpn\n    Route=716:cisco-ftd-vpn\n    Route=718:cisco-ftd-vpn\n    Route=720:cisco-ftd-vpn\n    Route=722:cisco-ftd-vpn\n\n    # traffic\n    Route=106:cisco-ftd-traffic\n    Route=108:cisco-ftd-traffic\n    Route=201:cisco-ftd-traffic\n    Route=202:cisco-ftd-traffic\n    Route=204:cisco-ftd-traffic\n    Route=302:cisco-ftd-traffic\n    Route=303:cisco-ftd-traffic\n    Route=304:cisco-ftd-traffic\n    Route=305:cisco-ftd-traffic\n    Route=314:cisco-ftd-traffic\n    Route=405:cisco-ftd-traffic\n    Route=406:cisco-ftd-traffic\n    Route=407:cisco-ftd-traffic\n    Route=500:cisco-ftd-traffic\n    Route=502:cisco-ftd-traffic\n    Route=607:cisco-ftd-traffic\n    Route=608:cisco-ftd-traffic\n    Route=609:cisco-ftd-traffic\n    Route=616:cisco-ftd-traffic\n    Route=620:cisco-ftd-traffic\n    Route=703:cisco-ftd-traffic\n    Route=710:cisco-ftd-traffic\n\n    # threat\n    Route=400:cisco-ftd-threat\n    Route=401:cisco-ftd-threat\n    Route=420:cisco-ftd-threat\n    Route=733:cisco-ftd-threat\n\n    # system\n    Route=101:cisco-ftd-system\n    Route=102:cisco-ftd-system\n    Route=103:cisco-ftd-system\n    Route=104:cisco-ftd-system\n    Route=105:cisco-ftd-system\n    Route=199:cisco-ftd-system\n    Route=210:cisco-ftd-system\n    Route=211:cisco-ftd-system\n    Route=214:cisco-ftd-system\n    Route=216:cisco-ftd-system\n    Route=306:cisco-ftd-system\n    Route=307:cisco-ftd-system\n    Route=311:cisco-ftd-system\n    Route=315:cisco-ftd-system\n    Route=414:cisco-ftd-system\n    Route=604:cisco-ftd-system\n    Route=605:cisco-ftd-system\n    Route=606:cisco-ftd-system\n    Route=610:cisco-ftd-system\n    Route=612:cisco-ftd-system\n    Route=614:cisco-ftd-system\n    Route=615:cisco-ftd-system\n    Route=701:cisco-ftd-system\n    Route=709:cisco-ftd-system\n    Route=711:cisco-ftd-system\n    Route=741:cisco-ftd-system\n```\n\n- Ensure that the server running Simple Relay allows incoming connections on the configured port, and that any firewalls between the Cisco Firewall device and the Simple Relay system allow the configured port traffic.  \n- Configure log forwarding as described in the Cisco Firewall documentation, defining the syslog server profile to point at the Simple Relay server on the configured port.  \n- Once the changes have been committed, logs should begin flowing into Gravwell. You can check by running the folowing query:  \n\n```\ntag=$CISCO_FTD limit 10\n```\n- If any results appear, logs are coming in properly.  \n\n***\n\n## 1. [Tags \u0026 Macros](#1-tags--macros)\n\n#### 1.1. [Tags](#1-1-tags)\n\n- Purpose: Tags are an essential Gravwell concept. Every entry has a single tag associated with it; these tags allow us to separate and categorize data at a basic level.\n- [Documentation](https://docs.gravwell.io/ingesters/ingesters.html#tags)\n- Total: ***11***\n- The Cisco FTD Kit for Gravwell makes use of the following tags:  \n    - cisco-ftd-auth: Configuration Macro; Tag used for all Cisco FTD Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage: `tag=cisco-ftd-auth`  \n    - cisco-ftd-config: Configuration Macro; Tag used for all Cisco FTD Config data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage: `tag=cisco-ftd-config`\n    - cisco-ftd-conn: Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430002 \u0026 FTD-#-430003); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n        - Usage: `tag=cisco-ftd-conn`\n    - cisco-ftd-events: Configuration Macro; Tag used for all Cisco FTD Events data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage: `tag=cisco-ftd-events`  \n    - cisco-ftd-file: Configuration Macro; Tag used for all Cisco FTD File data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n        - Usage: `tag=cisco-ftd-file`  \n    - cisco-ftd-intrusion: Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430001) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.  \n        - Usage: `tag=cisco-ftd-intrusion`  \n    - cisco-ftd-malware: Configuration Macro; Tag used for all Cisco FTD Malware data (FTD-#-430005); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n        - Usage: `tag=cisco-ftd-malware`  \n    - cisco-ftd-system: Configuration Macro; Tag used for all Cisco FTD System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage: `tag=cisco-ftd-system`  \n    - cisco-ftd-threat: Configuration Macro; Tag used for all Cisco FTD Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage: `tag=cisco-ftd-threat`  \n    - cisco-ftd-traffic: Configuration Macro; Tag used for all Cisco FTD Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage: `tag=cisco-ftd-traffic`  \n    - cisco-ftd-vpn: Configuration Macro; Tag used for all Cisco FTD VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - Usage: `tag=cisco-ftd-vpn`  \n\n#### 1.2. [Autoextractors](#1-2-autoextractors)\n\n- Purpose: Auto-extractors are simply definitions that can be applied to tags and describe how to correctly extract fields from the data in a given tag. The “ax” module then automatically invokes the appropriate functionality of other modules.\n- [Documentation](https://docs.gravwell.io/configuration/autoextractors.html)\n- The Cisco FTD Kit for Gravwell makes use of the following autoextractors:  \n- Total: ***11***\n\t- cisco-ftd-auth: Gravwell generated field extraction for tag cisco-ftd-auth, args '-p -e DATA'\n\t- cisco-ftd-config: Gravwell generated field extraction for tag cisco-ftd-config, args '-p -e DATA'\n\t- cisco-ftd-conn: Gravwell generated field extraction for tag cisco-ftd-conn, args '-p -e DATA'\n\t- cisco-ftd-events: Gravwell generated field extraction for tag cisco-ftd-events, args '-p -e DATA'\n\t- cisco-ftd-file: Gravwell generated field extraction for tag cisco-ftd-file, args '-p -e DATA'\n\t- cisco-ftd-intrusion: Gravwell generated field extraction for tag cisco-ftd-intrusion, args '-p -e DATA'\n\t- cisco-ftd-malware: Gravwell generated field extraction for tag cisco-ftd-malware, args '-p -e DATA'\n\t- cisco-ftd-system: Gravwell generated field extraction for tag cisco-ftd-system, args '-p -e DATA'\n\t- cisco-ftd-threat: Gravwell generated field extraction for tag cisco-ftd-threat, args '-p -e DATA'\n\t- cisco-ftd-traffic: Gravwell generated field extraction for tag cisco-ftd-traffic, args '-p -e DATA'\n\t- cisco-ftd-vpn: Gravwell generated field extraction for tag cisco-ftd-vpn, args '-p -e DATA'  \n\n#### 1.3. [Macros](#1-3-macros)\n\n- Purpose: Search macros are a powerful feature that can help you use Gravwell more effectively. Macros can turn long, repetitive search queries into easily-remembered shortcuts.\n- [Documentation](https://docs.gravwell.io/search/macros.html)\n- The Cisco FTD Kit for Gravwell makes use of the following macros:\n- Total: ***20***\n    - Tags\n        - $CISCO\\_FTD: Configuration Macro; Tag used for all Cisco FTD data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_FTD\\_AUTH: Configuration Macro; Tag used for all Cisco FTD Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_FTD\\_CONFIG: Configuration Macro; Tag used for all Cisco FTD Configuration data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_FTD\\_CONN: Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430002 \u0026 FTD-#-430003); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n        - $CISCO\\_FTD\\_EVENTS: Configuration Macro; Tag used for all Cisco FTD Events data that don't fall into the other tags; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_FTD\\_FILE: Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n        - $CISCO\\_FTD\\_INTRUSION: Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430001) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.  \n        - $CISCO\\_FTD\\_MALWARE: Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430005) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.  \n        - $CISCO\\_FTD\\_SYSTEM: Configuration Macro; Tag used for all Cisco FTD System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_FTD\\_THREAT: Configuration Macro; Tag used for all Cisco FTD Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_FTD\\_TRAFFIC: Configuration Macro; Tag used for all Cisco FTD Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n        - $CISCO\\_FTD\\_VPN: Configuration Macro; Tag used for all Cisco FTD VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n        - $CISCO\\_SECURITY: Configuration Macro; Tag used for all Cisco FTD Security Events (FTD-#-430001 to FTD-#-430005); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates. \n    - Enumerated Value Extraction (EVX)\n        - $CISCO\\_FTD\\_CONN\\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Connection data (FTD-#-430002 \u0026 FTD-#-430003); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n        - $CISCO\\_FTD\\_FILE\\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD File data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n        - $CISCO\\_FTD\\_INTRUSION\\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Intrusion data (FTD-#-430001); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n        - $CISCO\\_FTD\\_MALWARE\\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Malware data (FTD-#-430005); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n        - $CISCO\\_SECURITY\\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Security Events (FTD-#-430001 to FTD-#-430005); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. \n    - Normalization\n        - $CISCO\\_FTD\\_SEVERITY: This macro creates an Enumerated Value (EV) named \\_severity\\_order and then orders events by severity. \n        - $CISCO\\_FTD\\_SEVERITY\\_ORDER: This macro creates an Enumerated Value (EV) named \\_severity\\_order and then orders events by severity. \n        - $CISCO\\_NORMALIZE\\_DIRECTION: This macro normalizes Direction from SecIntMatchingIP.\n        \n***\n\n## 2. [Query Library](#2-query-library)\n- Purpose: Queries within the Query Library drive [dashboards](#10-dashboards) via [searches](#8-searches), [scheduled searches](#6-scheduled-searches) via [alert queries](#8-1-alert-queries), and [playbooks](#7-playbooks).\n- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n    - Updating a query in the library updates dependent dashboards and scheduled searches automatically.\n    - Total queries: ***12***\n        - [8.1 Dashboard Searches](#8-2-dashboard-searches): ***12***  \n        - [8.2 Alert Queries](#8-1-alert-queries): ***0***  \n\n***\n\n## 3. [Naming Schema](#3-naming-schema)\n- Purpose: The use of a standard naming convention enables users to quickly understand the function, severity, and context of a query or component. This approach facilitates efficient identification, reuse, and troubleshooting without ambiguity.\n- _QueryType - Company - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - Name [Visualization - **if any**]_\n- Examples:\n    - Templates: _Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [numbercard]_\n    - Searches: _Search - Cisco - FTD - Firewall - Event Types - Count by Category [chart]_\n\n***\n\n## 4. [Resources](#4-resources)\n- Purpose: Resources allow users to store persistent data for use in searches.\n- [Documentation](https://docs.gravwell.io/resources/resources.html)\n- Total: ***1***\n\n#### 4.1 [Lookups](#4-1-lookups)\n- Purpose: Lookup Resources are used by the lookup module to perform data enrichment and translation off of a static lookup table stored in a resource.\n- [Documentation](https://docs.gravwell.io/search/lookup/lookup.html)\n- Total: ***1***\n    - cisco\\_ftd\\_syslog\\_messages\n        - This is intended to be used as a lookup file providing additional information regarding all Cisco Adaptive Security Appliance (FTD) SysLog Messages. It is used within the Cisco FTD Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.\n        - fields: cisco\\_id,msg\\_id,description,error\\_msg,explanation,recommended\\_action,sev\\_id,severity,risk\\_score\n            - cisco\\_id: this is the full Cisco Syslog Message ID (e.g. %FTD-1-101001) which breaks out into %{Cisco Firewall Appliance}-{Cisco Assigned Severity}-{Cisco Message ID}\n            - msg\\_id: this is the Cisco Syslog Message ID which is part of the full Cisco Syslog Message ID\n            - description: this is the short description of the Cisco Syslog message often seen on the Cisco firewall appliance itself\n            - error\\_msg: this is the full Cisco Message compromised of {cisco\\_id}: {description}\n            - explanation: this is a more detailed explanation of the Cisco Syslog Message\n            - recommended\\_action: this is the Cisco Recommended Action provided within their documentation\n            - sev\\_id: this the Cisco assigned severity (id) provided within their documentation\n            - severity: this the Cisco assigned severity (name) provided within their documentation \n            - risk\\_score: this is a Gravwell assigned value for dashboards, queries, and alerting purposes\n            - category: this is a broad functional grouping assigned to the Cisco FTD error messages that is used within the Cisco FTD General Overview Dashboard to group data together  \n            - subcategory: this is a more specific grouping assigned to the Cisco FTD error messages that is used within the Cisco FTD General Overview Dashboard to group data together  \n        - Usage: `dump -r cisco_ftd_syslog_messages | table`\n\n***\n\n## 5. [Alerts](#5-alerts)\n- Purpose: Alerts notify you of potential nefarious actions that took place within and/or against your environment by tying dispatchers and consumers together.\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#alerts)\n- Total: ***0***\n\n#### 5.1 [Dispatchers](#5-1-dispatchers)\n- Purpose: Dispatchers generate events. A typical dispatcher would be a scheduled search that runs on an interval; every result returned by a scheduled search is considered an event.\n    - Dispatchers = [Scheduled Searches](#6-scheduled-searches)\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)\n\n#### 5.2 [Consumers](#5-2-consumers)\n- Purpose: Consumers process and respond to events. A typical consumer would be a flow that sends an email to an administrator, or opens a ticket in the ticketing system. Each consumer runs once per event.\n    - Consumers = [Flows](#6-1-flows)\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)\n\n***\n\n## 6. [Scheduled Searches](#6-scheduled-searches)\n- Purpose: Scheduled Searches are typically dependent on “AlertQuery - Cisco FTD - …” queries within the [Query Library](#2-query-library).\n- [Documentation](https://docs.gravwell.io/scripting/scheduledsearch.html)\n- Total: ***0***\n\n#### 6.1. [Flows](#6-1-flows)\n- Purpose: Flows provide a no-code method for developing advanced automations in Gravwell.\n- [Documentation](https://docs.gravwell.io/flows/flows.html)\n- Total: ***0***\n\n***\n\n## 7. [Playbooks](#7-playbooks)\n\n- Purpose: Playbooks are hypertext documents within Gravwell which help guide users through common tasks, describe functionality, and record information about data in the system.\n- [Documentation](https://docs.gravwell.io/gui/playbooks/playbooks.html)\n- Total: ***1***\n    - Cisco FTD Kit for Gravwell - README\n\n***\n\n## 8. [Searches](#8-searches)\n\n- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco FTD data in an easily digestible format or [scheduled searches](#6-scheduled-searches) to ultimately feed [alerts](#5-alerts).  \n- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n- Total: ***12***\n\n#### 8.1 [Dashboard Searches](#8-1-dashboard-searches)\n- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco FTD data in an easily digestible format.\n- Total: ***12***  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category [chart]_: Displays a chart of event types (error message) by Category.  \n\t- _Search - Cisco - FTD - Firewall - Security - Count by ApplicationProtocol [chart]_: Displays a chart of event count by ApplicationProtocol.  \n\t- _Search - Cisco - FTD - Firewall - Security - Count by DstIP [chart]_: Displays a chart of event count by DstIP.  \n\t- _Search - Cisco - FTD - Firewall - Security - Count by SSLActualAction [chart]_: Displays a chart of event count by SSLActualAction.  \n\t- _Search - Cisco - FTD - Firewall - Security - Count by SrcIP [chart]_: Displays a chart of event count by SrcIP.  \n\t- _Search - Cisco - FTD - Firewall - Security - Count by Tag [chart]_: Displays a chart of event types (error message) by Tag.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category \u0026 Subcategory [chart]_: Displays a chart of event types (error message) by Category \u0026 Subcategory.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category \u0026 Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Category \u0026 Subcategory.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category [numbercard]_: Displays a numbercard of event types (error message) by Category.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [chart]_: Displays a chart of event types (error message) by Category, Subcategory \u0026 Severity.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [numbercard]_: Displays a numbercard of event types (error message) by Category, Subcategory \u0026 Severity.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Severity [chart]_: Displays a chart of event types (error message) by Severity.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Severity [numbercard]_: Displays a numbercard of event types (error message) by Severity.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [chart]_: Displays a chart of event types (error message) by Subcategory.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Subcategory.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Tag [chart]_: Displays a chart of event types (error message) by Tag.  \n    - _Search - Cisco - FTD - Firewall - Event Types - Count by Tag [numbercard]_: Displays a numbercard of event types (error message) by Tag.  \n- Naming Schema: _Search - Cisco FTD - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - SearchName [Visualization - **if any**]_\n\n#### 8.2. [Alert Queries](#8-2-alert-queries)\n- Purpose: These queries within the Query Library drive [scheduled searches](#6-scheduled-searches) which ultimately feed [alerts](#5-alerts).  \n- IMPORTANT: If you need to update or tune, this is where you perform that action.\n- Total: ***0***\n\n***\n\n## 9. [Templates](#9-templates)\n- Purpose: Templates are special objects which define a Gravwell query containing variables.\n- [Documentation](https://docs.gravwell.io/gui/templates/templates.html)\n- Total: ***36***\n\t- _Template - Cisco - FTD - Firewall - Connection - Event Count by Severity [chart]_: Displays a chart of Connection Events by severity performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Connection - Events by User and/or IP [table]_: Displays a table of Connection Events performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - File - Event Count by Severity [chart]_: Displays a chart of File Events by severity performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - File - Events by User and/or IP [table]_: Displays a table of File Events performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Intrusion - Event Count by Severity [chart]_: Displays a chart of Intrusion Events by severity performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Intrusion - Events by User and/or IP [table]_: Displays a table of Intrusion Events performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Malware - Event Count by Severity [chart]_: Displays a chart of Malware Events by severity performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Malware - Events by User and/or IP [table]_: Displays a table of Malware Events performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Security - Count by Severity [numbercard]_: Displays a numbercard of Security Events performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Security - Event Count by Severity [chart]_: Displays a chart of Security Events by severity performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Security - Event Count by Tag [chart]_: Displays a chart of Security Events by TAG performed by the specified user and/or ip.  \n\t- _Template - Cisco - FTD - Firewall - Security - Events by User and/or IP [table]_: Displays a table of Security Events performed by the specified user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [chart]_: Displays a chart of Authentication events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [numbercard]_: Displays a numbercard of Authentication events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Authentication - Events by User and/or IP [table]_: Displays a table of Authentication events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Combined - Event Count by Severity [chart]_: Displays a chart of all events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Combined - Event Count by Severity [numbercard]_: Displays a numbercard of all events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Combined - Events by User and/or IP [table]_: Displays a table of all events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Config - Event Count by Severity [chart]_: Displays a chart of Config events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Config - Event Count by Severity [numbercard]_: Displays a numbercard of Config events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Config - Events by User and/or IP [table]_: Displays a table of Config events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Events - Event Count by Severity [chart]_: Displays a chart of events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Events - Event Count by Severity [numbercard]_: Displays a numbercard of events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Events - Events by User and/or IP [table]_: Displays a table of events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - System - Event Count by Severity [chart]_: Displays a chart of System events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - System - Event Count by Severity [numbercard]_: Displays a numbercard of System events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - System - Events by User and/or IP [table]_: Displays a table of System events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [chart]_: Displays a chart of Threat events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [numbercard]_: Displays a numbercard of Threat events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Threat - Events by User and/or IP [table]_: Displays a table of Threat events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [chart]_: Displays a chart of Traffic events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [numbercard]_: Displays a numbercard of Traffic events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - Traffic - Events by User and/or IP [table]_: Displays a table of Traffic events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [chart]_: Displays a chart of VPN events performed by the user and/or ip.  \n    - _Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [numbercard]_: Displays a numbercard of VPN events performed by the user and/or ip. \t  \n    - _Template - Cisco - FTD - Firewall - VPN - Events by User and/or IP [table]_: Displays a table of VPN events performed by the user and/or ip.  \n\n***\n\n## 10. [Dashboards](#10-dashboards)\n- Purpose: Dashboards are Gravwell's way of showing the results from multiple searches at the same time.\n- [Documentation](https://docs.gravwell.io/gui/dashboards/dashboards.html)\n- Total: ***3***\n    - Cisco FTD General Overview: This Dashboard is a general overview of your Cisco FTD data.\n    - Cisco FTD Investigation: This Dashboard is intended to be used for Cisco FTD investigations.\n    - Cisco FTD Security Events Investigation: This Dashboard is intended to be used for Cisco FTD Security Event investigations.\n\n#### 10.1 [Actionables](#10-1-actionables)\n- Purpose: Actionables provide a way to create custom menus that key on any text rendered in a query; users can take different actions on that text by selecting options in the menus.\n- [Documentation](https://docs.gravwell.io/gui/actionables/actionables.html)\n- Total: ***1***\n    - Cisco FTD IP: Cisco FTD Actions on IP to Launch Cisco FTD Investigation Dashboard or Cisco FTD Security Event Investigation Dashboard.\n\n***\n\n## 11. [Useful Resources \u0026 References](#11-useful-resources--references)\n- Gravwell\n    - [Actionables](https://docs.gravwell.io/gui/actionables/actionables.html)  \n    - [Alerts](https://docs.gravwell.io/alerts/alerts.html#alerts)  \n    - [Autoextractors](https://docs.gravwell.io/configuration/autoextractors.html)  \n    - [Consumers](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)  \n    - [Dashboards](https://docs.gravwell.io/gui/dashboards/dashboards.html)  \n    - [Dispatchers](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)  \n    - [Flows](https://docs.gravwell.io/flows/flows.html)  \n    - [Lookup Module](https://docs.gravwell.io/search/lookup/lookup.html)  \n    - [Macros](https://docs.gravwell.io/search/macros.html)  \n    - [Playbooks](https://docs.gravwell.io/gui/playbooks/playbooks.html)  \n    - [Query Library](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)  \n    - [regexrouter Preprocessor](https://docs.gravwell.io/ingesters/preprocessors/regexrouter.html)  \n    - [Resources](https://docs.gravwell.io/resources/resources.html)  \n    - [Scheduled Searches](https://docs.gravwell.io/scripting/scheduledsearch.html)  \n    - [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html)  \n    - [Tags](https://docs.gravwell.io/ingesters/ingesters.html#tags)  \n    - [Templates](https://docs.gravwell.io/gui/templates/templates.html)  \n- Cisco Adaptive Security Appliance (FTD)\n    - [Cisco Secure Firewall FTD Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/about.html)\n    - [Cisco Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n    - [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n    - [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n    - [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n    - [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n    - [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n    - [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n    - [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n    - [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n    - [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n    - [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)\n    - [Cisco FTD Messages Listed by Severity Level](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs-sev-level.html)\n    - [Cisco FTD Index](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/fptd_syslog_guide_index.html)\n\n***\n\n## 12. [Notes](#12-notes)\n\n***\n\n## 13. [Image credits](#13-image-credits)\n- [Banner](https://uxwing.com/cisco-icon/)\n- [Cover](https://uxwing.com/cisco-icon/)\n- [Icon](https://uxwing.com/cisco-icon/)\n\n***",
+	"Version": 1,
+	"MinVersion": {
+		"Major": 0,
+		"Minor": 0,
+		"Point": 0
+	},
+	"MaxVersion": {
+		"Major": 5,
+		"Minor": 99,
+		"Point": 0
+	},
+	"Icon": "e0b98ad2-b2a7-4b24-8374-72f247a18822",
+	"Banner": "8b713d4b-635b-4a4d-8eba-85ca1a3adb6d",
+	"Cover": "151fc05a-6912-4b5d-a31a-10ef6b0bc68a",
+	"Items": [
+		{
+			"Name": "Apache 2.0 License",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco_ftd_syslog_messages",
+			"Type": 1,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_MALWARE_EVX",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_CONN",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_SEVERITY_ORDER",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_FILE",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_SECURITY_EVX",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_AUTH",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_CONFIG",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_TRAFFIC",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_VPN",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_FILE_EVX",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_INTRUSION",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_NORMALIZE_DIRECTION",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_EVENTS",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_SYSTEM",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_THREAT",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_SECURITY",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_INTRUSION_EVX",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_MALWARE",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_CONN_EVX",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "CISCO_FTD_SEVERITY",
+			"Type": 8,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "656036bf-a5f7-4092-9606-d3d97d15c758",
+			"Type": 3,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "1c340e6a-7268-46a7-8f36-f59405ff64fe",
+			"Type": 3,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "79f2b584-46cf-4043-b205-29e3c32e881d",
+			"Type": 3,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "d0712c55-49b5-4aa4-8392-a23eef6f92a8",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "b5006de7-61c4-4158-b8e2-4c0f6cbd11f8",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "95219292-01db-4917-be7b-aedac9e180dc",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "b7960811-47a5-4fba-b0d9-639052e426e0",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "a228d48f-333f-4a2f-bd5a-e8e27a569d61",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "d61a67de-3562-460e-9c3e-95b69b27c9b3",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "02453c60-0220-4ec1-a26c-fb26c72c508c",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "9a11072f-cbe0-4365-b228-def2e0847c01",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "085b0270-ed97-4948-b8b7-1362a29721b5",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "f540cb33-74bc-4f30-ad22-4e430728ab67",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "34b167be-27dd-4cf5-9e08-0eb320b3d446",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "a420dbb4-8bd3-4681-9fca-e9a30dbde982",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "c74ca09a-4833-4255-868f-79c41fa1db66",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "29d2f863-d259-486d-90cc-e2fb1e79aa13",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "039e3c93-204a-4f68-9e02-443cc39169e4",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "73333f31-0a91-48ac-8d74-4c042a47d7bf",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "dda4d8e9-e845-410e-b105-fe0928573033",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "e32ea44e-483b-48bb-a58e-5cc68eb3487c",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "eeacd085-5bd8-4784-8f0c-0f63f74b5377",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "7ce003ec-c88f-48e7-b252-35fbf7d39997",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "55b3c1f4-02ae-4879-bbdb-a59c1d2e562a",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "f5864c31-63a7-4c44-8fdd-56fccb53a40a",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "8f985b19-f67e-48e8-af69-e8a33756c988",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "da038943-250c-4907-a73b-ce6cf00246af",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "8cd23b13-862b-487d-b8d6-5dc0b11c4c0d",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "d8e6ccdb-eca3-4e65-a8bb-feee724b78b4",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "ad54a83b-4452-49bb-b7b4-60b3e278ab48",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "55d3b87e-37cf-4afb-86a2-d3e74694ef22",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "fc47d511-2fb8-4822-8a4b-85b84e6ca581",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "075e2192-37ae-41ce-9190-a13e2bcf3d1f",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "1f24de97-1e5c-43f4-8cd7-177524dcd8e8",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "a6c91109-88b9-4a56-bdb2-563fdbdf3f06",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "0fdb9df1-441a-461e-bbf5-5d434dbdae70",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "573dc727-4a09-4614-bf5a-4da54d7bf33a",
+			"Type": 6,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "9f94162b-c38a-41fe-b594-1739af6ee761",
+			"Type": 5,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "c21e1a11-72e8-4661-8409-fea6b856fad5",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "96e4c994-6e65-4a9b-99bf-5032380926a8",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "11d63825-1e4f-40ab-ac01-8d53adfdcda7",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "fe8d2808-b1f6-40cc-b388-d2f08806a5a1",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "b223686f-337b-4708-a6d3-6e639cbaa21a",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "44b010d7-c224-4194-9644-8cdcde33c1b5",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "75bbe0bc-a839-40b0-95df-f1955d0453d9",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "aa7015e6-e70f-43d2-960c-dc86cd8735d5",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "90d24c27-9b9c-4f94-9066-968088a981c7",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "e79f7735-b1c3-4bb0-94d5-4a66feeae168",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "adb28bc0-6bd7-4564-b4d9-3cac9118c39d",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "d87b5ce9-3c9b-4e77-a569-057872a8a500",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "da83d755-35ff-455b-8e27-fa2fa36af4fe",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "49a2863c-e896-4c69-9f15-32bb57664809",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "d8399ba2-280c-4a51-bc46-14e4995f320d",
+			"Type": 9,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "8b713d4b-635b-4a4d-8eba-85ca1a3adb6d",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "e0b98ad2-b2a7-4b24-8374-72f247a18822",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "151fc05a-6912-4b5d-a31a-10ef6b0bc68a",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "8da73867-990a-4185-8c2b-5a1c60e39786",
+			"Type": 11,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-auth",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-threat",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-file",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-config",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-intrusion",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-connection",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-system",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-malware",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-traffic",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-events",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+		{
+			"Name": "cisco-ftd-vpn",
+			"Type": 4,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		}
+	],
+	"Dependencies": null,
+	"ConfigMacros": [
+		{
+			"MacroName": "CISCO_FTD_AUTH",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-auth",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_CONFIG",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Config data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-config",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_CONN",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430002 \u0026 FTD-#-430003); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-connection",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_EVENTS",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Events data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-events",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_FILE",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-file",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_INTRUSION",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Intrusion (FTD-#-430001) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-intrusion",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_MALWARE",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Malware data (FTD-#-430005); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-malware",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_SYSTEM",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-system",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_THREAT",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-threat",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_TRAFFIC",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-traffic",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		},
+		{
+			"MacroName": "CISCO_FTD_VPN",
+			"Description": "Configuration Macro; Tag used for all Cisco FTD VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.",
+			"DefaultValue": "cisco-ftd-vpn",
+			"Value": "",
+			"Type": "TAG",
+			"InstalledByID": ""
+		}
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/README.md b/cisco_ftd/README.md
new file mode 100644
index 00000000..996a4cf0
--- /dev/null
+++ b/cisco_ftd/README.md
@@ -0,0 +1,27 @@
+# Cisco FTD Kit
+
+The Cisco FTD Kit provides a baseline set of tags, macros, saved queries, lookup resources, playbooks, actionables, dashboard searches, alert queries, and dashboards for your Cisco FTD data.
+
+The Cisco FTD Kit is licensed under the Apache 2.0 license and the contents are available on [Cisco FTD](https://github.com/gravwell/kits/tree/main/cisco_ftd).
+
+## Dependencies
+- N/A
+
+## Changelog
+- 1.0: Initial Release
+	- actionables 				01
+	- alert 					00
+	- autoextractor 			11
+	- dashboard 				03
+	- file 						03
+	- license 					01
+	- macro 					21
+	- playbook 					01
+	- resource 					01
+	- scheduled 				00
+		- scheduled searches 	00
+		- flows 				00
+	- searchlibrary 			17
+		- alert queries 		00
+		- dashboard searches 	17
+	- template 					36 
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-auth.args b/cisco_ftd/autoextractor/cisco-ftd-auth.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-auth.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-auth.meta b/cisco_ftd/autoextractor/cisco-ftd-auth.meta
new file mode 100644
index 00000000..bff7766e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-auth.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-auth",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-auth, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-auth"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "00c54f92-d869-4cad-91a4-87784f330b8f",
+	"LastUpdated": "2026-03-17T13:51:48.985349086Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-auth.params b/cisco_ftd/autoextractor/cisco-ftd-auth.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-auth.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-config.args b/cisco_ftd/autoextractor/cisco-ftd-config.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-config.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-config.meta b/cisco_ftd/autoextractor/cisco-ftd-config.meta
new file mode 100644
index 00000000..cf301f97
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-config.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-config",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-config, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-config"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "4e7ff0cd-54b2-48d6-81da-e7539544cd9a",
+	"LastUpdated": "2026-03-17T13:51:48.98892242Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-config.params b/cisco_ftd/autoextractor/cisco-ftd-config.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-config.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-connection.args b/cisco_ftd/autoextractor/cisco-ftd-connection.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-connection.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-connection.meta b/cisco_ftd/autoextractor/cisco-ftd-connection.meta
new file mode 100644
index 00000000..28b1208a
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-connection.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-conn",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-connection, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-connection"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "6fa4424d-78a7-4dc5-86d4-aecb5a7cbdec",
+	"LastUpdated": "2026-03-18T01:24:31.701825047Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-connection.params b/cisco_ftd/autoextractor/cisco-ftd-connection.params
new file mode 100644
index 00000000..61226173
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-connection.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msg_id>\d+):\s+(?P<msg>.+)$
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-events.args b/cisco_ftd/autoextractor/cisco-ftd-events.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-events.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-events.meta b/cisco_ftd/autoextractor/cisco-ftd-events.meta
new file mode 100644
index 00000000..e642c504
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-events.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-events",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-events, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-events"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "c0900519-5662-424f-b272-3608030f8df2",
+	"LastUpdated": "2026-03-17T13:51:48.99531042Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-events.params b/cisco_ftd/autoextractor/cisco-ftd-events.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-events.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-file.args b/cisco_ftd/autoextractor/cisco-ftd-file.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-file.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-file.meta b/cisco_ftd/autoextractor/cisco-ftd-file.meta
new file mode 100644
index 00000000..57a3924c
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-file.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-file",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-file, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-file"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "299e95b5-914a-493b-85a7-a0437c0d378b",
+	"LastUpdated": "2026-03-17T13:51:48.987972961Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-file.params b/cisco_ftd/autoextractor/cisco-ftd-file.params
new file mode 100644
index 00000000..e841372e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-file.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)$
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-intrusion.args b/cisco_ftd/autoextractor/cisco-ftd-intrusion.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-intrusion.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-intrusion.meta b/cisco_ftd/autoextractor/cisco-ftd-intrusion.meta
new file mode 100644
index 00000000..8a3dd335
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-intrusion.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-intrusion",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-intrusion, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-intrusion"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "5282cb99-3dbd-4484-943c-e5a51b3c76ee",
+	"LastUpdated": "2026-03-17T13:51:48.989374128Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-intrusion.params b/cisco_ftd/autoextractor/cisco-ftd-intrusion.params
new file mode 100644
index 00000000..e841372e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-intrusion.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)$
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-malware.args b/cisco_ftd/autoextractor/cisco-ftd-malware.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-malware.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-malware.meta b/cisco_ftd/autoextractor/cisco-ftd-malware.meta
new file mode 100644
index 00000000..b822a81b
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-malware.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-malware",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-malware, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-malware"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "8e49fd45-1689-46e6-84c7-8a3693cbe286",
+	"LastUpdated": "2026-03-17T13:51:48.992178711Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-malware.params b/cisco_ftd/autoextractor/cisco-ftd-malware.params
new file mode 100644
index 00000000..61226173
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-malware.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msg_id>\d+):\s+(?P<msg>.+)$
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-system.args b/cisco_ftd/autoextractor/cisco-ftd-system.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-system.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-system.meta b/cisco_ftd/autoextractor/cisco-ftd-system.meta
new file mode 100644
index 00000000..a9b98075
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-system.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-system",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-system, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-system"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "6fb85ba1-1e24-452d-b70e-c095c35d80aa",
+	"LastUpdated": "2026-03-17T13:51:48.990986795Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-system.params b/cisco_ftd/autoextractor/cisco-ftd-system.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-system.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-threat.args b/cisco_ftd/autoextractor/cisco-ftd-threat.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-threat.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-threat.meta b/cisco_ftd/autoextractor/cisco-ftd-threat.meta
new file mode 100644
index 00000000..d8b83a39
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-threat.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-threat",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-threat, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-threat"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "141df200-a130-4157-af9e-9b3126f7651b",
+	"LastUpdated": "2026-03-17T13:51:48.987082753Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-threat.params b/cisco_ftd/autoextractor/cisco-ftd-threat.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-threat.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-traffic.args b/cisco_ftd/autoextractor/cisco-ftd-traffic.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-traffic.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-traffic.meta b/cisco_ftd/autoextractor/cisco-ftd-traffic.meta
new file mode 100644
index 00000000..663953dd
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-traffic.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-traffic",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-traffic, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-traffic"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "b37366cb-c567-44fc-b67c-7b9037806d40",
+	"LastUpdated": "2026-03-17T13:51:48.99428592Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-traffic.params b/cisco_ftd/autoextractor/cisco-ftd-traffic.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-traffic.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-vpn.args b/cisco_ftd/autoextractor/cisco-ftd-vpn.args
new file mode 100644
index 00000000..13a6d897
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-vpn.args
@@ -0,0 +1 @@
+-p -e DATA
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-vpn.meta b/cisco_ftd/autoextractor/cisco-ftd-vpn.meta
new file mode 100644
index 00000000..66cefd2e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-vpn.meta
@@ -0,0 +1,18 @@
+{
+	"Name": "cisco-ftd-vpn",
+	"Desc": "Gravwell generated fields extraction for tag cisco-ftd-vpn, args '-p -e DATA'",
+	"Module": "regex",
+	"Tag": "",
+	"Tags": [
+		"cisco-ftd-vpn"
+	],
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"UID": 1,
+	"GIDs": null,
+	"Global": true,
+	"UUID": "dee194c1-5c44-4678-aecf-ce2ac33d724d",
+	"LastUpdated": "2026-03-18T01:27:57.42112542Z"
+}
\ No newline at end of file
diff --git a/cisco_ftd/autoextractor/cisco-ftd-vpn.params b/cisco_ftd/autoextractor/cisco-ftd-vpn.params
new file mode 100644
index 00000000..addafe4e
--- /dev/null
+++ b/cisco_ftd/autoextractor/cisco-ftd-vpn.params
@@ -0,0 +1 @@
+^(?:<(?P<priority>\d+)>)?:?\s*(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)
\ No newline at end of file
diff --git a/cisco_ftd/cisco-banner.png b/cisco_ftd/cisco-banner.png
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_ftd/cisco-cover.png b/cisco_ftd/cisco-cover.png
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_ftd/cisco-icon.png b/cisco_ftd/cisco-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_ftd/cisco_ftd.metadata b/cisco_ftd/cisco_ftd.metadata
new file mode 100644
index 00000000..cca95a23
--- /dev/null
+++ b/cisco_ftd/cisco_ftd.metadata
@@ -0,0 +1,48 @@
+{
+  "Tags": [
+    "cisco-ftd-auth",
+    "cisco-ftd-config",
+    "cisco-ftd-conn",
+    "cisco-ftd-events",
+    "cisco-ftd-file",
+    "cisco-ftd-intrusion",
+    "cisco-ftd-malware",
+    "cisco-ftd-system",
+    "cisco-ftd-threat",
+    "cisco-ftd-traffic",
+    "cisco-ftd-vpn"
+  ],
+  "Assets": [
+    {
+      "Type": "image",
+      "Source": "cisco-cover.png",
+      "Legend": "Cisco FTD Cover",
+      "Featured": true
+    },
+    {
+      "Type": "image",
+      "Source": "cisco-banner.png",
+      "Legend": "Cisco FTD Banner",
+      "Featured": true,
+      "Banner": true
+    },
+    {
+      "Type": "readme",
+      "Source": "README.md"
+    }
+  ],
+  "dashboards": [],
+  "attachments": [
+    {
+      "context": "cover",
+      "type": "image",
+      "file": "cisco-cover.png"
+    },
+    {
+      "context": "banner",
+      "type": "image",
+      "file": "cisco-banner.png"
+    }
+  ],
+  "readme": "README.md"
+}
diff --git a/cisco_ftd/dashboard/1c340e6a-7268-46a7-8f36-f59405ff64fe.meta b/cisco_ftd/dashboard/1c340e6a-7268-46a7-8f36-f59405ff64fe.meta
new file mode 100644
index 00000000..fe9adbda
--- /dev/null
+++ b/cisco_ftd/dashboard/1c340e6a-7268-46a7-8f36-f59405ff64fe.meta
@@ -0,0 +1,649 @@
+{
+	"UUID": "1c340e6a-7268-46a7-8f36-f59405ff64fe",
+	"Name": "Cisco FTD Investigation",
+	"Description": "This Dashboard is intended to be used for Cisco FTD investigations.",
+	"Data": {
+		"timeframe": {
+			"durationString": null,
+			"timeframe": "P7DT",
+			"timezone": null,
+			"start": null,
+			"end": null
+		},
+		"searches": [
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Combined - Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "fc47d511-2fb8-4822-8a4b-85b84e6ca581",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Combined - Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "73333f31-0a91-48ac-8d74-4c042a47d7bf",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Combined - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "8f985b19-f67e-48e8-af69-e8a33756c988",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "573dc727-4a09-4614-bf5a-4da54d7bf33a",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "075e2192-37ae-41ce-9190-a13e2bcf3d1f",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Threat - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "eeacd085-5bd8-4784-8f0c-0f63f74b5377",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "f540cb33-74bc-4f30-ad22-4e430728ab67",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "e32ea44e-483b-48bb-a58e-5cc68eb3487c",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Traffic - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "ad54a83b-4452-49bb-b7b4-60b3e278ab48",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "dda4d8e9-e845-410e-b105-fe0928573033",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "02453c60-0220-4ec1-a26c-fb26c72c508c",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Authentication - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "1f24de97-1e5c-43f4-8cd7-177524dcd8e8",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "d61a67de-3562-460e-9c3e-95b69b27c9b3",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "a228d48f-333f-4a2f-bd5a-e8e27a569d61",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - VPN - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "55b3c1f4-02ae-4879-bbdb-a59c1d2e562a",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - System - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "039e3c93-204a-4f68-9e02-443cc39169e4",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - System - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "b7960811-47a5-4fba-b0d9-639052e426e0",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Events - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "da038943-250c-4907-a73b-ce6cf00246af",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Config - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Config - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "a6c91109-88b9-4a56-bdb2-563fdbdf3f06",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Events - Event Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "b5006de7-61c4-4158-b8e2-4c0f6cbd11f8",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Events - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "085b0270-ed97-4948-b8b7-1362a29721b5",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Config - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Events - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "d0712c55-49b5-4aa4-8392-a23eef6f92a8",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			}
+		],
+		"tiles": [
+			{
+				"id": 17737696404960,
+				"title": "Combined Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 5,
+					"x": 0,
+					"y": 0
+				},
+				"searchesIndex": 0,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737696926961,
+				"title": "Combined Event Count by Severity [chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 5
+				},
+				"searchesIndex": 1,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17737697351472,
+				"title": "Combined Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 5
+				},
+				"searchesIndex": 2,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737700257823,
+				"title": "Threat Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 13
+				},
+				"searchesIndex": 3,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737700771014,
+				"title": "Threat Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 17
+				},
+				"searchesIndex": 4,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17737701292395,
+				"title": "Threat Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 17
+				},
+				"searchesIndex": 5,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737706202016,
+				"title": "Traffic Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 25
+				},
+				"searchesIndex": 6,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737706528787,
+				"title": "Traffic Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 29
+				},
+				"searchesIndex": 7,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17737706955748,
+				"title": "Traffic Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 29
+				},
+				"searchesIndex": 8,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17737707432399,
+				"title": "Authentication Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 38
+				},
+				"searchesIndex": 9,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377077764910,
+				"title": "Authentication Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 42
+				},
+				"searchesIndex": 10,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377082363611,
+				"title": "Authentication Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 42
+				},
+				"searchesIndex": 11,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377087013112,
+				"title": "VPN Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 51
+				},
+				"searchesIndex": 12,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377090205913,
+				"title": "VPN Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 55
+				},
+				"searchesIndex": 13,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377095450714,
+				"title": "VPN Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 55
+				},
+				"searchesIndex": 14,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377100134215,
+				"title": "System Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 63
+				},
+				"searchesIndex": 15,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377103541916,
+				"title": "System Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 67
+				},
+				"searchesIndex": 16,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377112307617,
+				"title": "System Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 67
+				},
+				"searchesIndex": 17,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377120898918,
+				"title": "Config Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 76
+				},
+				"searchesIndex": 18,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377124765919,
+				"title": "Config Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 80
+				},
+				"searchesIndex": 19,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377129162120,
+				"title": "Config Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 80
+				},
+				"searchesIndex": 22,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377133148121,
+				"title": "Events Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 89
+				},
+				"searchesIndex": 20,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177377136802522,
+				"title": "Events Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 0,
+					"y": 93
+				},
+				"searchesIndex": 21,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177377254205923,
+				"title": "Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 7,
+					"x": 6,
+					"y": 93
+				},
+				"searchesIndex": 23,
+				"rendererOptions": {}
+			}
+		],
+		"linkZooming": false,
+		"grid": {},
+		"version": 2
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/dashboard/656036bf-a5f7-4092-9606-d3d97d15c758.meta b/cisco_ftd/dashboard/656036bf-a5f7-4092-9606-d3d97d15c758.meta
new file mode 100644
index 00000000..b2edf0cb
--- /dev/null
+++ b/cisco_ftd/dashboard/656036bf-a5f7-4092-9606-d3d97d15c758.meta
@@ -0,0 +1,343 @@
+{
+	"UUID": "656036bf-a5f7-4092-9606-d3d97d15c758",
+	"Name": "Cisco FTD Security Events Investigation",
+	"Description": "This Dashboard is intended to be used for Cisco FTD Security Event investigations.",
+	"Data": {
+		"timeframe": {
+			"durationString": null,
+			"timeframe": "P7DT",
+			"timezone": null,
+			"start": null,
+			"end": null
+		},
+		"searches": [
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Security - Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "a420dbb4-8bd3-4681-9fca-e9a30dbde982",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Security - Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "0fdb9df1-441a-461e-bbf5-5d434dbdae70",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Security - Count by TAG [chart]",
+				"color": null,
+				"reference": {
+					"id": "29d2f863-d259-486d-90cc-e2fb1e79aa13",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Security - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "d8e6ccdb-eca3-4e65-a8bb-feee724b78b4",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Intrusion - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "55d3b87e-37cf-4afb-86a2-d3e74694ef22",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Connection - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "9a11072f-cbe0-4365-b228-def2e0847c01",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Intrusion - Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "7ce003ec-c88f-48e7-b252-35fbf7d39997",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Connection - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "c74ca09a-4833-4255-868f-79c41fa1db66",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - File - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "34b167be-27dd-4cf5-9e08-0eb320b3d446",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Malware - Event Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "f5864c31-63a7-4c44-8fdd-56fccb53a40a",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - File - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "95219292-01db-4917-be7b-aedac9e180dc",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Template - Cisco - FTD - Firewall - Malware - Events by User and/or IP [table]",
+				"color": null,
+				"reference": {
+					"id": "8cd23b13-862b-487d-b8d6-5dc0b11c4c0d",
+					"type": "template",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			}
+		],
+		"tiles": [
+			{
+				"id": 17738069701020,
+				"title": "Security Event Count by Severity [chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 4
+				},
+				"searchesIndex": 0,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17738071804881,
+				"title": "Security Event Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 0
+				},
+				"searchesIndex": 1,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17738074282712,
+				"title": "Security Event Count by TAG [chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 4
+				},
+				"searchesIndex": 2,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17738074970513,
+				"title": "ALL Security Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 7,
+					"x": 0,
+					"y": 12
+				},
+				"searchesIndex": 3,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17738075510564,
+				"title": "Intrusion Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 9,
+					"row": 7,
+					"x": 3,
+					"y": 19
+				},
+				"searchesIndex": 4,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17738081117775,
+				"title": "Connection Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 9,
+					"row": 7,
+					"x": 3,
+					"y": 26
+				},
+				"searchesIndex": 5,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17738083966786,
+				"title": "Intrusion Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 3,
+					"row": 7,
+					"x": 0,
+					"y": 19
+				},
+				"searchesIndex": 6,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17738090435407,
+				"title": "Connection Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 3,
+					"row": 7,
+					"x": 0,
+					"y": 26
+				},
+				"searchesIndex": 7,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17738090829838,
+				"title": "File Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 3,
+					"row": 8,
+					"x": 0,
+					"y": 33
+				},
+				"searchesIndex": 8,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17738091713019,
+				"title": "Malware Event Count by Severity [chart]",
+				"renderer": "donutChart",
+				"hideZoom": true,
+				"span": {
+					"col": 3,
+					"row": 7,
+					"x": 0,
+					"y": 41
+				},
+				"searchesIndex": 9,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177381013438910,
+				"title": "File Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 9,
+					"row": 8,
+					"x": 3,
+					"y": 33
+				},
+				"searchesIndex": 10,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177381017124811,
+				"title": "Malware Events by User and/or IP [table]",
+				"renderer": "table",
+				"hideZoom": true,
+				"span": {
+					"col": 9,
+					"row": 7,
+					"x": 3,
+					"y": 41
+				},
+				"searchesIndex": 11,
+				"rendererOptions": {}
+			}
+		],
+		"linkZooming": false,
+		"grid": {},
+		"version": 2
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/dashboard/79f2b584-46cf-4043-b205-29e3c32e881d.meta b/cisco_ftd/dashboard/79f2b584-46cf-4043-b205-29e3c32e881d.meta
new file mode 100644
index 00000000..3492d015
--- /dev/null
+++ b/cisco_ftd/dashboard/79f2b584-46cf-4043-b205-29e3c32e881d.meta
@@ -0,0 +1,487 @@
+{
+	"UUID": "79f2b584-46cf-4043-b205-29e3c32e881d",
+	"Name": "Cisco FTD General Overview",
+	"Description": "This Dashboard is a general overview of your Cisco FTD data.",
+	"Data": {
+		"timeframe": {
+			"durationString": null,
+			"timeframe": "P1DT",
+			"timezone": null,
+			"start": null,
+			"end": null
+		},
+		"searches": [
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Tag [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "75bbe0bc-a839-40b0-95df-f1955d0453d9",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Tag [chart]",
+				"color": null,
+				"reference": {
+					"id": "49a2863c-e896-4c69-9f15-32bb57664809",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Category [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "da83d755-35ff-455b-8e27-fa2fa36af4fe",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Category [chart]",
+				"color": null,
+				"reference": {
+					"id": "adb28bc0-6bd7-4564-b4d9-3cac9118c39d",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "96e4c994-6e65-4a9b-99bf-5032380926a8",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [chart]",
+				"color": null,
+				"reference": {
+					"id": "b223686f-337b-4708-a6d3-6e639cbaa21a",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "c21e1a11-72e8-4661-8409-fea6b856fad5",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "fe8d2808-b1f6-40cc-b388-d2f08806a5a1",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "90d24c27-9b9c-4f94-9066-968088a981c7",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [chart]",
+				"color": null,
+				"reference": {
+					"id": "11d63825-1e4f-40ab-ac01-8d53adfdcda7",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Category \u0026 Subcategory [numbercard]",
+				"color": null,
+				"reference": {
+					"id": "d8399ba2-280c-4a51-bc46-14e4995f320d",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			},
+			{
+				"alias": "Search - Cisco - FTD - Firewall - Event Types - Count by Category \u0026 Subcategory [chart]",
+				"color": null,
+				"reference": {
+					"id": "44b010d7-c224-4194-9644-8cdcde33c1b5",
+					"type": "savedQuery",
+					"extras": {
+						"defaultValue": null
+					}
+				}
+			}
+		],
+		"tiles": [
+			{
+				"id": 17736934553000,
+				"title": "Count by Tag [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 0
+				},
+				"searchesIndex": 0,
+				"rendererOptions": {
+					"Range": "no",
+					"Precision": "no",
+					"NumberCardLabelFontSize": 24,
+					"NumberCardNumberFontSize": 48,
+					"NumberCardWidth": 25
+				}
+			},
+			{
+				"id": 17736934946611,
+				"title": "Count by Tag [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 4
+				},
+				"searchesIndex": 1,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17736935353982,
+				"title": "Count by Tag [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 4
+				},
+				"searchesIndex": 1,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 17736935804653,
+				"title": "Count by Category [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 13
+				},
+				"searchesIndex": 2,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17736936202674,
+				"title": "Count by Category [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 17
+				},
+				"searchesIndex": 3,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17736936557515,
+				"title": "Count by Category [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 17
+				},
+				"searchesIndex": 3,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 17736936872996,
+				"title": "Count by Subcategory [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 26
+				},
+				"searchesIndex": 4,
+				"rendererOptions": {}
+			},
+			{
+				"id": 17736937167627,
+				"title": "Count by Subcategory [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 30
+				},
+				"searchesIndex": 5,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 17736937490748,
+				"title": "Count by Subcategory [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 30
+				},
+				"searchesIndex": 5,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 17736937727379,
+				"title": "Count by Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 38
+				},
+				"searchesIndex": 6,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177369380488510,
+				"title": "Count by Severity [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 42
+				},
+				"searchesIndex": 7,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177369386188611,
+				"title": "Count by Severity [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 42
+				},
+				"searchesIndex": 7,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 177369389575412,
+				"title": "Count by Category, Subcategory \u0026 Severity [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 64
+				},
+				"searchesIndex": 8,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177369392826213,
+				"title": "Count by Category, Subcategory \u0026 Severity [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 0,
+					"y": 68
+				},
+				"searchesIndex": 9,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177369395906714,
+				"title": "Count by Category, Subcategory \u0026 Severity [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 8,
+					"x": 6,
+					"y": 68
+				},
+				"searchesIndex": 9,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			},
+			{
+				"id": 177369413964215,
+				"title": "Count by Category \u0026 Subcategory [numbercard]",
+				"renderer": "numberCard",
+				"hideZoom": true,
+				"span": {
+					"col": 12,
+					"row": 4,
+					"x": 0,
+					"y": 51
+				},
+				"searchesIndex": 10,
+				"rendererOptions": {}
+			},
+			{
+				"id": 177369418292516,
+				"title": "Count by Category \u0026 Subcategory [pie chart]",
+				"renderer": "pieChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 0,
+					"y": 55
+				},
+				"searchesIndex": 11,
+				"rendererOptions": {
+					"IncludeOther": "no",
+					"SortCategoricalAxisBy": "value"
+				}
+			},
+			{
+				"id": 177369422402917,
+				"title": "Count by Category \u0026 Subcategory [line chart]",
+				"renderer": "lineChart",
+				"hideZoom": true,
+				"span": {
+					"col": 6,
+					"row": 9,
+					"x": 6,
+					"y": 55
+				},
+				"searchesIndex": 11,
+				"rendererOptions": {
+					"Stack": "grouped",
+					"Smoothing": "normal",
+					"Orientation": "v",
+					"XAxisSplitLine": "no",
+					"YAxisSplitLine": "no",
+					"IncludeOther": "no",
+					"ConnectNulls": "no",
+					"LogScale": "no"
+				}
+			}
+		],
+		"linkZooming": false,
+		"grid": {},
+		"version": 2
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents b/cisco_ftd/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.contents
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_ftd/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta b/cisco_ftd/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta
new file mode 100644
index 00000000..981a7ec8
--- /dev/null
+++ b/cisco_ftd/file/151fc05a-6912-4b5d-a31a-10ef6b0bc68a.meta
@@ -0,0 +1,9 @@
+{
+	"GUID": "151fc05a-6912-4b5d-a31a-10ef6b0bc68a",
+	"Name": "Cisco Cover",
+	"Desc": "cover file for kit build \\\"Cisco ASA v1\\\"",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.contents b/cisco_ftd/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.contents
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_ftd/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta b/cisco_ftd/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta
new file mode 100644
index 00000000..e0675972
--- /dev/null
+++ b/cisco_ftd/file/8b713d4b-635b-4a4d-8eba-85ca1a3adb6d.meta
@@ -0,0 +1,9 @@
+{
+	"GUID": "8b713d4b-635b-4a4d-8eba-85ca1a3adb6d",
+	"Name": "Cisco Banner",
+	"Desc": "banner file for kit build \\\"Cisco ASA v1\\\"",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.contents b/cisco_ftd/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.contents
new file mode 100644
index 0000000000000000000000000000000000000000..e3ae163dc928ed4bc4b65612560fe6a1a5d65c46
GIT binary patch
literal 13297
zcmeHtXEa<<*zO=CAxa9O6NBiYMhihOYV=ORD5HzsNrLFiV2m2kjS`(`Nz~DU(M$B`
zy|;UO-}mqSyX&^K?wz%!tTShyz0W>-zwcAt@V9CT#Dvs@AP|Tcq9~^c0^tHbaY6S8
zfUiTZk#pedzO$l%D+ol=cKgOj<Rqa1ffzv$x!2lWX<IXaZpO?0I~N0$)`B%5ln>!T
z6t6hQL|pv7Knf9$YD3!o#zSfCGX;O$Rb<+VFcAHl%F6V9CbiYlvOLJD`t#*W6AwM!
zCDtsq;Cm^iQzQCAFI_&8IwSrL$~n+7ETqtzSV~lcyql=t>f2nse!>5Am-K3U;QGbI
zm0?e0h~)Vzv%XF5jGchv%1mw?V66ZD^}l`wauUMDaN2&BGN)Hur^8KnP<dL{%Q~2C
z#EZGXqR}ws9@3wOo79uf?WCAcx$yqLD~8Q4(Bp0|QX3s*C+Hay#dFY5ajjc)<7PIz
zPkkPn4X@V<!8b}<#eZiN5$1&4#Dh~0T$yVnnbm8gJ4iWaP@0G1GL}Thl0qh5e#)HA
zmf6sGosah}DMD6V`NszWsk85dCA9?UBnz>)jL{LYMl2<%Z$4jfR5f!JxPf{#UH*;1
zlX{>17A7|wyPHS?{}m~Q^SStBuqkEcFE2z{n|7V(86Bun`+}$6Y8RQ~j_}9R{7e-j
z$eu)@jJhfON+@MyQWjI=5Zs2#=kK5E&W|d=d2^7vF0NxEPWD!!jaC3u2tNz`c-gCZ
zob}TjC%O4u%cof=LvX@ZkYeQaby^PT9h#99tU#T_crqw2$J+Vq$<AL?45`X7xgri>
zP?e2=SERAuENU|!FZTZ5>1n@{Mocp<yEIN5g)VyfjxgtR8@{tgOtWwQIbj<yzO?PQ
z@^qVjYkx3EW^uh?wWv&b`Yk9YBtCn?Cut)@8cgedl6FM?h30lwYkmPXbkLJ;z)!}I
z=fI~T)Blx+yXDiRHxHA>x&#=K$~mEZ<`7pF@n^6WXhwW>U|Gy1kw$*F0Y?%=kB<l@
znN(>-67G;B$ODreGCi9tdi;2*%Hxks8_Ha`hE&*AtyRq1kQY{;;{g%HJWxKStT<NS
zzxKR+TrPRZCC&TG{3}+N>-ZcNI1DbxYC+nSvbr=CsBImfFaqlc4;Kp_|HoN^z(_E{
zFi%WPw5!hz+^dfo)HwMXx(9kvmPww)77Y3Xf2wmlOxOq3wc?7pdp{MQR+3vRAyLie
zcxqf-3BQIMUM1nc7`=1&)lSj5XA!!DR^B%FIY|>&A^UD!$2PX;(ibmwLrEQm;zyM!
zaj48=FD%iXMcEFi8&&WiWzfu(D0vt?9Al3iAqa$UJV%@rdJsFfp{Q|3jef{e?dZYl
z-)M;)JD66a>d>waBY5%W{``(+GqcrnDNwIS&F4E+hO?oJ67~XeXNQFP4`iKz=Gv?W
zTB;7fDrW&!F$alc4zN6XM&OJy_|l$%YJEfuNI^ufUuiMD=3Lgm-E<1tf81s9$hCNt
zg9iaWzIq>I<lR#Y0{R$g^j5c9$NSB$QrV~y>(gV0J3#bnL;TR&KoShweh}c3okIC4
z<M`R_g<Y@F@X<bw&^`LMW-yNze{~1`YI?7@^jY;q3iSxq?(O}Be|+pp!+;d(v3khF
zIUrG*@hdlY`SahS#8HeFX)k}bm=N!!CgT}c+lMH~{7eZmO|Qs>@K-cC=_3VGd_-ab
zv@|V1@q~!6#D@yi16Bmq*G_+4diOHM)NH5nBK)6!wecM3_~@qOgv03S<XmoV8r_$9
zpNAfISkI6RMUEqXX+D`xY*BcO@_SJiWQ8x_`vN<DiDEC^O8&;!`4I}S#(A4MYeZ$E
zV)2T~M&eE@)R9Q|Yag0@;3t`g>Y4j562cG8n~Y??PO3SFeK2h4_(90}{?{WOM~S?i
zWRwEc{@*ozsoZag&#w;dY}>3mQz1ljk}Z52?X0;=Kh~E_=DWrPidtQv*ULV686Jtk
zzzU7+JuH{ZrSN-0QwPA}-Vc~~jE~AoJ3c2XTjMZRi-y~}$0O>JsRoFyRbIo3DMW!*
zu1Baku~0sN?Q?w*3z^>BD$sX<dM7u+_gl1VE-wT|U90p5>O=$hh+<wnw(caeYBONi
zuu=I^pFjabg&Z1u;FDbr$f44N8o<vunJ2f0$^PdZPLN#X1a>D!e(rvw2L!$ss&jOL
zMwe`giGoNrpW2M2iK3TNYn9;=7fxa>=J}&lq;hFgL8yQ1%ZYnQUFUsp@EpTn-7#$I
z+n>s-aTHNd^N<*-*8xuG<ZZ&ryv4DTn0e+KO(I!*q#WCSP6_(kfBZ|n&+ha`PAXWa
zTZzBs*hyE@F-Dt~I`PniF7x!TUW^3vaO#IsGqsUOH+q)KE=d`#l6UNciV{>OCl8CL
zz_#cpOw|mBcx|u*0ZWo2DKimcpIBvR&GD$%fM+pKXO;Uj+NXzsc!?61tZ`v}N~mm}
z974k)l(C!`4HvdGZRO;kZ<b730;w1|on?zT{c?g{mNg5Xw&>^%*`j)N$$JKhtew|V
z&2~F*zt%R&qe53%D$UnX<BbvrbwIvTWA+EVe@-IFG0~UOz1%!z$<k1NTnRGIeR=p5
zI0Jg1b;DFC1GK^#nYymeHJgGq#fI1i?6DIAWc@275g<l+Tf9@^$}i4%Z$M<s)h~`?
zsIJ|zB`S3qV%#z=BMouBTYNRCIWNfbOmY_UbQT4D2{u2Y=yTkaS_{SKgT86g7+H&*
zW+o(-yegu@+Zw{)GK#F?U<3#FougMBMvs4?`k#UBeLkD=>cHi5n7T`|?4A1QzEz5y
zMe|ajz9AP(mM@qEvm(TMV*RTfkB{3w>{S`ctXn+21CtE;#s?f8ZdeIaqtWK#K87}>
zJ~<7QzV7?gfyZarF_rKINS4ocUtkeOj{DHwq98nFem$Fw=Cfa&_<Z=3EMV3k*9qY1
zK}+vRl)gYqV2r7~-eHEP50Edv5dF2cMIIX4@A>b4U<%^Hc4*$6gSi&6P2m5!o0O2g
z$jTE`xl6$!ARILOK{#m=Kf_p(tiUjRi#r6A*8`oN30~v}{&E#b@{u4W`#+gJB_QN%
z@d8vLE_m;!m#lj4-|plN2G1uGI@1%C*gtX|8ImHI;SCn|1m=rl-33|i{F>1>+ye`2
zf~(B9#lvYHh_qDhO}Dl8)?G-*)3&EK?d^REkCOCteD%0_cyD3*;LFbHrahNXYX&rM
zp7FyQi^MCE1%lQSlgoa%aeI4I6x|MTN&E}#+<>?0MbPwR|21^8?!zAH6bNAEtr`p)
z_A2+J9k|^2h~5RxW6mXi-5sSbF?lk#CNofXnyw&Zd>#I&F1c`nhd#ba<n*UnOeSMf
za$GXbhkev$x<n`$W%VoJ)ADv821ZTl|6tp#8{OFxe6g4Ov6LsO`LRvoSMq&dFx`Wf
z>z>u`sm6#bI{gIx23Zv8X54#e^|N;j@lZgzdH~8b{xz6EJh{Y>;bJBzn?8;9@dD@R
zi|TLT;hl{bSd$a})6=gpv_9aUUNPgm1W${f>9jm~Cvj)_^t2X?FY4a(#>BzJbnY2B
zg}ui2u{H%(iw?alf&2WO!5E9X<yu#8TuB(Q8<%soa31{wzJ=PVJpZpAH1Dc?kRR8;
z{!}}N@RyHymKfrz#N+fwXR~Fdf~C!w^zA64yLCnIpKN`Np$iYRW`Z<d>2q1sYhT!t
z5IpM96=^@`w@M+OB<Y&;#f_-({lN95mbj<GvQeEQ`A8BEVR60m3S{D7IkA3}vQ<rP
z*HWOv-BhW@%eBbnIJzkw<*?p0M=34roC^Sk;<FwDd8+tohSBp}1w0I<y8n^{L*OiL
zUpr#X@)I~_xfLcfH9=~3tx4xF^$|j-HgY~a5g>n;tuqL!j~(I^-<XKd0D5AxeqlCu
zuONF%6ypK$V6Bxs1t5Mn&AqWIQk%;*9e$5IPJf2s-K-6~zWa`DTy@ILQmu=_36|)w
zBIX;J?+{VlE~gZehwp%X!HNpk_!H~ZaMXk)^<0ZO9nm)7OU}Bt8@>#we+H<h%Jv@X
zwO{rp)dKgywlP;o)puw7J;npuah@WweMi4*=g;Zs4rEd^y5K^muvoM6H?O)>)>HlA
zS6}~hU$BXH7d96%^Z(EZ8KrsbQjaH;PPCKcB$cz)cWys?I_|4}H3U{-YJoJTZ*R^P
z`1$%T5ZoZdCNpmT6KWD@`?S9mHd4Rqs0U+uN0Std9`wnMa>R~U`}<)W|JW>Fh0|QB
zuj`*$>TsaJs;jye>C_B2O(MJ=g4TZC<$k$2Ml2?5s1=c`jpQ6j_?0g)k^!Ci`n$Dr
zAwO}g()nWuvT@DKpX%bH-$j91lw?}n)F+R`OaS1}$<b?M9pT<}nOWN&D72jCt~gK5
z;bgI#JH^#Xx&#Q-9IMA)sr2U7lOCIF=s|v9FndqgwVAunz2ijPF0We1?E3KKEIGs%
zdPqkndZ@T?UcNBc15d$?wc9i;>249(t>ckA(?qQF&O9HOes0GzW>i}*^?dE3NKGQA
z^v%U@^}%2O@}(SzD6Uvx&&%tb{DSF{4s&wC`rVMNKvLBrSB|tyMDA4->5^<D&f|q&
zRH*2wv-7G)>QuWXVxnx^PTSjzZzSmmgN8S@2i6>jlDa1GyOUq2Y7;#2wc^tOU~9E;
zo#tq>EF9V!DYic~<9?I=Y9dx=%b3blzl?S^^WPi__wOM9&B{7fJPQmRG&`a&W5MHd
z^#Vpf<E9eta{dYYihwur%Y|GjnT9w)OW7dMIuSm|Dm)(t_kRGHz}~Bp4aC1Pd8gol
zla`*nlTq1>>mrL2M;}9P3e7u65CsLh9M33^e(LA5cmi76BT{f76^kJHyGbGzu>r8F
zUVvS_sXkX_b17-TLX1JytN+QmHgAvX8Qm-$WPMuNSkAhka8?0nX<TgM`!&syjGYta
z;NVNA=wIXpF~36nTP?(c=w56~QrYzWy|~ww43Oy0#V-$Az}0ujU@Dz#hE*O9BSFCh
z_6+tTjiJo&6#_B`>5$R6`-~)yK2imZ6b8K2v>bi!ckz%QkkR}$y3{h<XVkQ;aFUJy
z2BMm^6=Z+J(N}cuJA)p;WZsG5B-h`@fdD^>ha44Hv^GG0^wkva@ZjWNV}d=FS0uRC
z;IPY)FZM@<?p2bj&pAN?SUp1~gtwCBuwcOY*A8{#T%j$z(jgf?4N#6rxnCr7d(2=A
zfBgNKN2D0#ES;e#$SM!u(fhqyaM-IJGy&KbNqD9p(?e7)ixZS`OB2%00$H`L{4s(M
z>cr}sXN!Tz!q<$!5xMOZv#R_nGjM8v<fWd~tI=L1l{O^LTmzW%f7eU#;bV8)!tVe!
zr)n{va%x_(T=q6N3wT2nZQICS8lKH;*m7ty0(&N--aL|1@0y~clP$r^dFIOEq!M7M
zLgi$<nCPO@^uEMIklMY-9o-<6U(0O+zg!t>&WA7Qb!Z>Oav<pR^o&FoxHdYCV!YR?
z7yUQezLz$5ffpWZ(Bn(L^-=Ps+VST<)}-1ofzL9*;&URwed#ivBXZzT+&w8c5Z-Q|
z8|92^oy2g;e_rc9Z}IHWEHlD{XJQUnr9H#~p9EXxKef~z+BJ%KtV$cVvoprodbjHR
zL|v-cR}#0ARkvRsml2u2c9ec-chvNxctBLOzWi18kdyyZkq2J;TI>(3NGRvkx?$D8
z7H=G%<R@iIY98dJXV1YbGb|p;1K-4j%!&p~A_bpM;9zJIfJb=NGAL(R2B7mg_2z30
zP_H%+91!*L8M+XTg3)+!XgAznZS-0jyH4NavxL%jI}|6FOzfH20ee*M=eBtkNakAZ
zH{O6Pet=5`NA8}ZiWJ2dVP(ZPjm0zQy~n;<zQWj<Os$>}&gCi6?r}8;vS-Vhk7L42
zafRya*udbXvyfxfmjKCuXppZkfj4RL_r(}e$5km*sKfj&?>@OBAdACC2lR>M+sWp~
z-f*Ef-L?rwb2T7RNk=|V)|$dW4@NlGc{j2rIa55`q|mqoOS$dwXeu{D(=?<0O-F;y
z5WHX*Rb@65t5XtSV&ZV6!M3OkkYj-8?e{8xOAsSZ-wQWK`M++i)#?aT3c1X<=jxIT
zgnpG3i|*tbuwBxdxM1Fi%r2{Dw!npkLXJACaNKts07qUzsYBMat3F+$q5%EiHJDoq
z)L06jWXop8HFcrto>%h%KXlNB3^8KFY(BTQc$ENk92&_xXti$SDY0FP7K=6jVs0U9
zKC^3>6{07f-p|ef_vk7MFadP3FJh=VS4ldQF%U$BY8?_b^T{(SU$*^0@Cv~k7iZwt
zGJg5LYY%EU6Z@`r;JOOwN;6Zh#tZ6EQvl{rwv81_AMR2zWaF(=Yv{fzO1Z#Joa>K3
z+R4+gsqQDMBNe+82L2iqE)qW<vfYYc6Jg-gSh2*BHO`Vaj2~pEyFjbZw=A7(Eiznm
zw8Vf_J+|njTdbciQtUuoE?pB)sM2g#o%D*B4n!&<7Q`svIlzut2}xyfNU$H7$m#jd
zki@taTA&39F;Nh+ylRQJ*R+;Fb_v9yUsf4m*Yno{h<gR!f)o*2bqCEnD5HNpE^3mw
zjr^!U_+c~9EFGX=EWRxZKG7{1X`7TKfyyI=cc8ias7&<EuGz-&kYssXB!{_+@gPMh
z(1TFz9ui)N{6x#M_0&d>^`PqMWotFShuX7VVH_zwwfG)Q@mg7K2I?qZ8yqEQN)4yZ
z;(i4NeVd%m)!8#54ah`*?mxI@P(;eK0u(IUcso;P$_cOZi2jG(=#GZuN#rOOaA7U-
zo+I7AD#~KKI3v0aQalD?PgGPr106q1-oSxjCpODwB3}gN3T766wgmW%SlO~m?y6%%
zJ^ZXDV)+CeH}}MyUqjIh=WT=D1-lDH*jfSisl}ue*X@H|WhiQ8|K~ONVz5-SK7Xhl
zG&x<m@U|gFeLA_u+93yBw9U?q;Fo&zNh&Y9tV(UDqhMGudh1iPt?B8@Pl1X+B<}9>
z7W-y$xnQ2YB6Ro<gVd~U220{g-|A8mCPk|ohWBPi{SPepQ?u2Wg??PPri|^97CFol
zjoAu(lX`@#0k0|b0lXa$V`9bPzvpCwo+nX^5!`&Xe;0geW4w#6AsCunQ!A5F`dY!R
zQ@SBxKIfnIDA$-bw>s?NUBW=@J=H5pkYujkR*Dob$TbWy1-fbd4d}~ugX`r1X)DmV
z5Zg(@%LA!&PJm$lDL~wl^``_?Cr;fkmY!L#uJm5aJ=sDm4Q20iS+|Kr?xv0Hdv%wc
zW%h^x`dO6N{jv21kWGJ}&Yq7ZIlL_ySdB6qo0nTkR4v=$Q{(@{{aWgJ`N=&CJPS%|
zQ%mOnCVr^_NKEe3iUok!)NbKZ^$b;!6O6fuQQBwjXMYJi^9tfQEy<HNE<;A9%oaCx
zBQS7izEgp<Gi(G_r<r*H0`v@IeoLenF&K5`+(mp2&xqgINh+601S0e}8V|@U|6pcU
zOUkOYHa3Vo3U-767y9P;8XY`I?OKEi&z7|n@uYP~tGnl*8Pkf+%hj0J^c<PF2|GI7
z3_9lmeQ*_4wgsXDIJunDQuQfuq9vNNt2VX(T_Ul}(6GJm5W);UhMfPRxpugCm%ZY%
z6Hl$%b-JUs#jk&<>ob<8XK+YK5mACFx2jJu+(~lt1olbEHDS<X9=97uay_s-DpvN%
z41M%FNdk|ftj`2=rusJPF;YVR5z9@O=jIq}j0BE=@$dJJiP8|?zgpPzn!U-&__b4D
z_XpUD_ci^=Zv{+L?^w3lqACG+D;`K4cBTo|ccJdu|Cv5@q}U2ICPay#Xord)it;-N
ze?Azv7Q*=xjnr>Pym2x!*?^628GzB`8xFr>T#Fx^6i3!adv<QxyJ-)pgSQg@lxdgH
z#~mqvqnnQ<k1AYsN`x^zTyf>duH;(f6-|iV^M23Bwn{UJ=desDX_pT(JkS^brTFlE
z<YCODFHNci7_HJer?~z_ES?dohvWQu!|XXdQEdS0Mxc5}fLTZlo<K~6`<!2&-47Xl
zy`BTz$fkd-?<K}+qqiTp@5ZK1ek*GEB1VjjIB=X;U-UWKoi#97+~PFjS-gseHh|rg
zQfRc{l@zf7F4`69T_Wlj-9WzO9+UPVb5yTTg&`*_`Wsy(;W~Gj1_0PTi{2>;APg$G
zSm{aTl}mp8reZD;tA~vbWQzMzT{zF6a$RrqUwLi6DDyA9X_###-?lbK;4+`jrDcWL
z+baKofu)Vt(X{6Q?}!>~=gug>4k+VK8bElK(I7PhHYjp$JEGVh5Y>0a_PQSn_zbFT
z-B}OH3A2lQ+Q-e05@$}O>iSm()&RAsE#lw2;n(24oGM&zvrac-C{kSvP#qc@5vVgp
zg^IH{I8RzpWAm71ypOsB)D}Ap08JNj36m>fNO0QGw!XffUot}Q!vS7Xn4f@rkqNhU
zjLiwOwZD$axkvA8(Y?Qwf16(3G1*lTm;o{pcS>rL#r|jBX=UC~E-f=yy4Yk*$Yd$=
zk&AzQgB07Mzu3nlg{7$t9h)ZM!*(W<$m1e_v1$9~LtAKUr;c{~!pg6F8q;mM`6txb
z;Q^hFfA+#X#ThQ=iqR#-{UM$kUdx`)EAeIZMry+;K&G-hoEV(+ooS^OKQ5KNd!q$_
zIKzg|x=kuWj%*HT(R<(0U?kf9y&ysE%f})9sfco4cXPk1B?E6aTP<knv%akD@w90Z
zyxl5`uaf(Vtb_nW1f!&g>aiMU$LC#TQ=?Y+&9t_u(ZnK{P#^Kb0;rP~6GOlGu;H9%
z^*PBL!}f~2Rmiy#=g6Pq>3TC7r=u5mf7cL9wRKtwVN%K6Y7*p8Qv!#f-VE;4Ql%>y
zo(P%r3L#5_i_Un`>-h58kn!;^&;}WRqhibd@=(nb@p*O$nkMg*2w-?YKuCw{hE9A7
zB`qPnoONgmpMn`$w7eCkQKPw7WvUS>UO&ByXB3wz=)c@!*|#5ONTcI!o=A8m$y9x!
z3!smrvRL-2XFvV4Z{_uTZcn%wNdJH>tJ-qYlumqqUfZly70=GhV_MqOmFA|LUM!9s
zO}_qqrb7(aH3hT64k!u>N0P$ah^UkI?%b0!n!eVf6X(grC-rfLb|c<>^U;zq;1&?y
zY#?ybLxUTi{!6W&DU`A{mboh;Qbq%$)ZU-?h}=;F*w&*71H#p-n%Q(i>=2ETk=CC-
z`$CvdH>%&$Pu0Y?!3`il8zvt$2q~MgsxBmjx2k=vG$|G8Nr0W^MlAOsIzL?T&xXm^
z!cuQtnGs!yql6^(wCF&OQG)4YQQ<~Nbvl6wr_IGXKhL1Fk5EbwtE;La_m+o;GSR|n
z;(P$af~h(wv3IK*dM!oXGpFmsUTh&IQLRj;7dkjp(4p?E5M`|!HrSo49lh$?6tJdo
zCLA?gk%BOxk`eC*Mz>qVk>F8;RSy{=S;(sCVBTb3Duz17BPVhf=4CmOM9_c-3glC!
z)rXDVs(R0(jAHz6IHys}7_aS%H+IdBHmLqgrZb4A*Dj)*I~Wz<CZMMc&pzwc6rxL{
zK6{X{jo#$nqZv?M@$g2O*!JJ(w(r*h{0%w2Cck*4ajzuG)^GC{*(3ya>}sJvjn?<4
z3r(dp`sDMV;?vF=0Sq_DHrBpr#9KVETQ9vf_!O1wrSg7O&rd$jfWNj2S_7!paS^hy
zMV|jc<z`;L>t(2OY70;vGm%(mPESU2bGZ9O!W<fp088;P^0pR0W_DvzW^l%l=EaWk
zK9|V{qM)>-ZvSgML;rclP6x&qTP@6<!Hn_n^ECo*AMMp@TELgp*b*C}a@W+_rC;UN
zzu8HzjlYvO|6$cZUvjB2`scWlm?I;)mfQL2@U1o62n4NoFF{-;{#lqzZ!f^stmNtU
zfLM>jz(NyQ8Vhe$%?5jy_(ffk4^wks3m#XRxnnk4*IbL%IphX@6Dwkzt&+7Cw7VrP
zYh!^t5GFILp2(beXzk)S%7wtn0%*u?i+b{@yO>kl@S6{_1LF)0(V2`LJRa0@DRq4j
z=_U?y6t&_{s4qzJ_vn-yasGNc#2D?m`z6P)Y!yAOg%ru9cRVq9h7PMjUpAgAz2}OP
ztlgv?v%Z1LWnEMIhEMHc8APLZK2|%r3a^;|*EO!!0(mPo7)GjXGK-1d3%LXVt^(qW
z0kGwso>}4;xtkOy>$W)0%9}r}z52#*zExhiY8kLl7vh{LNAvX#C1~`hReQlVmh(4|
zCe<}xtPAF05N=_H`vbO}(r$DKeRYAfTmPJ&8i}xl^qlz00b*j<-pu#MrLnR2F^l4e
zzqmhNZtHX5gG@z)eVU?FX9LIpxa#QWhP-2++wOwb+B>3J)OTDr#rb<2>R6#Y^}TDE
zyJ=NCYD@bg5lA#+Qt-V4ek8aKz#HjLTXg3)U(oZVA~Bmo{d1)cnqUL2jo$Gt7ynkk
zD1`eIo8jXd-<yHnWfyoa@sET}+@D*c-})KuN46ONk{+N1vV35bw$&ECNQhYGJ6<A<
zEl<13OhB#rG%SN##z<U6_8P7{BH+fLI?JuJ0xjtWB`}7;y+u9tDF2R6B6>rkKYZ?#
zt2(ZxN^fVb{(aDiSp(ODoPF(*4hogQqwbWqj%`VClM$x=jWZmkD}3Q)<9Szq6*+X8
zkpZRYpc9Ep+sdE&ZMp3+Vq#wlthSe#=au0m6X9`gOFM|_z_>bPTp%^MzDlz;9xvKh
zWv^@LVPqfWp-vobcPyne71x}K9<t2(SGW6ttsXz<0H2*TidZGijqZ%HiX#vO6^3}c
zTzAXszoa~Rz~ecma{OhHf*PyUE$+w+G3N1bZRq*RDLUXji)j%0p!tCagmJN^`HdjZ
zkOE@YzwzC61QH+q-EdNiwPC`WbCg%qiFuLb_&pa%9c@%axUrPE#F!{s!ERtSm=Y9&
z=1Glp!y^X|0Lt&}(&&u2j43`bXunQ+UHSWJ_zrq|Af`CFv!-*8@1LL#t8d8gDUa6*
z>5OpP;MK!~CETBr$h6w{bS<-56(-sZB)yJ8&zQE2f5YWE2P75}u`0u~5%>${$NTwN
zmzN$ek{6pT4be{U6H}UoA()@tO&`oJ?2$3(>B&@}kKs-u@knid4FfR$*)i%>-DA=4
z8g|q6pGxG)+oka&4D@kRCgb2jzWPC;(d!`xJS&r>0c3Iv;5Jos>={xv%sKdZ0vFS6
z)%R|SiNO!nZ?Mr$FNrN2{L!rYV0=R-mFi1CQ_zv)2MXWT3KvLe<dJ+IrqpFxo?ri<
zEQY2Fz5F}Taq8Y%*;eBIDL$o96X|?KN1Wa6`Ku3sq#oJSG}G=eiuu)%@>o=$44@_p
z`PpRIyElDnRC#yE)XBZ+PHVQ`%LdHHokW)tb@{4m)>Vf)?Ovs>bSS@3>1Qmppz-ha
z#vP%%Pv2g^P8=Akg}G?-6sCY;6Q_~!e}T!y5>NNPJ#!5iM)7P&?Qk7$=%VwhxITL<
zINTa43{o49TtuXI28rQ3F4Ic;^s#;sOB5hDRMzXD#6Z}a5y#QQbMK3oVRPQRYzrr#
zlkZyHkpNVnMXnz&=H1|^-m9#t$AP|SwQ;ah&Q*tAc|fVi*mjwXslI9TrXgVg($G=s
z+sVB{kR1+L3Scl`%XfP;kNBxJ0?v)$jZqDitMmKn;E+AHKKFQuJwC@MkC4G`v7@BY
z`&sFz`maa4;E?Z9pUvFnLd7vWppIC|<$#cKaJ8LjYZFryUSsK?hjex#`bh_s3ASb2
zU~^LD=S=@XCP(U(xWf$cujB@v^Mc$<(xQF-xi8DUGXizm9j<}LyyC?%!aO)~D?cI?
zz><$O?K}%=dzCCc+iiW*&_OfAM@<pCON?DKrfxYdwpfMt+j+FKzE1<Te4PDLykQoA
zA!m_IqJ98GrQ50{`z`$=%jTVC;#wd@D#DMhnW}0e4(KSTncRSoXK=vMSyCs7pkbKG
zbGF(5ql`v8mjvdk$hAg8vAnZioA+<1G>uk;%jPvsPOjAVx1>UcVq^gv#Tp}(H7G_Q
z#E$Te;QsjV$D~V!aW!^LiljtxQ7U=8z2WiWSoY$8Kgqs25`MnV9nw|H8x4kjI8zH)
zMkhS>zcMQd!~Hs1ei%A#-T-I>maL$xBDz%)5n_HOiJ_5zVSk#ky`?qr@~6q)-in)M
zJScnJAX<S60@QgR?JBW04ot4kW2(8slP+<k;r2&PvX12@sNUgq&Jb;f3|V;1ikxx1
zUzB|xfaD21S7m{c4;@+`KH<4|z5_nfIy<JQdcF261zD4)b%3VPcg6rAbgk(`7Wy%_
z9j6t>;{IK36(_$&jHN*NjdZx2V(eM$fu+;F&uxp5qJdo8Q{O_JsP-=yT~t(#vjO;+
zW9`Ocw%=$bE6J~_(nIo756~OOh=ZG6^<nq;_u9gy*Q?bMW#$uCpGJJb9N+Ss48ZSS
zz~W{gvsXLXM;ah|ePJHd-EXkz>Cyv=OZkRS;ZWU~lZ5?splAdr?}&yrbK6Zz_Tulw
z_0^?2@PD{`QV&^VYvwpH@@h#G>Pf_0R^EcT_5@#mR~{uv6)g;sCc?Z-ht}UtO6p+c
z%0-7BVI)e-&!*Jq1pyqC1^mCfrhz${;mm*U&?xdcg#gfdgC_vV%bU0*>B%x~6OO^o
z>-3lBB^aY8pN6%%ITuTkdZXcDM;!|eav`HcxDHN5|D8@K4!Jch4h#cWkexLp*Y9mk
z1Sxw`Wt&VdbS>c54Mo^8G@5%{U<r7PhCIfiXMSNcv;5LjWy)y7-^P_-^00uCx5DkB
z+-91!9EmNdSWkf8<mX+Ad9NVggs)jd@TRnFN>cONM%8f`A;2VcbC8_m>VnBF4@rwu
zHZ{h+`47k3n)bvK%ls%(rQ=wzYe>I@g)Gk7G5|~3n%3z!4$%7pKwY@R%xC01P1zKn
z3{9t*aVGdy5BwSrI6KdX^02GBM8J4ACxN*ja1G&~y?{2N!T!?L4cd?2;0yvqF^CCj
z+thp!Mp(Yz7F_QtJd~6)ZSQLPKmDHPh^ruInda81r{{fpTaF?%W8v&;iM(|*=pP_X
zvH(hM_ynQ9I2WuX=W2herRN_xs<$AD4k;vR&|=VG%n0b*9vD-xzCv!oAV%_@TEK}i
zXi=!}J=~vfiZ4FhV&~Qxy{I|3NQvGWE4s8)oARohl|AV`Sa7}ZQhn30jS#vEZqhfR
zj2Gn?kTSf;(51=k#pf3;o0PShWm<ctx~ggW1V89@s-MFw|7~TMycr6LqDvAgQ|j&>
zXEhkkF*JKxsXXElNqDv-ao>foLW7O00Emn_Tyv~zYXw@~%)?x;kR0-TwNYc;3dD_&
zQ)%lunn#%)s5KzsH+3i~_nt3^kR9kc$wc&4R$LE^U{@Tio12FSsdj`h(_ot4o+F`N
zf!7db*^?sg`ONOC;mJH^aqs=N;=z3K@WAeqk>RBqu)6z#uqAasq1Vxw0R-8VqHKCW
zLo?PqkRT-Nqc>u3hg<EgEFVD206546vluD->L{qh(Ur<|FCjic77u>Ta)pKlFk6@=
zq<ifZ52xh2ekdA-CSfY|AXd@8>7QgL)6W8lsUgO%LbwNa^#{e4mf0CSRjYui)$bD#
z{N_?lg7q>`T#kjpEA)XOVZ_)3{<`wTQYN-~f|iq=S%^0wLY5icjR@?}PF<I%e*V&|
zBZJp&-=|gE`iZrahrU8UgZRf#yV^qX9;0WbWXbfr$Q#2xqA_J3vynn@q`zGH8FZ)3
zo8ZU*RBYy>-M-%kKg(J_@{~&xQoR;E=-wDtaZho2^CNp=uRGngH-Ir<!()9g)N*m1
zs?h)yYE6Fi@kh?f0*h96_n8~*7e>&BUu6Pfi#@GJV4xQ(Xt9S|CIWy7R-{>PI%JdM
zo%06R8Wq@Bg>-qDD9j{jn1`pzo%LGa24j-SAjk0q!yxk_af(_&EI}>}`K)ZyPzhk1
z``t7b41bX{3oQMQ3d4C#Kv;we8aL|<ZQnM?`?lUDslm3F0#tui%&y*wl7R2Uy;cr1
z;<nq-wYHmSkvcNFjcuhC3ZqKr1|x-_^7nmaoeP^c+H~Azi@kz!tzoZtV8E!`2K7eb
z)!SY4Z}5Y(jh?&|o@9yueXZFW=*c|=ux^p-{7l6PFCem#0|;VlFFaOJ>C$!UlSOU8
zU`h(A!0ibL?l#lTEatIf3-SG?hW};o3rFIH#TC~<48A93vf;KRfJd>rS)}185ae8`
zY3tCFXN?_{GpX`(H%n(>l5z-xbdsWID7+b715EdcSk4HxyLo-UoKwH5G97Bw$ba<E
zY_vr{)%uz(7Y&NDz3ZEG)Pb>!E*6tFJcVDmy03W3rFSKe@5dHsuEj+)I3P8&HYlAE
zk9M?woVNo71Yx)6LWAv5$RRn1&7G&wsG}jNAD{hgd|7N^ocb(xIhuF6WUu@rLfrfJ
zAK=s?ZQa~&W`Z?l*zgme^3iCdP>!Vun4YPKD#LmeO<PjXh`2b{qW|+hwSqwQf17o*
zj;Yk*xnEav{(A;-WlmQ{^xa6%&^z!MPnc-JHjpTPOm=frl_H(W)Zbtu1<z1RH?P65
zneJH@^GKcaI+b36I=v0bvXYY4@4)Ro{(4oUU8)Pz3D{BQ2An_$gAjmQ@o#*7F1-;S
z#<lJiWbhPG?P+&9$bbfHqje}Q7T{`xC3-yoiY1XxSDWEnV$i_e#KLF3LCc7rreCTV
z=K*$73}D541--=H;%`8piO%%Ox8*cPIm!*$BZ_u(6|S50=hj7x02m899c+L$4e-0J
z>gyR9gj}-fpj+~nOn6EZJt8~Q8`0Y>j|HT0oW-i`Vrp$K+oo9j-$)eP*{jv6IS&Kw
zv#g==T3`a$=D=DT-rK8HwnF4wY2<5<{g^!0u`%Jb3k=++;&gfSnmYcF92iCe;h8ER
zrjohKxX9r+3s=khbrth~W<@#b03dtm!Si%^aKjtyx+O=IDLSSGSn$su-R`mP?;;6H
zcHm}`^#cmDyo=G@nO;KcV5<`5n~#KNv39_?*qriTJ#|+qd*M+A6<!;Up988KTpwIo
zQzFCQYzpO7`lAgHc?Nhdc|_h9U@U3HEy~R^g{3vu_dXP?0fMPTz&6+;_k%llYy*(R
zp!{ZWfWHYJoRVsIi0waS!1jcB^5=RJ0Fu;LW75Xbnmhy_68#W5uRO`Q*13<q$%$|E
zT|YkHNGeNk%Z83ZY)PvfEG~4aZ(@tDOmqC-;{r~lJm6F=`b%e&W^fTCK~iX(IW72)
z%`CCJ-Zy~%s8UR?aRw;b-9n{+8>k!jwY0{@TI4p_*RS%%!}On>?Ic<Az^ml=x8M{Q
zZycNdGCKDoZ*|`vbaKYG6&<31A;r4g$x=zZA22I;j_t_99e4nfT_DGXRQ4jXRN<;M
zCQ}2@N-aN(DIRk`^f*pGzH5PIB3`I(w1uaqEf3J*OUD6;+-K?|%YKzUzcRFU$__82
zPdU#(GaLE=o|)Jf0aaj$R`$^udXGtBan<K<iQi#JD4`t$oZo-D7DczN8va(%c;u4h
z6tq!zLMc+BOm)Z)q6&9_|M4?G4AZ;{gz#s><t;Zg4738a4n)oqSvh#S%bFEeSGoWf
zt`Fr|SnMAL4b-bPFIBw_`Y9~KUMT}G<5AiqZTRN*;wupYt&5D9rXNy?pRTll8t95+
zO-mY{L~LMOc_a&WTzQ|hR~aXq1nm)S_qO@U(|aYb`}{&kY-r%(!T&CI|NrrRf($Nh
Za72DbHfws2BX8#d@<vUrROa2s{|1EHigN$}

literal 0
HcmV?d00001

diff --git a/cisco_ftd/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta b/cisco_ftd/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta
new file mode 100644
index 00000000..eb2e56c7
--- /dev/null
+++ b/cisco_ftd/file/e0b98ad2-b2a7-4b24-8374-72f247a18822.meta
@@ -0,0 +1,9 @@
+{
+	"GUID": "e0b98ad2-b2a7-4b24-8374-72f247a18822",
+	"Name": "Cisco Icon",
+	"Desc": "icon file for kit build \\\"Cisco ASA v1\\\"",
+	"Labels": [
+		"cisco",
+		"cisco asa"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/license/Apache 2.0 License.meta b/cisco_ftd/license/Apache 2.0 License.meta
new file mode 100644
index 00000000..2bb9ad24
--- /dev/null
+++ b/cisco_ftd/license/Apache 2.0 License.meta	
@@ -0,0 +1,176 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD.expansion b/cisco_ftd/macro/CISCO_FTD.expansion
new file mode 100644
index 00000000..54dc395b
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD.expansion
@@ -0,0 +1 @@
+cisco-ftd-*
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD.meta b/cisco_ftd/macro/CISCO_FTD.meta
new file mode 100644
index 00000000..c70d007e
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_AUTH.expansion b/cisco_ftd/macro/CISCO_FTD_AUTH.expansion
new file mode 100644
index 00000000..193bb947
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_AUTH.expansion
@@ -0,0 +1 @@
+cisco-ftd-auth
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_AUTH.meta b/cisco_ftd/macro/CISCO_FTD_AUTH.meta
new file mode 100644
index 00000000..175085cc
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_AUTH.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_AUTH",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD Authentication data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_AUTH",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_CONFIG.expansion b/cisco_ftd/macro/CISCO_FTD_CONFIG.expansion
new file mode 100644
index 00000000..9e9d11b5
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_CONFIG.expansion
@@ -0,0 +1 @@
+cisco-ftd-config
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_CONFIG.meta b/cisco_ftd/macro/CISCO_FTD_CONFIG.meta
new file mode 100644
index 00000000..1e289dbd
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_CONFIG.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_CONFIG",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD Configuration data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_CONFIG",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_CONN.expansion b/cisco_ftd/macro/CISCO_FTD_CONN.expansion
new file mode 100644
index 00000000..4e5efa8b
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_CONN.expansion
@@ -0,0 +1 @@
+cisco-ftd-connection
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_CONN.meta b/cisco_ftd/macro/CISCO_FTD_CONN.meta
new file mode 100644
index 00000000..8574ef03
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_CONN.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_CONN",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430002 \u0026 FTD-#-430003); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_CONN\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_CONN_EVX.expansion b/cisco_ftd/macro/CISCO_FTD_CONN_EVX.expansion
new file mode 100644
index 00000000..6d64c6bd
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_CONN_EVX.expansion
@@ -0,0 +1,7 @@
+// CISCO_FTD_CONN_EVX
+| regex -p -e DATA "^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)$"
+| kv -e msg -d ", " -sep ": " 
+    // shared
+    ApplicationProtocol Client "Connection Counter" ConnectionCounter "Connection Instance ID" ConnectionInstanceID ConnectionID DeviceUUID DstIP DstPort "First Packet Time" FirstPacketTime "First Packet Second" FirstPacketSecond Protocol SrcIP SrcPort SSLActualAction User WebApplication
+    // connection
+    AccessControlRuleAction AccessControlRuleName AccessControlRuleReason ACPolicy ClientVersion ConnectionDuration DetectionType DestinationSecurityGroup DestinationSecurityGroupTag DestinationSecurityGroupType DNS_Sinkhole DNS_TTL DNSQuery DNSRecordType DNSResponseType DNSSICategory EgressInterface EgressVRF EgressZone Endpoint Profile EncryptedVisibilityFingerprint EncryptedVisibilityProcessName EncryptedVisibilityConfidenceScore EncryptedVisibilityThreatConfidence EncryptedVisibilityThreatConfidenceScore EventPriority FileCount HTTPReferer HTTPResponse ICMPCode ICMPType IngressInterface IngressVRF IngressZone InitiatorBytes InitiatorPackets IPReputationSICategory IPSCount NAPPolicy NAT_InitiatorIP NAT_ResponderIP NAT_InitiatorPort NAT_ResponderPort NetBIOSDomain originalClientSrcIP "Prefilter Policy" PrefilterPolicy ReferencedHost ResponderBytes ResponderPackets SecIntMatchingIP "Security Group" SecurityGroup SourceSecurityGroup SourceSecurityGroupTag SourceSecurityGroupType SSLCertificate SSLExpectedAction SSLFlowStatus SSLPolicy SSLRuleName SSLServerCertStatus SSLServerName SSLSessionID SSLTicketID SSLURLCategory SSLVersion SSSLCipherSuite TCPFlags Tunnel  "Prefilter Rule" PrefilterRule URL URLCategory URLReputation URLSICategory UserAgent VLAN_ID
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_CONN_EVX.meta b/cisco_ftd/macro/CISCO_FTD_CONN_EVX.meta
new file mode 100644
index 00000000..846527ba
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_CONN_EVX.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_CONN_EVX",
+	"Description": "This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Connection data (FTD-#-430002 \u0026 FTD-#-430003); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=CISCO_FTD_CONN\n$CISCO_FTD_CONN_EVX\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_EVENTS.expansion b/cisco_ftd/macro/CISCO_FTD_EVENTS.expansion
new file mode 100644
index 00000000..b851f6d3
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_EVENTS.expansion
@@ -0,0 +1 @@
+cisco-ftd-events
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_EVENTS.meta b/cisco_ftd/macro/CISCO_FTD_EVENTS.meta
new file mode 100644
index 00000000..e125cd55
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_EVENTS.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_EVENTS",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD Events data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_EVENTS",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_FILE.expansion b/cisco_ftd/macro/CISCO_FTD_FILE.expansion
new file mode 100644
index 00000000..d527b96a
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_FILE.expansion
@@ -0,0 +1 @@
+cisco-ftd-file
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_FILE.meta b/cisco_ftd/macro/CISCO_FTD_FILE.meta
new file mode 100644
index 00000000..0ac8ab14
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_FILE.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_FILE",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430004) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_FILE\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_FILE_EVX.expansion b/cisco_ftd/macro/CISCO_FTD_FILE_EVX.expansion
new file mode 100644
index 00000000..d31d7984
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_FILE_EVX.expansion
@@ -0,0 +1,7 @@
+// CISCO_FTD_FILE_EVX
+| regex -p -e DATA "^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)$"
+| kv -e msg -d ", " -sep ": " 
+    // shared
+    ApplicationProtocol Client "Connection Counter" ConnectionCounter "Connection Instance ID" ConnectionInstanceID ConnectionID DeviceUUID DstIP DstPort "First Packet Time" FirstPacketTime "First Packet Second" FirstPacketSecond Protocol SrcIP SrcPort SSLActualAction User WebApplication
+    // file
+    FileAction FileDirection FileName FilePolicy FileSandboxStatus FileSHA256 FileSize FileStorageStatus FileType SSLCertificate SSLFlowStatus URI
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_FILE_EVX.meta b/cisco_ftd/macro/CISCO_FTD_FILE_EVX.meta
new file mode 100644
index 00000000..732d84a4
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_FILE_EVX.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_FILE_EVX",
+	"Description": "This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD File data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=CISCO_FTD_FILE\n$CISCO_FTD_FILE_EVX\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_INTRUSION.expansion b/cisco_ftd/macro/CISCO_FTD_INTRUSION.expansion
new file mode 100644
index 00000000..c1d0d717
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_INTRUSION.expansion
@@ -0,0 +1 @@
+cisco-ftd-intrusion
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_INTRUSION.meta b/cisco_ftd/macro/CISCO_FTD_INTRUSION.meta
new file mode 100644
index 00000000..5d6135ac
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_INTRUSION.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_INTRUSION",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430001) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_INTRUSION\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.expansion b/cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.expansion
new file mode 100644
index 00000000..e6572f88
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.expansion
@@ -0,0 +1,7 @@
+// CISCO_FTD_INTRUSION_EVX
+| regex -p -e DATA "^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)$"
+| kv -e msg -d ", " -sep ": " 
+    // shared
+    ApplicationProtocol Client "Connection Counter" ConnectionCounter "Connection Instance ID" ConnectionInstanceID ConnectionID DeviceUUID DstIP DstPort "First Packet Time" FirstPacketTime "First Packet Second" FirstPacketSecond Protocol SrcIP SrcPort SSLActualAction User WebApplication
+    // intrusion
+    AccessControlRuleName ACPolicy Classification EgressInterface EgressZone GID HTTPResponse ICMPCode ICMPType IngressInterface IngressZone InlineResult IntrusionPolicy MPLS_Label Message NAPPolicy URI NumIOC Priority Revision SID VLAN_ID
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.meta b/cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.meta
new file mode 100644
index 00000000..56621218
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_INTRUSION_EVX.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_INTRUSION_EVX",
+	"Description": "This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Intrusion data (FTD-#-430001); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=CISCO_FTD_INTRUSION\n$CISCO_FTD_INTRUSION_EVX\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_MALWARE.expansion b/cisco_ftd/macro/CISCO_FTD_MALWARE.expansion
new file mode 100644
index 00000000..cc7a1477
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_MALWARE.expansion
@@ -0,0 +1 @@
+cisco-ftd-malware
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_MALWARE.meta b/cisco_ftd/macro/CISCO_FTD_MALWARE.meta
new file mode 100644
index 00000000..568fb3c2
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_MALWARE.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_MALWARE",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430005) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_MALWARE\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.expansion b/cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.expansion
new file mode 100644
index 00000000..271e3528
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.expansion
@@ -0,0 +1,7 @@
+// CISCO_FTD_MALWARE_EVX
+| regex -p -e DATA "^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)$"
+| kv -e msg -d ", " -sep ": " 
+    // shared
+    ApplicationProtocol Client "Connection Counter" ConnectionCounter "Connection Instance ID" ConnectionInstanceID ConnectionID DeviceUUID DstIP DstPort "First Packet Time" FirstPacketTime "First Packet Second" FirstPacketSecond Protocol SrcIP SrcPort SSLActualAction User WebApplication
+    // malware
+    FileAction FileDirection FileName FilePolicy FileSandboxStatus FileSHA256 FileSize FileStorageStatus FileType SSLCertificate SSLFlowStatus URI ArchiveDepth ArchiveFileName ArchiveFileStatus ArchiveSHA256 SHA_Disposition SperoDisposition ThreatName ThreatScore
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.meta b/cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.meta
new file mode 100644
index 00000000..666acad5
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_MALWARE_EVX.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_MALWARE_EVX",
+	"Description": "This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Malware data (FTD-#-430005); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=CISCO_FTD_MALWARE\n$CISCO_FTD_MALWARE_EVX\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_SEVERITY.expansion b/cisco_ftd/macro/CISCO_FTD_SEVERITY.expansion
new file mode 100644
index 00000000..db736bdb
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_SEVERITY.expansion
@@ -0,0 +1,10 @@
+// CISCO_FTD_SEVERITY
+| alias severity _severity_order
+| eval 
+    if (_severity_order == 1) {severity="Alert";} 
+    if (_severity_order == 2) {severity="Critical";} 
+    if (_severity_order == 3) {severity="Error";} 
+    if (_severity_order == 4) {severity="Warning";} 
+    if (_severity_order == 5) {severity="Notification";} 
+    if (_severity_order == 6) {severity="Informational";} 
+    if (_severity_order == 7) {severity="Debugging";} 
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_SEVERITY.meta b/cisco_ftd/macro/CISCO_FTD_SEVERITY.meta
new file mode 100644
index 00000000..1d114610
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_SEVERITY.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_SEVERITY",
+	"Description": "This macro creates an Enumerated Value (EV) named _severity_order and then orders events by severity. \n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/asa-syslog/messages-listed-by-severity-level.html#:~:text=%25ASA%2D1%2D105007:,sequence=number%20on%20interface%20interface_name",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.expansion b/cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.expansion
new file mode 100644
index 00000000..eb6dbcdd
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.expansion
@@ -0,0 +1,10 @@
+// CISCO_FTD_SEVERITY_ORDER
+| eval _severity_order = 7;
+    if (severity=="Alert") {_severity_order = 1;}
+    if (severity=="Critical") {_severity_order = 2;}
+    if (severity=="Error") {_severity_order = 3;}
+    if (severity=="Warning") {_severity_order = 4;}
+    if (severity=="Notification") {_severity_order = 5;}
+    if (severity=="Informational") {_severity_order = 6;}
+    if (severity=="Debugging") {_severity_order = 7;}
+| sort by _severity_order
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.meta b/cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.meta
new file mode 100644
index 00000000..c6c6a488
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_SEVERITY_ORDER.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_SEVERITY_ORDER",
+	"Description": "This macro creates an Enumerated Value (EV) named _severity_order and then orders events by severity. \n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs-sev-level.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_SYSTEM.expansion b/cisco_ftd/macro/CISCO_FTD_SYSTEM.expansion
new file mode 100644
index 00000000..ab920fc8
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_SYSTEM.expansion
@@ -0,0 +1 @@
+cisco-ftd-system
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_SYSTEM.meta b/cisco_ftd/macro/CISCO_FTD_SYSTEM.meta
new file mode 100644
index 00000000..f8d2c1d6
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_SYSTEM.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_SYSTEM",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD System data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_SYSTEM",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_THREAT.expansion b/cisco_ftd/macro/CISCO_FTD_THREAT.expansion
new file mode 100644
index 00000000..2b2bfa79
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_THREAT.expansion
@@ -0,0 +1 @@
+cisco-ftd-threat
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_THREAT.meta b/cisco_ftd/macro/CISCO_FTD_THREAT.meta
new file mode 100644
index 00000000..08d3a012
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_THREAT.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_THREAT",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD Threat data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_THREAT",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_TRAFFIC.expansion b/cisco_ftd/macro/CISCO_FTD_TRAFFIC.expansion
new file mode 100644
index 00000000..91285b84
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_TRAFFIC.expansion
@@ -0,0 +1 @@
+cisco-ftd-traffic
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_TRAFFIC.meta b/cisco_ftd/macro/CISCO_FTD_TRAFFIC.meta
new file mode 100644
index 00000000..e94894db
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_TRAFFIC.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_TRAFFIC",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD Traffic data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_TRAFFIC",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_VPN.expansion b/cisco_ftd/macro/CISCO_FTD_VPN.expansion
new file mode 100644
index 00000000..d088de62
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_VPN.expansion
@@ -0,0 +1 @@
+cisco-ftd-vpn
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_FTD_VPN.meta b/cisco_ftd/macro/CISCO_FTD_VPN.meta
new file mode 100644
index 00000000..24ed76d2
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_FTD_VPN.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_FTD_VPN",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD VPN data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=$CISCO_FTD_VPN",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.expansion b/cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.expansion
new file mode 100644
index 00000000..da8fb2b5
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.expansion
@@ -0,0 +1,4 @@
+// CISCO_NORMALIZE_DIRECTION
+| eval 
+    if(has(SecIntMatchingIP) && (SecIntMatchingIP != "" || SecIntMatchingIP != "null" || SecIntMatchingIP != "nil") && SecIntMatchingIP == "Source") { Direction = "Inbound";}
+    else if(has(SecIntMatchingIP) && (SecIntMatchingIP != "" || SecIntMatchingIP != "null" || SecIntMatchingIP != "nil") && SecIntMatchingIP == "Destination") { Direction = "Outbound";}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.meta b/cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.meta
new file mode 100644
index 00000000..adb93174
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_NORMALIZE_DIRECTION.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_NORMALIZE_DIRECTION",
+	"Description": "This macro normalizes Direction from SecIntMatchingIP. \n\nAssumptions: \n- Source = External IP Address\n- Destination = Internal IP Address\n\nUsage: \ntag=$CISCO_SECURITY\n$CISCO_SECURITY_EVX\n$CISCO_NORMALIZE_DIRECTION\n| table SrcIP SrcPort DstIP DstPort SecIntMatchingIP Direction AccessControlRuleAction AccessControlRuleReason",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_SECURITY.expansion b/cisco_ftd/macro/CISCO_SECURITY.expansion
new file mode 100644
index 00000000..b8c21cc5
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_SECURITY.expansion
@@ -0,0 +1 @@
+$CISCO_FTD_CONN,$CISCO_FTD_FILE,$CISCO_FTD_INTRUSION,$CISCO_FTD_MALWARE
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_SECURITY.meta b/cisco_ftd/macro/CISCO_SECURITY.meta
new file mode 100644
index 00000000..f5acc499
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_SECURITY.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_SECURITY",
+	"Description": "Configuration Macro; Tag used for all Cisco FTD Security Events (FTD-#-430001 to FTD-#-430005); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.\n\nUsage: tag=$CISCO_SECURITY\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_SECURITY_EVX.expansion b/cisco_ftd/macro/CISCO_SECURITY_EVX.expansion
new file mode 100644
index 00000000..5e83145f
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_SECURITY_EVX.expansion
@@ -0,0 +1,19 @@
+// CISCO_SECURITY_EVX
+
+| regex -p -e DATA "^(?:<(?P<priority>\d+)>)?(?:(?P<version>\d+)\s+)?(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(?P<hostname>\S+)(?:\s+(?P<deviceId>\S+))?\s+%(?P<appliance>\w+)-(?P<severity>\d+)-(?P<msgid>\d+):\s+(?P<msg>.+)$"
+| kv -e msg -d ", " -sep ": " 
+	
+	// Shared Across connection, intrusion, file, & malware events
+	ApplicationProtocol Client "Connection Counter" ConnectionCounter "Connection Instance ID" ConnectionInstanceID ConnectionID DeviceUUID DstIP DstPort "First Packet Time" FirstPacketTime FirstPacketSecond Protocol SrcIP SrcPort SSLActualAction User WebApplication
+
+	// intrusion 
+	AccessControlRuleName ACPolicy Classification EgressInterface EgressZone GID HTTPResponse ICMPCode ICMPType IngressInterface IngressZone InlineResult IntrusionPolicy MPLS_Label Message NAPPolicy URI NumIOC Priority Revision SID VLAN_ID
+
+	// connection
+	AccessControlRuleAction  AccessControlRuleReason ClientVersion ConnectionDuration DetectionType DestinationSecurityGroup DestinationSecurityGroupTag DestinationSecurityGroupType DNS_Sinkhole DNS_TTL DNSQuery DNSRecordType DNSResponseType DNSSICategory EgressVRF "Endpoint Profile" EndpointProfile EncryptedVisibilityFingerprint EncryptedVisibilityProcessName EncryptedVisibilityConfidenceScore EncryptedVisibilityThreatConfidence EncryptedVisibilityThreatConfidenceScore "Event Priority" EventPriority FileCount HTTPReferer IngressVRF InitiatorBytes InitiatorPackets IPReputationSICategory IPSCount NAT_InitiatorIP NAT_ResponderIP NAT_InitiatorPort NAT_ResponderPort NetBIOSDomain originalClientSrcIP "Prefilter Policy" PrefilterPolicy ReferencedHost ResponderBytes ResponderPackets SecIntMatchingIP "Security Group" SecurityGroup SourceSecurityGroup SourceSecurityGroupTag SourceSecurityGroupType SSLCertificate SSLExpectedAction SSLFlowStatus SSLPolicy SSLRuleName SSLServerCertStatus SSLServerName SSLSessionID SSLTicketID SSLURLCategory SSLVersion SSSLCipherSuite TCPFlags Tunnel  "Prefilter Rule" PrefilterRule URL URLCategory URLReputation URLSICategory UserAgent
+
+	// file
+	FileAction FileDirection FileName FilePolicy FileSandboxStatus FileSHA256 FileSize FileStorageStatus FileType
+
+	// malware
+	ArchiveDepth ArchiveFileName ArchiveFileStatus ArchiveSHA256 SHA_Disposition SperoDisposition ThreatName ThreatScore
\ No newline at end of file
diff --git a/cisco_ftd/macro/CISCO_SECURITY_EVX.meta b/cisco_ftd/macro/CISCO_SECURITY_EVX.meta
new file mode 100644
index 00000000..996dd439
--- /dev/null
+++ b/cisco_ftd/macro/CISCO_SECURITY_EVX.meta
@@ -0,0 +1,8 @@
+{
+	"Name": "CISCO_SECURITY_EVX",
+	"Description": "This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Security Events (FTD-#-430001 to FTD-#-430005); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.\n\nUsage: \ntag=CISCO_SECURITY\n$CISCO_SECURITY_EVX\n\nReference(s):\n- https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/pivot/9f94162b-c38a-41fe-b594-1739af6ee761.meta b/cisco_ftd/pivot/9f94162b-c38a-41fe-b594-1739af6ee761.meta
new file mode 100644
index 00000000..9cd0468d
--- /dev/null
+++ b/cisco_ftd/pivot/9f94162b-c38a-41fe-b594-1739af6ee761.meta
@@ -0,0 +1,67 @@
+{
+	"UUID": "9f94162b-c38a-41fe-b594-1739af6ee761",
+	"Name": "Cisco FTD IP",
+	"Description": "Cisco FTD actions on IP Addresses to Launch Cisco FTD Investigation Dashboards.",
+	"Data": {
+		"menuLabel": "",
+		"actions": [
+			{
+				"name": "Investigate",
+				"description": "This actionable will launch the Cisco ASA Investigation Dashboard to see events performed involving this IP Address. ",
+				"placeholder": null,
+				"command": {
+					"type": "dashboard",
+					"reference": "1c340e6a-7268-46a7-8f36-f59405ff64fe",
+					"options": {
+						"variable": "%%ip%%"
+					}
+				},
+				"noValueUrlEncode": false,
+				"start": {
+					"type": "string",
+					"placeholder": null,
+					"format": null
+				},
+				"end": {
+					"type": "string",
+					"placeholder": null,
+					"format": null
+				}
+			},
+			{
+				"name": "Investigate",
+				"description": "Cisco FTD actions on IP Addresses to Launch Cisco FTD Security Events Investigation Dashboard.",
+				"placeholder": null,
+				"command": {
+					"type": "dashboard",
+					"reference": "656036bf-a5f7-4092-9606-d3d97d15c758",
+					"options": {
+						"variable": "%%ip%%"
+					}
+				},
+				"noValueUrlEncode": false,
+				"start": {
+					"type": "string",
+					"placeholder": null,
+					"format": null
+				},
+				"end": {
+					"type": "string",
+					"placeholder": null,
+					"format": null
+				}
+			}
+		],
+		"triggers": [
+			{
+				"pattern": "/\\b(\\d{1,3}\\.){3}\\d{1,3}/g",
+				"hyperlink": true,
+				"disabled": false
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.body b/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.body
new file mode 100644
index 00000000..f6530b12
--- /dev/null
+++ b/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.body
@@ -0,0 +1,484 @@
+***
+
+A toolkit for interacting with Cisco FTD data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, dashboards, alerts, scheduled searches, and flows to help streamline Cisco FTD analysis across Authentication, Config, Events (catch-all), System, Threat, Traffic, and VPN log sources.
+
+***
+
+## Table of Contents  
+0. [Data Ingestion](#0-data-ingestion)  
+    0.1. [Simple Relay Ingester](#0-1-simple-relay-ingester)  
+    0.2. [Install & Configure Simple Relay](#0-2-install--configure)  
+1. [Tags & Macros](#1-tags--macros)  
+    1.1. [Tags](#1-1-tags)  
+    1.2. [Autoextractors](#1-2-autoextractors)  
+    1.3. [Macros](#1-3-macros)  
+2. [Query Library](#2-query-library)  
+3. [Naming Schema](#3-naming-schema)  
+4. [Resources](#4-resources)  
+    4.1. [Lookups](#4-1-lookups)  
+5. [Alerts](#5-alerts)  
+    5.1 [Dispatchers](#5-1-dispatchers)  
+    5.2 [Consumers](#5-2-consumers)
+6. [Scheduled Searches](#6-scheduled-searches)  
+    6.1. [Flows](#6-1-flows)
+7. [Playbooks](#7-playbooks)  
+8. [Searches](#8-searches)  
+    8.1. [Dashboard Searches](#8-2-dashboard-searches)  
+    8.2. [Alert Queries](#8-1-alert-queries)  
+9. [Templates](#9-templates)  
+10. [Dashboards](#10-dashboards)  
+    10.1 [Actionables](#10-1-actionables)
+11. [Useful Resources & References](#11-useful-resources--references)  
+12. [Notes](#12-notes)  
+13. [Image credits](#13-image-credits)  
+
+***
+
+## 0. [Data Ingestion](#0-data-ingestion)
+
+Before you can use the kit, you'll need to get logs flowing from your Cisco FTD Firewall(s) into Gravwell. The recommended method is via syslog forwarding. Gravwell can receive syslog using the [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html) ingester.
+
+#### 0.1 [Simple Relay Ingester](#0-1-simple-relay-ingester)
+
+- Simple Relay is the go-to ingester for text based data sources that can be delivered over plaintext TCP, encrypted TCP, or plaintext UDP network connections via either IPv4 or IPv6.
+    - [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html)
+
+#### 0.2 [Install & Configure Simple Relay](#0-2-install--configure)
+
+- Deploy Simple Relay on a server which is accessible from the FTD device(s) and can route to the Gravwell indexer(s). Configure it with the correct _Ingest-Secret_ and point either _Cleartext-Backend-Target_ or _Encrypted-Backend-Target_ at the indexer address(es). See [Documentation](https://docs.gravwell.io/ingesters/simple_relay.html).
+- Drop the following config snippet into a new file named <kbd>/opt/gravwell/etc/simple\_relay.conf.d/cisco\_firewall.conf</kbd> then restart the ingester with <kbd>sudo systemctl restart gravwell\_simple\_relay.service</kbd>. This will make it start listening for incoming syslog on TCP the configured port, with special rules to route Cisco FTD and Cisco FTD events into different Gravwell tags.
+```ini
+[Listener "syslogtcp_cisco_ftd"]
+    Bind-String="tcp://0.0.0.0:6901"
+    Reader-Type=rfc5424
+    Tag-Name=cisco-ftd-events
+    Assume-Local-Timezone=true
+    Preprocessor="Cisco FTD 43000X Router"
+    Preprocessor="Cisco FTD Class Router"
+
+# Route 43000X security-event syslogs 
+[preprocessor "Cisco FTD 43000X Router"]
+    Type=regexrouter
+    Drop-Misses=false
+    Regex=`%FTD-[0-7]-(?P<msgid>43000[0-9]):`
+    Route-Extraction=msgid
+    Route=430001:cisco-ftd-intrusion
+    Route=430002:cisco-ftd-connection
+    Route=430003:cisco-ftd-connection
+    Route=430004:cisco-ftd-file
+    Route=430005:cisco-ftd-malware
+
+# Route non-43000X messages by 3-digit class prefix
+[preprocessor "Cisco FTD Class Router"]
+    Type=regexrouter
+    Drop-Misses=false
+    # Match any FTD message id EXCEPT 43000X (handled above).
+    Regex=`%FTD-[0-7]-(?P<class>(?!43000)\d{3})\d{3}:`
+    Route-Extraction=class
+
+    # auth
+    Route=109:cisco-ftd-auth
+    Route=113:cisco-ftd-auth
+
+    # config
+    Route=111:cisco-ftd-config
+    Route=112:cisco-ftd-config
+    Route=208:cisco-ftd-config
+    Route=308:cisco-ftd-config
+
+    # vpn
+    Route=213:cisco-ftd-vpn
+    Route=316:cisco-ftd-vpn
+    Route=320:cisco-ftd-vpn
+    Route=402:cisco-ftd-vpn
+    Route=403:cisco-ftd-vpn
+    Route=404:cisco-ftd-vpn
+    Route=501:cisco-ftd-vpn
+    Route=602:cisco-ftd-vpn
+    Route=603:cisco-ftd-vpn
+    Route=611:cisco-ftd-vpn
+    Route=702:cisco-ftd-vpn
+    Route=713:cisco-ftd-vpn
+    Route=714:cisco-ftd-vpn
+    Route=715:cisco-ftd-vpn
+    Route=716:cisco-ftd-vpn
+    Route=718:cisco-ftd-vpn
+    Route=720:cisco-ftd-vpn
+    Route=722:cisco-ftd-vpn
+
+    # traffic
+    Route=106:cisco-ftd-traffic
+    Route=108:cisco-ftd-traffic
+    Route=201:cisco-ftd-traffic
+    Route=202:cisco-ftd-traffic
+    Route=204:cisco-ftd-traffic
+    Route=302:cisco-ftd-traffic
+    Route=303:cisco-ftd-traffic
+    Route=304:cisco-ftd-traffic
+    Route=305:cisco-ftd-traffic
+    Route=314:cisco-ftd-traffic
+    Route=405:cisco-ftd-traffic
+    Route=406:cisco-ftd-traffic
+    Route=407:cisco-ftd-traffic
+    Route=500:cisco-ftd-traffic
+    Route=502:cisco-ftd-traffic
+    Route=607:cisco-ftd-traffic
+    Route=608:cisco-ftd-traffic
+    Route=609:cisco-ftd-traffic
+    Route=616:cisco-ftd-traffic
+    Route=620:cisco-ftd-traffic
+    Route=703:cisco-ftd-traffic
+    Route=710:cisco-ftd-traffic
+
+    # threat
+    Route=400:cisco-ftd-threat
+    Route=401:cisco-ftd-threat
+    Route=420:cisco-ftd-threat
+    Route=733:cisco-ftd-threat
+
+    # system
+    Route=101:cisco-ftd-system
+    Route=102:cisco-ftd-system
+    Route=103:cisco-ftd-system
+    Route=104:cisco-ftd-system
+    Route=105:cisco-ftd-system
+    Route=199:cisco-ftd-system
+    Route=210:cisco-ftd-system
+    Route=211:cisco-ftd-system
+    Route=214:cisco-ftd-system
+    Route=216:cisco-ftd-system
+    Route=306:cisco-ftd-system
+    Route=307:cisco-ftd-system
+    Route=311:cisco-ftd-system
+    Route=315:cisco-ftd-system
+    Route=414:cisco-ftd-system
+    Route=604:cisco-ftd-system
+    Route=605:cisco-ftd-system
+    Route=606:cisco-ftd-system
+    Route=610:cisco-ftd-system
+    Route=612:cisco-ftd-system
+    Route=614:cisco-ftd-system
+    Route=615:cisco-ftd-system
+    Route=701:cisco-ftd-system
+    Route=709:cisco-ftd-system
+    Route=711:cisco-ftd-system
+    Route=741:cisco-ftd-system
+```
+
+- Ensure that the server running Simple Relay allows incoming connections on the configured port, and that any firewalls between the Cisco Firewall device and the Simple Relay system allow the configured port traffic.  
+- Configure log forwarding as described in the Cisco Firewall documentation, defining the syslog server profile to point at the Simple Relay server on the configured port.  
+- Once the changes have been committed, logs should begin flowing into Gravwell. You can check by running the folowing query:  
+
+```
+tag=$CISCO_FTD limit 10
+```
+- If any results appear, logs are coming in properly.  
+
+***
+
+## 1. [Tags & Macros](#1-tags--macros)
+
+#### 1.1. [Tags](#1-1-tags)
+
+- Purpose: Tags are an essential Gravwell concept. Every entry has a single tag associated with it; these tags allow us to separate and categorize data at a basic level.
+- [Documentation](https://docs.gravwell.io/ingesters/ingesters.html#tags)
+- Total: ***11***
+- The Cisco FTD Kit for Gravwell makes use of the following tags:  
+    - cisco-ftd-auth: Configuration Macro; Tag used for all Cisco FTD Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage: `tag=cisco-ftd-auth`  
+    - cisco-ftd-config: Configuration Macro; Tag used for all Cisco FTD Config data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage: `tag=cisco-ftd-config`
+    - cisco-ftd-conn: Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430002 & FTD-#-430003); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.
+        - Usage: `tag=cisco-ftd-conn`
+    - cisco-ftd-events: Configuration Macro; Tag used for all Cisco FTD Events data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage: `tag=cisco-ftd-events`  
+    - cisco-ftd-file: Configuration Macro; Tag used for all Cisco FTD File data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.
+        - Usage: `tag=cisco-ftd-file`  
+    - cisco-ftd-intrusion: Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430001) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.  
+        - Usage: `tag=cisco-ftd-intrusion`  
+    - cisco-ftd-malware: Configuration Macro; Tag used for all Cisco FTD Malware data (FTD-#-430005); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.
+        - Usage: `tag=cisco-ftd-malware`  
+    - cisco-ftd-system: Configuration Macro; Tag used for all Cisco FTD System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage: `tag=cisco-ftd-system`  
+    - cisco-ftd-threat: Configuration Macro; Tag used for all Cisco FTD Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage: `tag=cisco-ftd-threat`  
+    - cisco-ftd-traffic: Configuration Macro; Tag used for all Cisco FTD Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage: `tag=cisco-ftd-traffic`  
+    - cisco-ftd-vpn: Configuration Macro; Tag used for all Cisco FTD VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - Usage: `tag=cisco-ftd-vpn`  
+
+#### 1.2. [Autoextractors](#1-2-autoextractors)
+
+- Purpose: Auto-extractors are simply definitions that can be applied to tags and describe how to correctly extract fields from the data in a given tag. The “ax” module then automatically invokes the appropriate functionality of other modules.
+- [Documentation](https://docs.gravwell.io/configuration/autoextractors.html)
+- The Cisco FTD Kit for Gravwell makes use of the following autoextractors:  
+- Total: ***11***
+    - cisco-ftd-auth: Gravwell generated field extraction for tag cisco-ftd-auth, args '-p -e DATA'
+    - cisco-ftd-config: Gravwell generated field extraction for tag cisco-ftd-config, args '-p -e DATA'
+    - cisco-ftd-conn: Gravwell generated field extraction for tag cisco-ftd-conn, args '-p -e DATA'
+    - cisco-ftd-events: Gravwell generated field extraction for tag cisco-ftd-events, args '-p -e DATA'
+    - cisco-ftd-file: Gravwell generated field extraction for tag cisco-ftd-file, args '-p -e DATA'
+    - cisco-ftd-intrusion: Gravwell generated field extraction for tag cisco-ftd-intrusion, args '-p -e DATA'
+    - cisco-ftd-malware: Gravwell generated field extraction for tag cisco-ftd-malware, args '-p -e DATA'
+    - cisco-ftd-system: Gravwell generated field extraction for tag cisco-ftd-system, args '-p -e DATA'
+    - cisco-ftd-threat: Gravwell generated field extraction for tag cisco-ftd-threat, args '-p -e DATA'
+    - cisco-ftd-traffic: Gravwell generated field extraction for tag cisco-ftd-traffic, args '-p -e DATA'
+    - cisco-ftd-vpn: Gravwell generated field extraction for tag cisco-ftd-vpn, args '-p -e DATA'  
+
+#### 1.3. [Macros](#1-3-macros)
+
+- Purpose: Search macros are a powerful feature that can help you use Gravwell more effectively. Macros can turn long, repetitive search queries into easily-remembered shortcuts.
+- [Documentation](https://docs.gravwell.io/search/macros.html)
+- The Cisco FTD Kit for Gravwell makes use of the following macros:
+- Total: ***20***
+    - Tags
+        - $CISCO\_FTD: Configuration Macro; Tag used for all Cisco FTD data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_FTD\_AUTH: Configuration Macro; Tag used for all Cisco FTD Authentication data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_FTD\_CONFIG: Configuration Macro; Tag used for all Cisco FTD Configuration data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_FTD\_CONN: Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430002 & FTD-#-430003); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.
+        - $CISCO\_FTD\_EVENTS: Configuration Macro; Tag used for all Cisco FTD Events data that don't fall into the other tags; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_FTD\_FILE: Configuration Macro; Tag used for all Cisco FTD Connection data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.
+        - $CISCO\_FTD\_INTRUSION: Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430001) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.  
+        - $CISCO\_FTD\_MALWARE: Configuration Macro; Tag used for all Cisco FTD File (FTD-#-430005) data; necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates.  
+        - $CISCO\_FTD\_SYSTEM: Configuration Macro; Tag used for all Cisco FTD System data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_FTD\_THREAT: Configuration Macro; Tag used for all Cisco FTD Threat data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_FTD\_TRAFFIC: Configuration Macro; Tag used for all Cisco FTD Traffic data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+        - $CISCO\_FTD\_VPN: Configuration Macro; Tag used for all Cisco FTD VPN data; necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.
+        - $CISCO\_SECURITY: Configuration Macro; Tag used for all Cisco FTD Security Events (FTD-#-430001 to FTD-#-430005); necessary for any queries within the Gravwell Cisco Firepower Threat Defense (FTD) Kit to run properly for dashboards, query library, and templates. 
+    - Enumerated Value Extraction (EVX)
+        - $CISCO\_FTD\_CONN\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Connection data (FTD-#-430002 & FTD-#-430003); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.
+        - $CISCO\_FTD\_FILE\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD File data (FTD-#-430004); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.
+        - $CISCO\_FTD\_INTRUSION\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Intrusion data (FTD-#-430001); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.
+        - $CISCO\_FTD\_MALWARE\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Malware data (FTD-#-430005); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates.
+        - $CISCO\_SECURITY\_EVX: This macro extracts all of the known Enumerated Values (EVs) for all Cisco FTD Security Events (FTD-#-430001 to FTD-#-430005); necessary for any queries within the Gravwell Cisco Firewall Kit to run properly for dashboards, query library, and templates. 
+    - Normalization
+        - $CISCO\_FTD\_SEVERITY: This macro creates an Enumerated Value (EV) named \_severity\_order and then orders events by severity. 
+        - $CISCO\_FTD\_SEVERITY\_ORDER: This macro creates an Enumerated Value (EV) named \_severity\_order and then orders events by severity.
+        
+***
+
+## 2. [Query Library](#2-query-library)
+- Purpose: Queries within the Query Library drive [dashboards](#10-dashboards) via [searches](#8-searches), [scheduled searches](#6-scheduled-searches) via [alert queries](#8-1-alert-queries), and [playbooks](#7-playbooks).
+- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)
+    - Updating a query in the library updates dependent dashboards and scheduled searches automatically.
+    - Total queries: ***12***
+        - [8.1 Dashboard Searches](#8-2-dashboard-searches): ***12***  
+        - [8.2 Alert Queries](#8-1-alert-queries): ***0***  
+
+***
+
+## 3. [Naming Schema](#3-naming-schema)
+- Purpose: The use of a standard naming convention enables users to quickly understand the function, severity, and context of a query or component. This approach facilitates efficient identification, reuse, and troubleshooting without ambiguity.
+- _QueryType - Company - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - Name [Visualization - **if any**]_
+- Examples:
+    - Templates: _Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [numbercard]_
+    - Searches: _Search - Cisco - FTD - Firewall - Event Types - Count by Category [chart]_
+
+***
+
+## 4. [Resources](#4-resources)
+- Purpose: Resources allow users to store persistent data for use in searches.
+- [Documentation](https://docs.gravwell.io/resources/resources.html)
+- Total: ***1***
+
+#### 4.1 [Lookups](#4-1-lookups)
+- Purpose: Lookup Resources are used by the lookup module to perform data enrichment and translation off of a static lookup table stored in a resource.
+- [Documentation](https://docs.gravwell.io/search/lookup/lookup.html)
+- Total: ***1***
+    - cisco\_ftd\_syslog\_messages
+        - This is intended to be used as a lookup file providing additional information regarding all Cisco Adaptive Security Appliance (FTD) SysLog Messages. It is used within the Cisco FTD Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.
+        - fields: cisco\_id,msg\_id,description,error\_msg,explanation,recommended\_action,sev\_id,severity,risk\_score
+            - cisco\_id: this is the full Cisco Syslog Message ID (e.g. %FTD-1-101001) which breaks out into %{Cisco Firewall Appliance}-{Cisco Assigned Severity}-{Cisco Message ID}
+            - msg\_id: this is the Cisco Syslog Message ID which is part of the full Cisco Syslog Message ID
+            - description: this is the short description of the Cisco Syslog message often seen on the Cisco firewall appliance itself
+            - error\_msg: this is the full Cisco Message compromised of {cisco\_id}: {description}
+            - explanation: this is a more detailed explanation of the Cisco Syslog Message
+            - recommended\_action: this is the Cisco Recommended Action provided within their documentation
+            - sev\_id: this the Cisco assigned severity (id) provided within their documentation
+            - severity: this the Cisco assigned severity (name) provided within their documentation 
+            - risk\_score: this is a Gravwell assigned value for dashboards, queries, and alerting purposes
+            - category: this is a broad functional grouping assigned to the Cisco FTD error messages that is used within the Cisco FTD General Overview Dashboard to group data together  
+            - subcategory: this is a more specific grouping assigned to the Cisco FTD error messages that is used within the Cisco FTD General Overview Dashboard to group data together  
+        - Usage: `dump -r cisco_ftd_syslog_messages | table`
+
+***
+
+## 5. [Alerts](#5-alerts)
+- Purpose: Alerts notify you of potential nefarious actions that took place within and/or against your environment by tying dispatchers and consumers together.
+- [Documentation](https://docs.gravwell.io/alerts/alerts.html#alerts)
+- Total: ***0***
+
+#### 5.1 [Dispatchers](#5-1-dispatchers)
+- Purpose: Dispatchers generate events. A typical dispatcher would be a scheduled search that runs on an interval; every result returned by a scheduled search is considered an event.
+    - Dispatchers = [Scheduled Searches](#6-scheduled-searches)
+- [Documentation](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)
+
+#### 5.2 [Consumers](#5-2-consumers)
+- Purpose: Consumers process and respond to events. A typical consumer would be a flow that sends an email to an administrator, or opens a ticket in the ticketing system. Each consumer runs once per event.
+    - Consumers = [Flows](#6-1-flows)
+- [Documentation](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)
+
+***
+
+## 6. [Scheduled Searches](#6-scheduled-searches)
+- Purpose: Scheduled Searches are typically dependent on “AlertQuery - Cisco FTD - …” queries within the [Query Library](#2-query-library).
+- [Documentation](https://docs.gravwell.io/scripting/scheduledsearch.html)
+- Total: ***0***
+
+#### 6.1. [Flows](#6-1-flows)
+- Purpose: Flows provide a no-code method for developing advanced automations in Gravwell.
+- [Documentation](https://docs.gravwell.io/flows/flows.html)
+- Total: ***0***
+
+***
+
+## 7. [Playbooks](#7-playbooks)
+
+- Purpose: Playbooks are hypertext documents within Gravwell which help guide users through common tasks, describe functionality, and record information about data in the system.
+- [Documentation](https://docs.gravwell.io/gui/playbooks/playbooks.html)
+- Total: ***1***
+    - Cisco FTD Kit for Gravwell - README
+
+***
+
+## 8. [Searches](#8-searches)
+
+- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco FTD data in an easily digestible format or [scheduled searches](#6-scheduled-searches) to ultimately feed [alerts](#5-alerts).  
+- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)
+- Total: ***12***
+
+#### 8.1 [Dashboard Searches](#8-1-dashboard-searches)
+- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Cisco FTD data in an easily digestible format.
+- Total: ***12***  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category [chart]_: Displays a chart of event types (error message) by Category.  
+    - _Search - Cisco - FTD - Firewall - Security - Count by ApplicationProtocol [chart]_: Displays a chart of event count by ApplicationProtocol.  
+    - _Search - Cisco - FTD - Firewall - Security - Count by DstIP [chart]_: Displays a chart of event count by DstIP.  
+    - _Search - Cisco - FTD - Firewall - Security - Count by SSLActualAction [chart]_: Displays a chart of event count by SSLActualAction.  
+    - _Search - Cisco - FTD - Firewall - Security - Count by SrcIP [chart]_: Displays a chart of event count by SrcIP.  
+    - _Search - Cisco - FTD - Firewall - Security - Count by Tag [chart]_: Displays a chart of event types (error message) by Tag.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category & Subcategory [chart]_: Displays a chart of event types (error message) by Category & Subcategory.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category & Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Category & Subcategory.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category [numbercard]_: Displays a numbercard of event types (error message) by Category.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory & Severity [chart]_: Displays a chart of event types (error message) by Category, Subcategory & Severity.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory & Severity [numbercard]_: Displays a numbercard of event types (error message) by Category, Subcategory & Severity.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Severity [chart]_: Displays a chart of event types (error message) by Severity.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Severity [numbercard]_: Displays a numbercard of event types (error message) by Severity.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [chart]_: Displays a chart of event types (error message) by Subcategory.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [numbercard]_: Displays a numbercard of event types (error message) by Subcategory.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Tag [chart]_: Displays a chart of event types (error message) by Tag.  
+    - _Search - Cisco - FTD - Firewall - Event Types - Count by Tag [numbercard]_: Displays a numbercard of event types (error message) by Tag.  
+- Naming Schema: _Search - Cisco FTD - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - SearchName [Visualization - **if any**]_
+
+#### 8.2. [Alert Queries](#8-2-alert-queries)
+- Purpose: These queries within the Query Library drive [scheduled searches](#6-scheduled-searches) which ultimately feed [alerts](#5-alerts).  
+- IMPORTANT: If you need to update or tune, this is where you perform that action.
+- Total: ***0***
+
+***
+
+## 9. [Templates](#9-templates)
+- Purpose: Templates are special objects which define a Gravwell query containing variables.
+- [Documentation](https://docs.gravwell.io/gui/templates/templates.html)
+- Total: ***36***
+    - _Template - Cisco - FTD - Firewall - Connection - Event Count by Severity [chart]_: Displays a chart of Connection Events by severity performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Connection - Events by User and/or IP [table]_: Displays a table of Connection Events performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - File - Event Count by Severity [chart]_: Displays a chart of File Events by severity performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - File - Events by User and/or IP [table]_: Displays a table of File Events performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Intrusion - Event Count by Severity [chart]_: Displays a chart of Intrusion Events by severity performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Intrusion - Events by User and/or IP [table]_: Displays a table of Intrusion Events performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Malware - Event Count by Severity [chart]_: Displays a chart of Malware Events by severity performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Malware - Events by User and/or IP [table]_: Displays a table of Malware Events performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Security - Count by Severity [numbercard]_: Displays a numbercard of Security Events performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Security - Event Count by Severity [chart]_: Displays a chart of Security Events by severity performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Security - Event Count by Tag [chart]_: Displays a chart of Security Events by TAG performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Security - Events by User and/or IP [table]_: Displays a table of Security Events performed by the specified user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [chart]_: Displays a chart of Authentication events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [numbercard]_: Displays a numbercard of Authentication events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Authentication - Events by User and/or IP [table]_: Displays a table of Authentication events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Combined - Event Count by Severity [chart]_: Displays a chart of all events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Combined - Event Count by Severity [numbercard]_: Displays a numbercard of all events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Combined - Events by User and/or IP [table]_: Displays a table of all events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Config - Event Count by Severity [chart]_: Displays a chart of Config events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Config - Event Count by Severity [numbercard]_: Displays a numbercard of Config events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Config - Events by User and/or IP [table]_: Displays a table of Config events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Events - Event Count by Severity [chart]_: Displays a chart of events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Events - Event Count by Severity [numbercard]_: Displays a numbercard of events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Events - Events by User and/or IP [table]_: Displays a table of events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - System - Event Count by Severity [chart]_: Displays a chart of System events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - System - Event Count by Severity [numbercard]_: Displays a numbercard of System events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - System - Events by User and/or IP [table]_: Displays a table of System events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [chart]_: Displays a chart of Threat events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [numbercard]_: Displays a numbercard of Threat events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Threat - Events by User and/or IP [table]_: Displays a table of Threat events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [chart]_: Displays a chart of Traffic events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [numbercard]_: Displays a numbercard of Traffic events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - Traffic - Events by User and/or IP [table]_: Displays a table of Traffic events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [chart]_: Displays a chart of VPN events performed by the user and/or ip.  
+    - _Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [numbercard]_: Displays a numbercard of VPN events performed by the user and/or ip.      
+    - _Template - Cisco - FTD - Firewall - VPN - Events by User and/or IP [table]_: Displays a table of VPN events performed by the user and/or ip.  
+
+***
+
+## 10. [Dashboards](#10-dashboards)
+- Purpose: Dashboards are Gravwell's way of showing the results from multiple searches at the same time.
+- [Documentation](https://docs.gravwell.io/gui/dashboards/dashboards.html)
+- Total: ***3***
+    - Cisco FTD General Overview: This Dashboard is a general overview of your Cisco FTD data.
+    - Cisco FTD Investigation: This Dashboard is intended to be used for Cisco FTD investigations.
+    - Cisco FTD Security Events Investigation: This Dashboard is intended to be used for Cisco FTD Security Event investigations.
+
+#### 10.1 [Actionables](#10-1-actionables)
+- Purpose: Actionables provide a way to create custom menus that key on any text rendered in a query; users can take different actions on that text by selecting options in the menus.
+- [Documentation](https://docs.gravwell.io/gui/actionables/actionables.html)
+- Total: ***1***
+    - Cisco FTD IP: Cisco FTD Actions on IP to Launch Cisco FTD Investigation Dashboard or Cisco FTD Security Event Investigation Dashboard.
+
+***
+
+## 11. [Useful Resources & References](#11-useful-resources--references)
+- Gravwell
+    - [Actionables](https://docs.gravwell.io/gui/actionables/actionables.html)  
+    - [Alerts](https://docs.gravwell.io/alerts/alerts.html#alerts)  
+    - [Autoextractors](https://docs.gravwell.io/configuration/autoextractors.html)  
+    - [Consumers](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)  
+    - [Dashboards](https://docs.gravwell.io/gui/dashboards/dashboards.html)  
+    - [Dispatchers](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)  
+    - [Flows](https://docs.gravwell.io/flows/flows.html)  
+    - [Lookup Module](https://docs.gravwell.io/search/lookup/lookup.html)  
+    - [Macros](https://docs.gravwell.io/search/macros.html)  
+    - [Playbooks](https://docs.gravwell.io/gui/playbooks/playbooks.html)  
+    - [Query Library](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)  
+    - [regexrouter Preprocessor](https://docs.gravwell.io/ingesters/preprocessors/regexrouter.html)  
+    - [Resources](https://docs.gravwell.io/resources/resources.html)  
+    - [Scheduled Searches](https://docs.gravwell.io/scripting/scheduledsearch.html)  
+    - [Simple Relay](https://docs.gravwell.io/ingesters/simple_relay.html)  
+    - [Tags](https://docs.gravwell.io/ingesters/ingesters.html#tags)  
+    - [Templates](https://docs.gravwell.io/gui/templates/templates.html)  
+- Cisco Adaptive Security Appliance (FTD)
+    - [Cisco Secure Firewall FTD Series Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/about.html)
+    - [Cisco Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)
+    - [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)
+    - [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)
+    - [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)
+    - [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)
+    - [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)
+    - [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)
+    - [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)
+    - [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)
+    - [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)
+    - [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)
+    - [Cisco FTD Messages Listed by Severity Level](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs-sev-level.html)
+    - [Cisco FTD Index](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/fptd_syslog_guide_index.html)
+
+***
+
+## 12. [Notes](#12-notes)
+
+***
+
+## 13. [Image credits](#13-image-credits)
+- [Banner](https://uxwing.com/cisco-icon/)
+- [Cover](https://uxwing.com/cisco-icon/)
+- [Icon](https://uxwing.com/cisco-icon/)
+
+***
\ No newline at end of file
diff --git a/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.meta b/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.meta
new file mode 100644
index 00000000..d0c504e4
--- /dev/null
+++ b/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.meta
@@ -0,0 +1,25 @@
+{
+	"UUID": "8bf6f33d-7372-4405-9678-e15939dbe71c",
+	"GUID": "8da73867-990a-4185-8c2b-5a1c60e39786",
+	"UID": 1,
+	"GIDs": [],
+	"Global": true,
+	"WriteAccess": {
+		"Global": false,
+		"GIDs": []
+	},
+	"Name": "Cisco FTD Kit for Gravwell - README",
+	"Desc": "A toolkit for interacting with Cisco FTD data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, and dashboards to help streamline Cisco analysis and monitoring across Authentication, Config, Connection, Events (catch-all), File, Intrusion, Malware, System, Threat, Traffic, and VPN log sources.",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"LastUpdated": "2026-03-18T06:43:29.790642961Z",
+	"Author": {
+		"Name": "Kyle Mallett",
+		"Email": "info@gravwell.io",
+		"Company": "Gravwell",
+		"URL": "gravwell.io"
+	},
+	"Synced": false
+}
\ No newline at end of file
diff --git a/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.playbook_metadata b/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.playbook_metadata
new file mode 100644
index 00000000..26f61360
--- /dev/null
+++ b/cisco_ftd/playbook/8da73867-990a-4185-8c2b-5a1c60e39786.playbook_metadata
@@ -0,0 +1 @@
+{"dashboards":[],"attachments":[{"context":"cover","type":"image","fileGUID":"e0b98ad2-b2a7-4b24-8374-72f247a18822"},{"context":"banner","type":"image","fileGUID":"8b713d4b-635b-4a4d-8eba-85ca1a3adb6d"}]}
\ No newline at end of file
diff --git a/cisco_ftd/resource/cisco_ftd_syslog_messages.contents b/cisco_ftd/resource/cisco_ftd_syslog_messages.contents
new file mode 100644
index 00000000..e2081676
--- /dev/null
+++ b/cisco_ftd/resource/cisco_ftd_syslog_messages.contents
@@ -0,0 +1,1823 @@
+cisco_id,msg_id,description,error_msg,explanation,recommended_action,sev_id,severity,risk_score,category,subcategory
+%FTD-1-101001,101001,(Primary) Failover cable OK.,%FTD-1-101001: (Primary) Failover cable OK.,The failover cable is present and functioning correctly. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-1-101002,101002,(Primary) Bad failover cable.,%FTD-1-101002: (Primary) Bad failover cable.,"The failover cable is present, but not functioning correctly. Primary can also be listed as Secondary for the secondary unit.",Replace the failover cable.,1,Alert,85,system,failover
+%FTD-1-101003,101003,(Primary) Failover cable not connected (this unit),%FTD-1-101003: (Primary) Failover cable not connected (this unit),"Failover mode is enabled, but the failover cable is not connected to one unit of the failover pair. Primary can also be listed as Secondary for the secondary unit.",Connect the failover cable to both units of the failover pair.,1,Alert,75,system,failover
+%FTD-1-101004,101004,(Secondary) Failover cable not connected (other unit),%FTD-1-101004: (Secondary) Failover cable not connected (other unit),"Failover mode is enabled, but the failover cable is not connected to one unit of the failover pair. Primary can also be listed as Secondary for the secondary unit.",Connect the failover cable to both units of the failover pair.,1,Alert,75,system,failover
+%FTD-1-101005,101005,(Primary) Error reading failover cable status.,%FTD-1-101005: (Primary) Error reading failover cable status.,"The failover cable is connected, but the primary unit is unable to determine its status.",Replace the cable.,1,Alert,95,system,failover
+%FTD-1-103001,103001,(Primary) No response from other firewall (reason code = code).,%FTD-1-103001: (Primary) No response from other firewall (reason code = code).,"The primary unit is unable to communicate with the secondary unit over the failover cable. Primary can also be listed as Secondary for the secondary unit. The following table lists the reason codes and the descriptions to determine why the failover occurred. Description Reason Code The local unit is not receiving the hello packet on the failover LAN interface when LAN failover occurs or on the serial failover cable when serial failover occurs, and declares that the peer is down. An interface did not pass one of the four failover tests, which are as follows: 1) Link Up, 2) Monitor for Network Traffic, 3) ARP, and 4) Broadcast Ping. No proper ACK for 15+ seconds after a command was sent on the serial cable. The failover LAN interface is down, and other data interfaces are not responding to additional interface testing. In addition, the local unit is declaring that the peer is down.",None provided.,1,Alert,85,system,failover
+%FTD-1-103002,103002,(Primary) Other firewall network interface interface_number OK.,%FTD-1-103002: (Primary) Other firewall network interface interface_number OK.,The primary unit has detected that the network interface on the secondary unit is okay. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-1-103003,103003,(Primary) Other firewall network interface interface_number failed.,%FTD-1-103003: (Primary) Other firewall network interface interface_number failed.,The primary unit has detected a bad network interface on the secondary unit. Primary can also be listed as Secondary for the secondary unit.,"Check the network connections on the secondary unit and the network hub connection. If necessary, replace the failed network interface.",1,Alert,95,system,failover
+%FTD-1-103004,103004,(Primary) Other firewall reports this firewall failed. reason-string,%FTD-1-103004: (Primary) Other firewall reports this firewall failed. reason-string,The primary unit received a message from the secondary unit indicating that the primary unit has failed. Primary can also be listed as Secondary for the secondary unit. The reason can be one of the following:,Verify the status of the primary unit.,1,Alert,95,system,failover
+%FTD-1-103005,103005,(Primary) Other firewall reporting failure. Reason: SSM_card_failure,%FTD-1-103005: (Primary) Other firewall reporting failure. Reason: SSM_card_failure,The secondary unit has reported an SSM card failure to the primary unit. Primary can also be listed as Secondary for the secondary unit.,Verify the status of the secondary unit.,1,Alert,95,system,failover
+%FTD-1-103006,103006,(Primary|Secondary) Mate version ver_num is not compatible with ours ver_num.,%FTD-1-103006: (Primary|Secondary) Mate version ver_num is not compatible with ours ver_num.,The Secure Firewall Threat Defense device has detected a peer unit that is running a version that is different than the local unit and is not compatible with the HA Hitless Upgrade feature.,Install the same or a compatible version image on both units.,1,Alert,85,system,failover
+%FTD-1-103007,103007,(Primary|Secondary) Mate version ver_num is not identical with ours ver_num.,%FTD-1-103007: (Primary|Secondary) Mate version ver_num is not identical with ours ver_num.,"The Secure Firewall Threat Defense device has detected that the peer unit is running a version that is not identical, but supports Hitless Upgrade and is compatible with the local unit. The system performance may be degraded because the image version is not identical, and the Secure Firewall Threat Defense device may develop a stability issue if the nonidentical image runs for an extended period.",Install the same image version on both units as soon as possible.,1,Alert,85,system,failover
+%FTD-1-103008,103008,host Mate hwdib index Idx is not identical with ours.,%FTD-1-103008: host Mate hwdib index Idx is not identical with ours.,The number of interfaces on the active and standby units is not the same.,"Verify that the units have the same number of interfaces. You might need to install additional interface modules, or use different devices. After the physical interfaces match, force a configuration sync by suspending and then resuming HA.",1,Alert,85,system,failover
+%FTD-1-104001,104001,(Primary) Switching to ACTIVE - string.,%FTD-1-104001: (Primary) Switching to ACTIVE - string.,None provided.,None provided.,1,Alert,75,system,failover
+%FTD-1-104002,104002,(Secondary) Switching to STANDBY - string.,%FTD-1-104002: (Secondary) Switching to STANDBY - string.,None provided.,None provided.,1,Alert,75,system,failover
+%FTD-1-104003,104003,(Primary) Switching to FAILED.,%FTD-1-104003: (Primary) Switching to FAILED.,The primary unit has failed.,Check the messages for the primary unit for an indication of the nature of the problem (see message 104001). Primary can also be listed as Secondary for the secondary unit.,1,Alert,85,system,failover
+%FTD-1-104004,104004,(Primary) Switching to OK.,%FTD-1-104004: (Primary) Switching to OK.,A previously failed unit reports that it is operating again. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-1-105001,105001,(Primary) Disabling failover.,%FTD-1-105001: (Primary) Disabling failover.,"In version 7.x and later, this message may indicate the following: failover has been automatically disabled because of a mode mismatch (single or multiple), a license mismatch (encryption or context), or a hardware difference (one unit has an IPS SSM installed, and its peer has a CSC SSM installed). Primary can also be listed as Secondary for the secondary unit.",None required.,1,Alert,5,system,failover
+%FTD-1-105002,105002,(Primary) Enabling failover.,%FTD-1-105002: (Primary) Enabling failover.,"You have used the failover command with no arguments on the console, after having previously disabled failover. Primary can also be listed as Secondary for the secondary unit.",None required.,1,Alert,5,system,failover
+%FTD-1-105003,105003,(Primary) Monitoring on interface interface_name waiting,%FTD-1-105003: (Primary) Monitoring on interface interface_name waiting,The Secure Firewall Threat Defense device is testing the specified network interface with the other unit of the failover pair. Primary can also be listed as Secondary for the secondary unit. There could be delay in the logging of syslog when compared to the actual status change. This delay is due to the poll time and hold time that is configured for the interface monitoring. Note,None required. The Secure Firewall Threat Defense device monitors its network interfaces frequently during normal operation.,1,Alert,5,system,failover
+%FTD-1-105004,105004,(Primary) Monitoring on interface interface_name normal,%FTD-1-105004: (Primary) Monitoring on interface interface_name normal,The test of the specified network interface was successful. Primary can also be listed as Secondary for the secondary unit. There could be delay in the logging of syslog when compared to the actual status change. This delay is due to the poll time and hold time that is configured for the interface monitoring. Note,None required.,1,Alert,5,system,failover
+%FTD-1-105005,105005,(Primary) Lost Failover communications with mate on interface interface_name,%FTD-1-105005: (Primary) Lost Failover communications with mate on interface interface_name,One unit of the failover pair can no longer communicate with the other unit of the pair. Primary can also be listed as Secondary for the secondary unit.,Verify that the network connected to the specified interface is functioning correctly.,1,Alert,85,system,failover
+%FTD-1-105006,105006,(Primary) Link status 'Up' on interface interface_name,%FTD-1-105006: (Primary) Link status 'Up' on interface interface_name,The results of monitoring the link status of the specified interface have been reported. Primary can also be listed as Secondary for the secondary unit.,"If the link status is down, verify that the network connected to the specified interface is operating correctly.",1,Alert,85,system,failover
+%FTD-1-105007,105007,(Primary) Link status 'Down' on interface interface_name.,%FTD-1-105007: (Primary) Link status 'Down' on interface interface_name.,The results of monitoring the link status of the specified interface have been reported. Primary can also be listed as Secondary for the secondary unit.,"If the link status is down, verify that the network connected to the specified interface is operating correctly.",1,Alert,85,system,failover
+%FTD-1-105008,105008,(Primary) Testing Interface interface_name,%FTD-1-105008: (Primary) Testing Interface interface_name,Testing of a specified network interface has occurred. This testing is performed only if the Secure Firewall Threat Defense device fails to receive a message from the standby unit on that interface after the expected interval. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-1-105009,105009,(Primary) Testing on interface interface_name {Passed|Failed},%FTD-1-105009: (Primary) Testing on interface interface_name {Passed|Failed},The result (either Passed or Failed) of a previous interface test has been reported. Primary can also be listed as Secondary for the secondary unit.,"None required if the result is Passed. If the result is Failed, you should check the network cable connection to both failover units, that the network itself is functioning correctly, and verify the status of the standby unit.",1,Alert,5,system,failover
+%FTD-3-105010,105010,(Primary) Failover message block alloc failed,%FTD-3-105010: (Primary) Failover message block alloc failed,Block memory was depleted. This is a transient message and the Secure Firewall Threat Defense device should recover. Primary can also be listed as Secondary for the secondary unit.,Use the show blocks command to monitor the current block memory.,3,Error,75,system,failover
+%FTD-1-105011,105011,(Primary) Failover cable communication failure,%FTD-1-105011: (Primary) Failover cable communication failure,The failover cable is not permitting communication between the primary and secondary units. Primary can also be listed as Secondary for the secondary unit.,Ensure that the cable is connected correctly.,1,Alert,85,system,failover
+%FTD-1-105020,105020,(Primary) Incomplete/slow config replication,%FTD-1-105020: (Primary) Incomplete/slow config replication,"When a failover occurs, the active Secure Firewall Threat Defense device detects a partial configuration in memory. Normally, this is caused by an interruption in the replication service. Primary can also be listed as Secondary for the secondary unit.","After the Secure Firewall Threat Defense device detects the failover, the Secure Firewall Threat Defense device automatically reboots and loads the configuration from flash memory and/or resynchronizes with another Secure Firewall Threat Defense device. If failovers occurs continuously, check the failover configuration and make sure that both Secure Firewall Threat Defense devices can communicate with each other.",1,Alert,75,system,failover
+%FTD-1-105021,105021,(Failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name,%FTD-1-105021: (Failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name,"During configuration synchronization, a standby unit will reload itself if some other process locks the configuration for more than five minutes, which prevents the failover process from applying the new configuration. This can occur when an administrator pages through a running configuration on the standby unit while configuration synchronization is in process. See also the show running-config command in privileged EXEC mode and the pager lines num command in global configuration mode in the Command Reference Guides.",Avoid viewing or modifying the configuration on the standby unit when it first boots up and is in the process of establishing a failover connection with the active unit.,1,Alert,100,system,failover
+%FTD-1-105022,105022,(host) Config replication failed with reason = reason,%FTD-1-105022: (host) Config replication failed with reason = reason,"When high availability replication fails, the message is generated. Where, active to standby lapses, and the device starts to reboot. availability configuration replication lapses.",None.,1,Alert,85,system,failover
+%FTD-1-105031,105031,Failover LAN interface is up,%FTD-1-105031: Failover LAN interface is up,The LAN failover interface link is up.,None required.,1,Alert,5,system,failover
+%FTD-1-105032,105032,LAN Failover interface is down,%FTD-1-105032: LAN Failover interface is down,The LAN failover interface link is down.,Check the connectivity of the LAN failover interface. Make sure that the speed or duplex setting is correct.,1,Alert,75,system,failover
+%FTD-1-105033,105033,LAN FO cmd Iface down and up again,%FTD-1-105033: LAN FO cmd Iface down and up again,None provided.,None provided.,1,Alert,75,system,failover
+%FTD-1-105034,105034,Receive a LAN_FAILOVER_UP message from peer.,%FTD-1-105034: Receive a LAN_FAILOVER_UP message from peer.,The peer has just booted and sent the initial contact message.,None required.,1,Alert,5,system,failover
+%FTD-1-105035,105035,Receive a LAN failover interface down msg from peer.,%FTD-1-105035: Receive a LAN failover interface down msg from peer.,The peer LAN failover interface link is down. The unit switches to active mode if it is in standby mode.,Check the connectivity of the peer LAN failover interface.,1,Alert,75,system,failover
+%FTD-1-105036,105036,dropped a LAN Failover command message.,%FTD-1-105036: dropped a LAN Failover command message.,"The Secure Firewall Threat Defense device dropped an unacknowledged LAN failover command message, indicating a connectivity problem exists on the LAN failover interface.",Check that the LAN interface cable is connected.,1,Alert,95,system,failover
+%FTD-1-105037,105037,(Primary and Standby ) Both units are switching back and forth as the active unit,%FTD-1-105037: (Primary and Standby ) Both units are switching back and forth as the active unit,"The primary and standby units are switching back and forth as the active unit, indicating a LAN failover connectivity problem or software bug exists.",Make sure that the LAN interface cable is connected.,1,Alert,75,system,failover
+%FTD-1-105038,105038,(Primary) Interface count mismatch,%FTD-1-105038: (Primary) Interface count mismatch,"When a failover occurs, the active Secure Firewall Threat Defense device detects a partial configuration in memory. Normally, this is caused by an interruption in the replication service. Primary can also be listed as Secondary for the secondary unit.","Once the failover is detected by the Secure Firewall Threat Defense device, the Secure Firewall Threat Defense device automatically reboots and loads the configuration from flash memory and/or resynchronizes with another Secure Firewall Threat Defense device. If failovers occur continuously, check the failover configuration and make sure that both Secure Firewall Threat Defense devices can communicate with each other.",1,Alert,85,system,failover
+%FTD-1-105039,105039,(Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.,%FTD-1-105039: (Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.,Failover initially verifies that the number of interfaces configured on the primary and secondary Secure Firewall Threat Defense devices are the same. This message indicates that the primary Secure Firewall Threat Defense device is not able to verify the number of interfaces configured on the secondary Secure Firewall Threat Defense device. This message indicates that the primary Secure Firewall Threat Defense device is not able to communicate with the secondary Secure Firewall Threat Defense device over the failover interface. Primary can also be listed as Secondary for the secondary unit.,"Verify the failover LAN, interface configuration, and status on the primary and secondary Secure Firewall Threat Defense devices. Make sure that the secondary Secure Firewall Threat Defense device is running the Secure Firewall Threat Defense device application and that failover is enabled.",1,Alert,95,system,failover
+%FTD-1-105040,105040,(Primary) Mate failover version is not compatible.,%FTD-1-105040: (Primary) Mate failover version is not compatible.,The primary and secondary Secure Firewall Threat Defense devices should run the same failover software version to act as a failover pair. This message indicates that the secondary Secure Firewall Threat Defense device failover software version is not compatible with the primary Secure Firewall Threat Defense device. Failover is disabled on the primary Secure Firewall Threat Defense device. Primary can also be listed as Secondary for the secondary Secure Firewall Threat Defense device.,Maintain consistent software versions between the primary and secondary Secure Firewall Threat Defense devices to enable failover.,1,Alert,75,system,failover
+%FTD-1-105041,105041,cmd failed during sync,%FTD-1-105041: cmd failed during sync,"Replication of the nameif command failed, because the number of interfaces on the active and standby units is not the same.","Verify that the units have the same number of interfaces. You might need to install additional interface modules, or use different devices. After the physical interfaces match, force a configuration sync by suspending and then resuming HA.",1,Alert,95,system,failover
+%FTD-1-105042,105042,(Primary) Failover interface OK,%FTD-1-105042: (Primary) Failover interface OK,The interface that sends failover messages could go down when physical status of the failover link is down or when L2 connectivity between the failover peers is lost resulting in dropping of ARP packets. This message is generated after restoring the L2 ARP connectivity.,None required.,1,Alert,95,system,failover
+%FTD-1-105043,105043,(Primary) Failover interface failed,%FTD-1-105043: (Primary) Failover interface failed,None provided.,None provided.,1,Alert,85,system,failover
+%FTD-1-105044,105044,(Primary) Mate operational mode (mode) is not compatible with my mode (mode).,%FTD-1-105044: (Primary) Mate operational mode (mode) is not compatible with my mode (mode).,"When the operational mode (single or multiple) does not match between failover peers, failover will be disabled.","Configure the failover peers to have the same operational mode, and then reenable failover.",1,Alert,75,system,failover
+%FTD-1-105045,105045,(Primary) Mate license (number_contexts) is not compatible with my license (number_contexts).,%FTD-1-105045: (Primary) Mate license (number_contexts) is not compatible with my license (number_contexts).,"When the feature licenses do not match between failover peers, failover will be disabled.","Configure the failover peers to have the same feature license, and then reenable failover.",1,Alert,75,system,failover
+%FTD-1-105046,105046,(Primary|Secondary) Mate has a different chassis,%FTD-1-105046: (Primary|Secondary) Mate has a different chassis,"Two failover units have a different type of chassis. For example, one has a three-slot chassis; the other has a six-slot chassis.",Make sure that the two failover units are the same.,1,Alert,75,system,failover
+%FTD-1-105047,105047,Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2,%FTD-1-105047: Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2,The two failover units have different types of cards in their respective slots.,Make sure that the card configurations for the failover units are the same.,1,Alert,75,system,failover
+%FTD-1-105048,105048,(unit) Mate's service module (application) is different from mine (application).,%FTD-1-105048: (unit) Mate's service module (application) is different from mine (application).,None provided.,None provided.,1,Alert,75,system,failover
+%FTD-3-105050,105050,(host) Number of Ethernet interfaces on Standby unit (int_number) is less than number on Active unit (int_number).,%FTD-3-105050: (host) Number of Ethernet interfaces on Standby unit (int_number) is less than number on Active unit (int_number).,Number of Ethernet interfaces on standby unit is less than that on active unit.,"Secure Firewall Threat Defense device with same number of interfaces should be paired up with each other. Verify that the units have the same number of interfaces. You might need to install additional interface modules, or use different devices. After the physical interfaces match, force a configuration sync by suspending and then resuming HA.",3,Error,75,system,failover
+%FTD-3-105052,105052,"HA:cipher in use algorithm name strong encryption is status, please reboot to use strong cipher and preferably change the key in use","%FTD-3-105052: HA:cipher in use algorithm name strong encryption is status, please reboot to use strong cipher and preferably change the key in use","When the failover key is configured prior to a license update, the weaker cipher is not switched to a stronger cipher automatically. This syslog is generated, every 30 seconds to alert that a weaker cipher is still being used when a stronger cipher is available. Example %FTD-3-105052 HA cipher in use DES strong encryption is AVAILABLE, please reboot to use strong cipher and preferably change the key in use.","Remove the failover key configuration and reconfigure the key. Reload the standby, and then reload the active device.",3,Error,95,system,failover
+%FTD-2-106001,106001,Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name,%FTD-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name,"An attempt was made to connect to an inside address is denied by the security policy that is defined for the specified traffic type. The IP address displayed is the real IP address instead of the IP address that appears through NAT. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the Secure Firewall Threat Defense device, and it was dropped. The tcp_flags in this packet are FIN and ACK. The tcp_flags are as follows:",None provided.,2,Critical,100,access_control,acl
+%FTD-2-106002,106002,protocol Connection denied by outbound list acl_ID src inside_address dest outside_address,%FTD-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address,"The specified connection failed because of an outbound deny command. The protocol variable can be ICMP, TCP, or UDP.",Use the show outbound command to check outbound lists.,2,Critical,100,access_control,acl
+%FTD-2-106006,106006,Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name,%FTD-2-106006: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name,An inbound UDP packet was denied by the security policy that is defined for the specified traffic type.,None required.,2,Critical,100,access_control,acl
+%FTD-2-106007,106007,Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query},%FTD-2-106007: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query},A UDP packet containing a DNS query or response was denied.,"If the inside port number is 53, the inside host probably is set up as a caching name server. Add an access-list command statement to permit traffic on UDP port 53 and a translation entry for the inside host. If the outside port number is 53, a DNS server was probably too slow to respond, and the query was answered by another server.",2,Critical,100,access_control,acl
+%FTD-3-106010,106010,"Deny inbound protocolsrc [interface_name : source_address/source_port ] [([idfw_user | FQDN_string ], sg_info )] dst [interface_name : dest_address /dest_port }[([idfw_user | FQDN_string ], sg_info )]","%FTD-3-106010: Deny inbound protocolsrc [interface_name : source_address/source_port ] [([idfw_user | FQDN_string ], sg_info )] dst [interface_name : dest_address /dest_port }[([idfw_user | FQDN_string ], sg_info )]",An inbound connection was denied by your security policy.,"Modify the security policy if traffic should be permitted. If the message occurs at regular intervals, contact the remote peer administrator.",3,Error,85,access_control,acl
+%FTD-3-106011,106011,Deny inbound (No xlate) protocol_src_Interface:IP/port_dst_Interface-nameif:IP/port,%FTD-3-106011: Deny inbound (No xlate) protocol_src_Interface:IP/port_dst_Interface-nameif:IP/port,None provided.,None provided.,3,Error,85,access_control,acl
+%FTD-6-106012,106012,"Deny IP from IP_address to IP_address, IP options: ""hex""","%FTD-6-106012: Deny IP from IP_address to IP_address, IP options: ""hex""","An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.",Contact the remote host system administrator to determine the problem. Check the local site for loose source routing or strict source routing.,6,Informational,35,access_control,acl
+%FTD-2-106013,106013,Dropping echo request from IP_address to PAT address IP_address,%FTD-2-106013: Dropping echo request from IP_address to PAT address IP_address,The Secure Firewall Threat Defense device discarded an inbound ICMP Echo Request packet with a destination address that corresponds to a PAT global address. The inbound packet is discarded because it cannot specify which PAT host should receive the packet.,None required.,2,Critical,100,access_control,acl
+%FTD-3-106014,106014,Deny inbound src,%FTD-3-106014: Deny inbound src,"The Secure Firewall Threat Defense device denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically allowed.",None required.,3,Error,85,access_control,acl
+%FTD-6-106015,106015,Deny TCP (no connection) from IP_address /port to IP_address /port flags tcp_flags on interface interface_name.,%FTD-6-106015: Deny TCP (no connection) from IP_address /port to IP_address /port flags tcp_flags on interface interface_name.,"The Secure Firewall Threat Defense device discarded a TCP packet that has no associated connection in the Secure Firewall Threat Defense connection table. The Secure Firewall Threat Defense device looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is no existing connection, the Secure Firewall Threat Defense device discards the packet.","None required unless the Secure Firewall Threat Defense device receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.",6,Informational,45,access_control,acl
+%FTD-2-106016,106016,Deny IP spoof from (ip_address) to ip_address on interface interface_name,%FTD-2-106016: Deny IP spoof from (ip_address) to ip_address on interface interface_name,"A packet arrived at the Secure Firewall Threat Defense interface that has a destination IP address of 0.0.0.0 and a destination MAC address of the Secure Firewall Threat Defense interface. In addition, this message is generated when the Secure Firewall Threat Defense device discarded a packet with an invalid source address, which may include one of the following or some other invalid address: To further enhance spoof packet detection, use the icmp command to configure the Secure Firewall Threat Defense device to discard packets with source addresses belonging to the internal network, because the access-list command has been deprecated and is no longer guaranteed to work correctly.",Determine if an external user is trying to compromise the protected network. Check for misconfigured clients.,2,Critical,100,access_control,acl
+%FTD-2-106017,106017,Deny IP due to Land Attack from IP_address to IP_address,%FTD-2-106017: Deny IP due to Land Attack from IP_address to IP_address,"The Secure Firewall Threat Defense device received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.","If this message persists, an attack may be in progress. The packet does not provide enough information to determine where the attack originates.",2,Critical,100,access_control,acl
+%FTD-2-106018,106018,ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address,%FTD-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address,The outgoing ICMP packet with the specified ICMP from local host (inside_address) to the foreign host (outside_address) was denied by the outbound ACL list.,None required.,2,Critical,100,access_control,acl
+%FTD-2-106020,106020,"Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address","%FTD-2-106020: Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address",The Secure Firewall Threat Defense device discarded an IP packet with a teardrop signature containing either a small offset or fragment overlapping. This is a hostile event that circumvents the Secure Firewall Threat Defense device or an Intrusion Detection System.,Contact the remote peer administrator or escalate this issue according to your security policy.,2,Critical,100,access_control,acl
+%FTD-1-106021,106021,Deny protocol reverse path check from source_address to dest_address on interface interface_name,%FTD-1-106021: Deny protocol reverse path check from source_address to dest_address on interface interface_name,"An attack is in progress. Someone is attempting to spoof an IP address on an inbound connection. Unicast RPF, also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes that it is part of an attack on your Secure Firewall Threat Defense device. This message appears when you have enabled Unicast RPF with the ip verify reverse-path command. This feature works on packets input to an interface; if it is configured on the outside, then the Secure Firewall Threat Defense device checks packets arriving from the outside. The Secure Firewall Threat Defense device looks up a route based on the source_address. If an entry is not found and a route is not defined, then this message appears and the connection is dropped. If there is a route, the Secure Firewall Threat Defense device checks which interface it corresponds to. If the packet arrived on another interface, it is either a spoof or there is an asymmetric routing environment that has more than one path to a destination. The Secure Firewall Threat Defense device does not support asymmetric routing. If the Secure Firewall Threat Defense device is configured on an internal interface, it checks static route command statements or RIP, and if the source_address is not found, then an internal user is spoofing their address.","Even though an attack is in progress, if this feature is enabled, no user action is required. The Secure Firewall Threat Defense device repels the attack.",1,Alert,100,access_control,acl
+%FTD-1-106022,106022,Deny protocol connection spoof from source_address to dest_address on interface interface_name,%FTD-1-106022: Deny protocol connection spoof from source_address to dest_address on interface interface_name,"A packet matching a connection arrived on a different interface from the interface on which the connection began. In addition, the ip verify reverse-path command is not configured. For example, if a user starts a connection on the inside interface, but the Secure Firewall Threat Defense device detects the same connection arriving on a perimeter interface, the Secure Firewall Threat Defense device has more than one path to a destination. This is known as asymmetric routing and is not supported on the Secure Firewall Threat Defense device. An attacker also might be attempting to append packets from one connection to another as a way to break into the Secure Firewall Threat Defense device. In either case, the Secure Firewall Threat Defense device shows this message and drops the connection.",Check that the routing is not asymmetric.,1,Alert,100,access_control,acl
+%FTD-4-106023,106023,"Deny interface_name by access-group ""source_address"" [source_port, idfw_user]","%FTD-4-106023: Deny interface_name by access-group ""source_address"" [source_port, idfw_user]",A real IP packet was denied by the ACL. This message appears even if you do not have the log option enabled for an ACL. The IP address is the real IP address instead of the values that display through NAT. Both user identity information and FQDN information is provided for the IP addresses if a matched,None provided.,4,Warning,65,access_control,acl
+%FTD-2-106024,106024,Access rules memory exhausted. Aborting current compilation and continuing to use the existing access rules,%FTD-2-106024: Access rules memory exhausted. Aborting current compilation and continuing to use the existing access rules,"The access list compilation process has run out of memory. All configuration information that has been added since the last successful access list was removed from the Secure Firewall Threat Defense device, and the most recently compiled set of access lists will continue to be used.","Access lists, AAA, ICMP, SSH, Telnet, and other rule types are stored and compiled as access list rule types. Remove some of these rule types so that others can be added.",2,Critical,85,access_control,acl
+%FTD-6-106025,106025,Failed to determine security context for packet: vlansource Vlan src source_address/source_port dest dest_address/dest_port_protocol,%FTD-6-106025: Failed to determine security context for packet: vlansource Vlan src source_address/source_port dest dest_address/dest_port_protocol,The security context of the packet in multiple context mode cannot be determined. Both messages can be generated for IP packets being dropped in either router and transparent mode.,None required.,6,Informational,45,access_control,acl
+%FTD-6-106026,106026,Failed to determine security context for packet: source_vlan src source_address/source_port dest dest_address/dest_port_protocol,%FTD-6-106026: Failed to determine security context for packet: source_vlan src source_address/source_port dest dest_address/dest_port_protocol,The security context of the packet in multiple context mode cannot be determined. Both messages can be generated for IP packets being dropped in either router and transparent mode.,None required.,6,Informational,45,access_control,acl
+%FTD-4-106027,106027,"Deny int_type src src_address:src_mac dst dst_address:dest_mac by access-group ""access-list name"".","%FTD-4-106027: Deny int_type src src_address:src_mac dst dst_address:dest_mac by access-group ""access-list name"".",An non IP packet was denied by the ACL. This message is displayed even if you do not have the log option enabled for an extended ACL.,"If messages persist from the same source address, it might indicate a foot-printing or port-scanning attempt. Contact the remote host administrator.",4,Warning,65,access_control,acl
+%FTD-6-106100,106100,"access-list acl_ID protocol interface_name source_address/source_port(idfw_user)sg_info -> interface_name/dest_address(dest_port)idfw_user hit-cnt sg_info number [string, number]","%FTD-6-106100: access-list acl_ID protocol interface_name source_address/source_port(idfw_user)sg_info -> interface_name/dest_address(dest_port)idfw_user hit-cnt sg_info number [string, number]","The initial occurrence or the total number of occurrences during an interval are listed. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level.",None provided.,6,Informational,35,access_control,acl
+%FTD-1-106101,106101,Number of cached deny-flows for ACL log has reached limit (number),%FTD-1-106101: Number of cached deny-flows for ACL log has reached limit (number),"If you have enabled the log option for an extended ACL and through FlexConfig replaced the Global Access Group on the Secure Firewall Threat Defense device, and when a traffic flow matches the ACL statement, the device caches the flow information and this syslog is generated. This message indicates that",None provided.,1,Alert,100,access_control,acl
+%FTD-4-106103,106103,"access-list acl_ID denied protocol for user 'username' source_address/source_port_interface_name(interface_name) -> dest_address/dest_port(interface_name) hit-cnt sg_info number [string, number]","%FTD-4-106103: access-list acl_ID denied protocol for user 'username' source_address/source_port_interface_name(interface_name) -> dest_address/dest_port(interface_name) hit-cnt sg_info number [string, number]",A packet was denied by an access-list that was applied through a VPN filter. This message is the VPN/AAA filter equivalent of message106023.,None required.,4,Warning,65,access_control,acl
+%FTD-1-107001,107001,"RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name","%FTD-1-107001: RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name",The Secure Firewall Threat Defense device received a RIP reply message with bad authentication. This message might be caused by a misconfiguration on the router or the Secure Firewall Threat Defense device or by an unsuccessful attempt to attack the routing table of the Secure Firewall Threat Defense device.,"This message indicates a possible attack and should be monitored. If you are not familiar with the source IP address listed in this message, change your RIP authentication keys between trusted entities. An attacker might be trying to determine the existing keys.",1,Alert,100,network,routing_rip
+%FTD-2-109011,109011,"Authen Session Start: user 'user', sid number","%FTD-2-109011: Authen Session Start: user 'user', sid number",An authentication session started between the host and the Secure Firewall Threat Defense device and has not yet completed.,None required.,2,Critical,5,authentication,aaa
+%FTD-5-109012,109012,"Authen Session End: user 'user', sid number, elapsed number seconds","%FTD-5-109012: Authen Session End: user 'user', sid number, elapsed number seconds",The authentication cache has timed out. Users must reauthenticate on their next connection. You can change the duration of this timer with the timeout uauth command.,None required.,5,Notification,5,authentication,aaa
+%FTD-3-109013,109013,User must authenticate before using this service,%FTD-3-109013: User must authenticate before using this service,The user must be authenticated before using the service.,"Authenticate using FTP, Telnet, or HTTP before using the service.",3,Error,65,authentication,aaa
+%FTD-3-109016,109016,Cannot find authorization ACL 'acl_id' on 'server_name' for user 'user',%FTD-3-109016: Cannot find authorization ACL 'acl_id' on 'server_name' for user 'user',The specified on the AAA server for this user does not exist on the Secure Firewall Threat Defense device. This error can occur if you configure the AAA server before you configure the Secure Firewall Threat Defense device. The Vendor-Specific Attribute (VSA) on your AAA server might be one of the following values:,"Add the ACL to the Secure Firewall Threat Defense device, making sure to use the same name specified on the AAA server.",3,Error,65,authentication,aaa
+%FTD-3-109018,109018,Downloaded ACL 'acl_ID' is empty,%FTD-3-109018: Downloaded ACL 'acl_ID' is empty,The downloaded authorization has no ACEs. This situation might be caused by misspelling the attribute string ip:inacl# or omitting the access-list command. junk:junk# 1=permit tcp any any eq junk ip:inacl#1=”,Correct the ACL components that have the indicated error on the AAA server.,3,Error,65,authentication,aaa
+%FTD-3-109019,109019,Downloaded ACL 'acl_ID' has parsing error; ACE: 'string'; string,%FTD-3-109019: Downloaded ACL 'acl_ID' has parsing error; ACE: 'string'; string,None provided.,None provided.,3,Error,65,authentication,aaa
+%FTD-3-109020,109020,Downloaded ACL has config error; ACE,%FTD-3-109020: Downloaded ACL has config error; ACE,One of the components of the downloaded authorization has a configuration error. The entire text of the element is included in the message. This message is usually caused by an invalid access-list command statement.,Correct the ACL component that has the indicated error on the AAA server.,3,Error,75,authentication,aaa
+%FTD-3-109026,109026,[ aaa_protocol ] Invalid reply digest received; shared server key may be mismatched.,%FTD-3-109026: [ aaa_protocol ] Invalid reply digest received; shared server key may be mismatched.,"The response from the AAA server cannot be validated. The configured server key is probably incorrect. This message may be generated during transactions with RADIUS or TACACS+ servers. Verify that the server key, configured using the aaa-server command, is correct.",None provided.,3,Error,85,authentication,aaa
+%FTD-4-109027,109027,"[ aaa_protocol ] Unable to decipher response message Server = server_IP_address, User = user","%FTD-4-109027: [ aaa_protocol ] Unable to decipher response message Server = server_IP_address, User = user",The response from the AAA server cannot be validated. The configured server key is probably incorrect. This message may be displayed during transactions with RADIUS or TACACS+ servers. The server_IP_address is the IP address of the relevant AAA server. The user is the user name associated with the connection.,"Verify that the server key, configured using the aaa-server command, is correct.",4,Warning,65,authentication,aaa
+%FTD-5-109029,109029,Parsing downloaded ACL: string,%FTD-5-109029: Parsing downloaded ACL: string,A syntax error occurred while parsing an access list that was downloaded from a RADIUS server during user authentication.,Use the information presented in this message to identify and correct the syntax error in the access list definition within the RADIUS server configuration.,5,Notification,25,authentication,aaa
+%FTD-4-109030,109030,Autodetect ACL convert wildcard did not convert ACL access_list_source dest netmask netmask,%FTD-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list_source dest netmask netmask,A dynamic ACL that is configured on a RADIUS server is not converted by the mechanism for automatically detecting wildcard netmasks. The problem occurs because this mechanism cannot determine if the netmask is a wildcard or a normal netmask.,"Check the access list netmask on the RADIUS server for the wildcard configuration. If the netmask is supposed to be a wildcard, and if all access list netmasks on that server are wildcards, then use the wildcard setting for acl-netmask-convert for the AAA server. Otherwise, change the netmask to a normal netmask or to a wildcard netmask that does not contain holes (that is, where the netmask presents consecutive binary 1s. For example, 00000000.00000000.00011111.11111111 or hex 0.0.31.255). If the mask is supposed to be normal and all access list netmasks on that server are normal, then use the normal setting for acl-netmask-convert for the AAA server.",4,Warning,45,authentication,aaa
+%FTD-3-109032,109032,"Unable to install ACL 'access_list', downloaded for user username; Error in ACE: 'ace'","%FTD-3-109032: Unable to install ACL 'access_list', downloaded for user username; Error in ACE: 'ace'","The Secure Firewall Threat Defense device received an access control list from a RADIUS server to apply to a user connection, but an entry in the list contains a syntax error. Th euse of a list containing an error could result in the violation of a security policy, so the Secure Firewall Threat Defense device failed to authenticate the user. access-list command",Correct the access list definition in the RADIUS server configuration.,3,Error,75,authentication,aaa
+%FTD-4-109033,109033,Authentication failed for admin user user from src_IP. Interactive challenge processing is not supported for protocol,%FTD-4-109033: Authentication failed for admin user user from src_IP. Interactive challenge processing is not supported for protocol,"AAA challenge processing was triggered during authentication of an administrative connection, but the Secure Firewall Threat Defense device cannot initiate interactive challenge processing with the client application. When this occurs, the authentication attempt will be rejected and the connection denied.",None provided.,4,Warning,75,authentication,aaa
+%FTD-4-109034,109034,Authentication failed for network user user from src_IP/port to dst_IP/port. Interactive challenge processing is not supported for protocol connections,%FTD-4-109034: Authentication failed for network user user from src_IP/port to dst_IP/port. Interactive challenge processing is not supported for protocol connections,"AAA challenge processing was triggered during authentication of a network connection, but the Secure Firewall Threat Defense device cannot initiate interactive challenge processing with the client application. When this occurs, the authentication attempt will be rejected and the connection denied.",Reconfigure AAA so that challenge processing does not occur for these connection types. This generally means to avoid authenticating these connection types to RSA SecurID servers or to any token-based AAA server via RADIUS.,4,Warning,85,authentication,aaa
+%FTD-3-109035,109035,Exceeded maximum number (999) of DAP attribute instances for user = user,%FTD-3-109035: Exceeded maximum number (999) of DAP attribute instances for user = user,This log is generated when the number of DAP attributes received from the RADIUS server exceeds the maximum number allowed when authenticating a connection for the specified user.,Modify the DAP attribute configuration to reduce the number of DAP attributes below the maximum number allowed as specified in the log so that the specified user can connect.,3,Error,75,authentication,aaa
+%FTD-6-109036,109036,Exceeded 1000 attribute values for the attribute_name attribute for user username,%FTD-6-109036: Exceeded 1000 attribute values for the attribute_name attribute for user username,The LDAP response message contains an attribute that has more than 1000 values.,None required.,6,Informational,5,authentication,aaa
+%FTD-3-109037,109037,Exceeded 5000 attribute values for the attribute_name attribute for user username,%FTD-3-109037: Exceeded 5000 attribute values for the attribute_name attribute for user username,"The Secure Firewall Threat Defense device supports multiple values of the same attribute received from a AAA server. If the AAA server sends a response containing more than 5000 values for the same attribute, then the Secure Firewall Threat Defense device treats this response message as being malformed",None provided.,3,Error,75,authentication,aaa
+%FTD-3-109038,109038,"Attribute internal-attribute-name value ""string-from-server"" from AAA server could not be parsed as a type","%FTD-3-109038: Attribute internal-attribute-name value ""string-from-server"" from AAA server could not be parsed as a type",The AAA subsystem tried to parse an attribute from the AAA server into an internal representation and failed.,"Verify that the attribute is being generated correctly on the AAA server. For additional information, use the debug ldap and debug radius commands.",3,Error,85,authentication,aaa
+%FTD-5-109039,109039,AAA Authentication: Dropping an unsupported IPv6/IP46/IP64 packet from lifc:laddr to fifc:faddr,%FTD-5-109039: AAA Authentication: Dropping an unsupported IPv6/IP46/IP64 packet from lifc:laddr to fifc:faddr,A packet containing IPv6 addresses or IPv4 addresses translated to IPv6 addresses by NAT requires AAA authentication or authorization. AAA authentication and authorization do not support IPv6 addresses. The packet is dropped.,None required.,5,Notification,45,authentication,aaa
+%FTD-6-109100,109100,"Received CoA update from coa-source-ip for user ""username"", with session ID audit-session-id, changing authorization attributes.","%FTD-6-109100: Received CoA update from coa-source-ip for user ""username"", with session ID audit-session-id, changing authorization attributes.","The Secure Firewall Threat Defense device has successfully processed the CoA policy update request from coa-source-ip for user username with session id audit-session-id . This syslog message is generated after a change of authorization policy update has been received by the Secure Firewall Threat Defense device, validated and applied. In a non-error case, this is the only syslog message that is generated when a change of authorization is received and processed.",None provided.,6,Informational,15,authentication,aaa
+%FTD-6-109101,109101,"Received CoA disconnect request from coa-source-ip for user ""username"", with session ID: audit-session-id.","%FTD-6-109101: Received CoA disconnect request from coa-source-ip for user ""username"", with session ID: audit-session-id.",The Secure Firewall Threat Defense device has received a correctly formatted Disconnect-Request for an active VPN session and has successfully terminated the connection.,None required.,6,Informational,5,authentication,aaa
+%FTD-4-109102,109102,"Received CoA action-type from coa-source-ip, but cannot find named session audit-session-id.","%FTD-4-109102: Received CoA action-type from coa-source-ip, but cannot find named session audit-session-id.","The Secure Firewall Threat Defense device has received a valid change of authorization request, but the session ID specified in the request does not match any active sessions on the Secure Firewall Threat Defense device. This could be the result of the change of authorization server attempting to issue a change of authorization on a session that has already been closed by the user.",None required.,4,Warning,5,authentication,aaa
+%FTD-3-109103,109103,"CoA action-type from coa-source-ip failed for user ""username"", with session ID: audit-session-id.","%FTD-3-109103: CoA action-type from coa-source-ip failed for user ""username"", with session ID: audit-session-id.","The Secure Firewall Threat Defense device has received a correctly formatted change of authorization request, but was unable to process it successfully.",Investigate the relevant VPN subsystem logs to determine why the updated attributes could not be applied or why the session could not be terminated.,3,Error,85,authentication,aaa
+%FTD-3-109104,109104,"CoA (Action type: action-type) from coa-source-ip failed for user ""username"", with session ID: audit-session-id. Action not supported.","%FTD-3-109104: CoA (Action type: action-type) from coa-source-ip failed for user ""username"", with session ID: audit-session-id. Action not supported.",None provided.,None provided.,3,Error,75,authentication,aaa
+%FTD-3-109105,109105,Failed to determine the egress interface for locally generated traffic destined to protocol IP:port.,%FTD-3-109105: Failed to determine the egress interface for locally generated traffic destined to protocol IP:port.,"It is necessary for Secure Firewall Threat Defense device to log a syslog if no routes are present when the interface is BVI. Apparently, if default route is present and it does not route packet to the correct interface then it becomes impossible to track it. In case of Secure Firewall Threat Defense, management routes are looked first following the data interface. So if default route is routing packets to different destination, then it is difficult to track it.",It is highly recommended to add default route for correct destination or add static routes.,3,Error,75,authentication,aaa
+%FTD-5-109201,109201,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded adding entry.","%FTD-5-109201: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded adding entry.","When a VPN user is sucessfully added, this message is generated.",None.,5,Notification,25,authentication,aaa
+%FTD-6-109202,109202,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded incrementing entry use","%FTD-6-109202: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded incrementing entry use",The VPN user account already exists and successfully incremented the reference count.,None.,6,Informational,15,authentication,aaa
+%FTD-3-109203,109203,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed adding entry.","%FTD-3-109203: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed adding entry.",This message is generated when the device failed to apply ACL rules for newly created user entry.,Try to reconnect.,3,Error,75,authentication,aaa
+%FTD-5-109204,109204,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded applying filter.","%FTD-5-109204: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded applying filter.",This message is generated when the device failed to apply ACL rules for newly created user entry.,None.,5,Notification,35,authentication,aaa
+%FTD-3-109205,109205,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed applying filter.","%FTD-3-109205: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed applying filter.",This message is generated when the user entry already exists and failed to apply new rules to session on interface.,Try to reconnect.,3,Error,75,authentication,aaa
+%FTD-3-109206,109206,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Removing stale entry added hours ago.","%FTD-3-109206: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Removing stale entry added hours ago.",This message is generated when the device failed to add user entry due to collision and has removed stale entry.,Try to reconnect.,3,Error,75,authentication,aaa
+%FTD-5-109207,109207,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded updating entry.","%FTD-5-109207: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded updating entry.",This message is generated when the device has successfully applied rules for user on interface.,None.,5,Notification,25,authentication,aaa
+%FTD-3-109208,109208,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating entry - no entry.","%FTD-3-109208: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating entry - no entry.",This message is generated when the device has failed to update user entry with new rules.,Try to reconnect again.,3,Error,75,authentication,aaa
+%FTD-3-109209,109209,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating filter for entry. Entry was allocated to Session=session, User=username hours ago.","%FTD-3-109209: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed updating filter for entry. Entry was allocated to Session=session, User=username hours ago.",None provided.,None provided.,3,Error,75,authentication,aaa
+%FTD-5-109210,109210,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded removing entry.","%FTD-5-109210: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded removing entry.",This message is generated when the device has successfully removed the rules for user during tunnel torn down.,None.,5,Notification,25,authentication,aaa
+%FTD-6-109211,109211,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded decrementing entry use.","%FTD-6-109211: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Succeeded decrementing entry use.",This message is generated when the reference count decremented successfully after tunnel removal.,None.,6,Informational,15,authentication,aaa
+%FTD-3-109212,109212,"UAUTH: Session=session, User=user_name, Assigned IP=ip_address, Failed removing entry - reason_string.","%FTD-3-109212: UAUTH: Session=session, User=user_name, Assigned IP=ip_address, Failed removing entry - reason_string.","This message is generated when the device fails to delete due to invalid address, missing entry, or bad entry.",Try to disconnect again.,3,Error,75,authentication,aaa
+%FTD-3-109213,109213,"UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed removing entry. Address was allocated to Session=session, User=username hours ago.","%FTD-3-109213: UAUTH: Session=session, User=username, Assigned IP=IP_Address, Failed removing entry. Address was allocated to Session=session, User=username hours ago.",This message is generated when the device fails to delete due to collision in user entry.,Try to disconnect again.,3,Error,75,authentication,aaa
+%FTD-6-110002,110002,Failed to locate egress interface for protocol from src_interface:src_ip/src_port to dest_ip/dest_port,%FTD-6-110002: Failed to locate egress interface for protocol from src_interface:src_ip/src_port to dest_ip/dest_port,An error occurred when the Secure Firewall Threat Defense device tried to find the interface through which to send the packet.,"Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC.",6,Informational,25,network,transparent_firewall
+%FTD-6-110003,110003,Routing failed to locate next hop for protocol from src_interface:src_ip/src_port to dest_interface:dest_ip/dest_port,%FTD-6-110003: Routing failed to locate next hop for protocol from src_interface:src_ip/src_port to dest_interface:dest_ip/dest_port,An error occurred when the Secure Firewall Threat Defense device tried to find the next hop on an interface routing table.,"Copy the error message, the configuration, and any details about the events leading up to the error, and contact Cisco TAC. During debugging, use the show asp table routing command to view the routing table details.",6,Informational,25,network,transparent_firewall
+%FTD-6-110004,110004,Egress interface changed from old_active_ifc to new_active_ifc on ip_protocol connection conn_id for outside_zone/parent_outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_zone/parent_inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port),%FTD-6-110004: Egress interface changed from old_active_ifc to new_active_ifc on ip_protocol connection conn_id for outside_zone/parent_outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_zone/parent_inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port),A flow changed on the egress interface.,None required.,6,Informational,5,network,transparent_firewall
+%FTD-6-110005,110005,Routing failed to locate next hop for protocol from interface:address/port to interface:address/port,%FTD-6-110005: Routing failed to locate next hop for protocol from interface:address/port to interface:address/port,None provided.,None provided.,6,Informational,25,network,transparent_firewall
+%FTD-5-111001,111001,Begin configuration: IP_address writing to device,%FTD-5-111001: Begin configuration: IP_address writing to device,"You have entered the write command to store your configuration on a device (either floppy, flash memory, TFTP, the failover standby unit, or the console terminal). The IP_address indicates whether the login was made at the console port or with a Telnet connection.",None required.,5,Notification,5,system,config
+%FTD-5-111002,111002,Begin configuration: ip_address reading from device,%FTD-5-111002: Begin configuration: ip_address reading from device,"You have entered the read command to read your configuration from a device (either floppy disk, flash memory, TFTP, the failover standby unit, or the console terminal). The ip_address indicates whether the login was made at the console port or with a Telnet connection.",None required.,5,Notification,5,system,config
+%FTD-5-111003,111003,IP_address Erase configuration.,%FTD-5-111003: IP_address Erase configuration.,You have erased the contents of flash memory by entering the write erase command at the console. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.,"After erasing the configuration, reconfigure the Secure Firewall Threat Defense device and save the new configuration. Alternatively, you can restore information from a configuration that was previously saved, either on a floppy disk or on a TFTP server elsewhere on the network.",5,Notification,35,system,config
+%FTD-5-111004,111004,IP_address end configuration: {FAILED|OK},%FTD-5-111004: IP_address end configuration: {FAILED|OK},You have entered the config floppy/memory/ network command or the write floppy/memory/network/standby command. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.,"None required if the message ends with OK. If the message indicates a failure, try to fix the problem. For example, if writing to a floppy disk, ensure that the floppy disk is not write protected; if writing to a TFTP server, ensure that the server is up.",5,Notification,5,system,config
+%FTD-5-111005,111005,IP_address end configuration: OK,%FTD-5-111005: IP_address end configuration: OK,None provided.,None provided.,5,Notification,25,system,config
+%FTD-5-111007,111007,Begin configuration: IP_address reading from device,%FTD-5-111007: Begin configuration: IP_address reading from device,"You have entered the reload or configure command to read in a configuration. The device text can be floppy, memory, net, standby, or terminal. The IP_address value indicates whether the login was made at the console port or through a Telnet connection.",None required.,5,Notification,45,system,config
+%FTD-5-111008,111008,User 'user' executed the 'string' command.,%FTD-5-111008: User 'user' executed the 'string' command.,"The user entered any command, with the exception of a show command.",None required. There is an exception for this syslog ID. Syslogs will be seen in logging <destination> even though global syslog is disabled. Note,5,Notification,5,system,config
+%FTD-7-111009,111009,User 'user' executed cmd: string,%FTD-7-111009: User 'user' executed cmd: string,The user entered a command that does not modify the configuration. This message appears only for show commands.,None required.,7,Debugging,5,system,config
+%FTD-5-111010,111010,"User 'username', running 'application-name' from IP ip_addr, executed 'cmd'","%FTD-5-111010: User 'username', running 'application-name' from IP ip_addr, executed 'cmd'",A user made a configuration change.,None required.,5,Notification,5,system,config
+%FTD-1-111111,111111,error_message,%FTD-1-111111: error_message,A system or infrastructure error has occurred.,"If the problem persists, contact the Cisco TAC.",1,Alert,75,system,config
+%FTD-2-112001,112001,Clear finished,%FTD-2-112001: Clear finished,A request to clear the module configuration was completed. The source file and line number are identified.,None required.,2,Critical,5,system,config
+%FTD-3-113001,113001,Unable to open AAA session. Session limit [limit] reached,%FTD-3-113001: Unable to open AAA session. Session limit [limit] reached,The AAA operation on an IPsec tunnel or WebVPN connection cannot be performed because of the unavailability of AAA resources. The limit value indicates the maximum number of concurrent AAA transactions.,"Reduce the demand for AAA resources, if possible.",3,Error,75,authentication,aaa
+%FTD-6-113003,113003,AAA group policy for user user is being set to policy_name,%FTD-6-113003: AAA group policy for user user is being set to policy_name,"The group policy that is associated with the tunnel group is being overridden with a user-specific policy, policy_name . The policy_name is specified using the username command when LOCAL authentication is configured or is returned in the RADIUS CLASS attribute when RADIUS authentication is configured.",None required.,6,Informational,5,authentication,aaa
+%FTD-6-113004,113004,AAA user aaa_type Successful : server = server_IP_address : user = user,%FTD-6-113004: AAA user aaa_type Successful : server = server_IP_address : user = user,"The AAA operation on an IPsec or WebVPN connection has been completed successfully. The AAA types are authentication, authorization, or accounting. The server_IP_address is the IP address of the relevant AAA server. The user is the user name associated with the connection.",None required.,6,Informational,5,authentication,aaa
+%FTD-6-113005,113005,AAA user authentication Rejected : reason = reason : server = ip_address : user =user_name : user IP = ip_address,%FTD-6-113005: AAA user authentication Rejected : reason = reason : server = ip_address : user =user_name : user IP = ip_address,"The AAA authentication on a connection has failed. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured. The AAA authorization on a connection has failed. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.",Retry the authentication. Retry the authorization.,6,Informational,25,authentication,aaa
+%FTD-6-113006,113006,User 'user' locked out on exceeding 'number' successive failed authentication attempts,%FTD-6-113006: User 'user' locked out on exceeding 'number' successive failed authentication attempts,"A locally configured user is being locked out. This happens when a configured number of consecutive authentication failures have occurred for this user and indicates that all future authentication attempts by this user will be rejected until an administrator unlocks the user using the clear aaa local user lockout command. The user is the user that is now locked, and the number is the consecutive failure threshold configured using the aaa local authentication attempts max-fail command.",Try unlocking the user using the clear_aaa_local_user_lockout command or adjusting the maximum number of consecutive authentication failures that are tolerated.,6,Informational,25,authentication,aaa
+%FTD-6-113007,113007,User 'user' unlocked by 'administrator',%FTD-6-113007: User 'user' unlocked by 'administrator',A locally configured user that was locked out after exceeding the maximum number of consecutive authentication failures set by using the aaa local authentication attempts max-fail command has been unlocked by the indicated administrator.,None required.,6,Informational,5,authentication,aaa
+%FTD-6-113008,113008,AAA transaction status ACCEPT : user = user,%FTD-6-113008: AAA transaction status ACCEPT : user = user,The AAA transaction for a user associated with an IPsec or WebVPN connection was completed successfully. The user is the username associated with the connection.,None required.,6,Informational,5,authentication,aaa
+%FTD-6-113009,113009,AAA retrieved default group policy (policy) for user = username,%FTD-6-113009: AAA retrieved default group policy (policy) for user = username,None provided.,None provided.,6,Informational,15,authentication,aaa
+%FTD-6-113010,113010,AAA challenge received for user user from server server_IP_address.,%FTD-6-113010: AAA challenge received for user user from server server_IP_address.,The authentication of an IPsec connection has occurred with a SecurID server. The user will be prompted to provide further information before being authenticated.,None required.,6,Informational,5,authentication,aaa
+%FTD-6-113011,113011,AAA retrieved user specific group policy (policy) for user = user,%FTD-6-113011: AAA retrieved user specific group policy (policy) for user = user,The authentication or authorization of an IPsec or WebVPN connection has occurred. The attributes of the group policy that was specified with the tunnel-group or webvpn commands have been retrieved.,None required.,6,Informational,5,authentication,aaa
+%FTD-6-113012,113012,AAA user authentication Successful : local database : user = user,%FTD-6-113012: AAA user authentication Successful : local database : user = user,The user associated with a IPsec or WebVPN connection has been successfully authenticated to the local user database.,None required.,6,Informational,5,authentication,aaa
+%FTD-6-113013,113013,AAA unable to complete the request Error : reason = reason : user = user,%FTD-6-113013: AAA unable to complete the request Error : reason = reason : user = user,The AAA transaction for a user associated with an IPsec or WebVPN connection has failed because of an error or has been rejected because of a policy violation.,None required.,6,Informational,5,authentication,aaa
+%FTD-6-113014,113014,AAA authentication server not accessible : server = server_IP_address : user = user,%FTD-6-113014: AAA authentication server not accessible : server = server_IP_address : user = user,"The device was unable to communicate with the configured AAA server during the AAA transaction associated with an IPsec or WebVPN connection. This may or may not result in a failure of the user connection attempt depending on the backup servers configured in the aaa-server group and the availability of those servers. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.",Verify connectivity with the configured AAA servers.,6,Informational,35,authentication,aaa
+%FTD-6-113015,113015,AAA user authentication Rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx,%FTD-6-113015: AAA user authentication Rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx,"A request for authentication to the local user database for a user associated with an IPsec or WebVPN connection has been rejected. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.",None required.,6,Informational,5,authentication,aaa
+%FTD-6-113016,113016,AAA credentials rejected : reason = reason : server = server_IP_address : user = user<915CLI>: : user IP = xxx.xxx.xxx.xxx,%FTD-6-113016: AAA credentials rejected : reason = reason : server = server_IP_address : user = user<915CLI>: : user IP = xxx.xxx.xxx.xxx,"The AAA transaction for a user associated with an IPsec or WebVPN connection has failed because of an error or rejected due to a policy violation. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.",None required.,6,Informational,5,authentication,aaa
+%FTD-6-113017,113017,AAA credentials rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx,%FTD-6-113017: AAA credentials rejected : reason = reason : local database : user = user: : user IP = xxx.xxx.xxx.xxx,The AAA transaction for a user associated with an IPsec or WebVPN connection has failed because of an error or rejected because of a policy violation. This event only appears when the AAA transaction is with the local user database rather than with an external AAA server.,None provided.,6,Informational,25,authentication,aaa
+%FTD-3-113018,113018,"User: 'user', Unsupported downloaded ACL Entry: 'ACL_entry', Action: 'action'","%FTD-3-113018: User: 'user', Unsupported downloaded ACL Entry: 'ACL_entry', Action: 'action'",An ACL entry in unsupported format was downloaded from the authentication server. The following list describes the message values:,The ACL entry on the authentication server has to be changed by the administrator to conform to the supported ACL entry formats.,3,Error,65,authentication,aaa
+%FTD-4-113019,113019,"Group = group, Username = username, IP = peer_address, Session disconnected. Session Type: type, Duration: duration, Bytes xmt: count, Bytes rcv: count, Reason: reason","%FTD-4-113019: Group = group, Username = username, IP = peer_address, Session disconnected. Session Type: type, Duration: duration, Bytes xmt: count, Bytes rcv: count, Reason: reason",An indication of when and why the longest idle user is disconnected. User Requested. Indicates a disconnection from client. Lost Carrier Lost Service. The service loss could be due to an issue from ISP during a SSL session establishment. Idle Timeout Max time exceeded Administrator Reset- Indicates disconnection from secure gateway through vpn-sessiondb logoff Administrator Reboot Administrator Shutdown Port Error NAS Error,None provided.,4,Warning,55,authentication,aaa
+%FTD-3-113020,113020,Kerberos error : Clock skew with server ip_address greater than time_in_seconds seconds,%FTD-3-113020: Kerberos error : Clock skew with server ip_address greater than time_in_seconds seconds,None provided.,None provided.,3,Error,65,authentication,aaa
+%FTD-3-113021,113021,Attempted console login failed user 'username' did NOT have appropriate Admin Rights.,%FTD-3-113021: Attempted console login failed user 'username' did NOT have appropriate Admin Rights.,A user has tried to access the management console and was denied.,"If the user is a newly added admin rights user, check that the service type (LOCAL or RADIUS authentication server) for that user is set to allow access: (configuration modification) access Otherwise, the user is inappropriately trying to access the management console; the action to be taken should be consistent with company policy for these matters.",3,Error,95,authentication,aaa
+%FTD-2-113022,113022,AAA Marking protocol server {IP_address | hostname} in aaa-server group tag as FAILED,%FTD-2-113022: AAA Marking protocol server {IP_address | hostname} in aaa-server group tag as FAILED,"The Secure Firewall Threat Defense device has tried an authentication, authorization, or accounting request to the AAA server and did not receive a response within the configured timeout window. The AAA server will be marked as failed and has been removed from service. - RADIUS - TACACS+ - NT - RSA SecurID - Kerberos - LDAP",Verify that the AAA server is online and is accessible from the Secure Firewall Threat Defense device.,2,Critical,100,authentication,aaa
+%FTD-2-113023,113023,AAA Marking protocol server ip-addr in aaa-server group tag as ACTIVE,%FTD-2-113023: AAA Marking protocol server ip-addr in aaa-server group tag as ACTIVE,The Secure Firewall Threat Defense device has reactivated the AAA server that was previously marked as failed. The AAA server is now available to service AAA requests. - RADIUS - TACACS+ - NT - RSA SecurID - Kerberos - LDAP,None required.,2,Critical,5,authentication,aaa
+%FTD-5-113024,113024,"Group tg: Authenticating type connection from ip with username, user_name, from client certificate","%FTD-5-113024: Group tg: Authenticating type connection from ip with username, user_name, from client certificate",The prefill username feature overrides the username with one derived from the client certificate for use in AAA.,None required.,5,Notification,5,authentication,aaa
+%FTD-5-113025,113025,Group tg: fields Could not authenticate connection_type connection from ip,%FTD-5-113025: Group tg: fields Could not authenticate connection_type connection from ip,A username cannot be successfully extracted from the certificate.,"The administrator should check that the authentication aaa certificate, ssl certificate-authentication, and authorization-dn-attributes keywords have been set correctly.",5,Notification,25,authentication,aaa
+%FTD-4-113026,113026,Error error while executing Lua script for group tunnel_group,%FTD-4-113026: Error error while executing Lua script for group tunnel_group,An error occurred while extracting a username from the client certificate for use in AAA. This message is only generated when the username-from-certificate use-script option is enabled.,Examine the script being used by the username-from-certificate use-script option for errors.,4,Warning,45,authentication,aaa
+%FTD-2-113027,113027,Error activating tunnel-group scripts,%FTD-2-113027: Error activating tunnel-group scripts,The script file cannot be loaded successfully. No tunnel groups using the username-from-certificate use-script option work correctly.,The administrator should check the script file for errors using ASDM. Use the debug aaa command to obtain a more detailed error message that may be useful.,2,Critical,85,authentication,aaa
+%FTD-7-113028,113028,Extraction of username from VPN client certificate has string.. [Request num],%FTD-7-113028: Extraction of username from VPN client certificate has string.. [Request num],The processing request of a username from a certificate is running or has finished. number.,None required.,7,Debugging,5,authentication,aaa
+%FTD-4-113029,113029,Group group User user IP ipaddr Session could not be established: session limit of num reached.,%FTD-4-113029: Group group User user IP ipaddr Session could not be established: session limit of num reached.,The user session cannot be established because the current number of sessions exceeds the maximum session load.,"Increase the configured limit, if possible, to create a load-balanced cluster.",4,Warning,45,authentication,aaa
+%FTD-4-113030,113030,"Group group User user IP ipaddr User ACL acl from AAA doesn't exist on the device, terminating connection.","%FTD-4-113030: Group group User user IP ipaddr User ACL acl from AAA doesn't exist on the device, terminating connection.",The specified ACL was not found on the Secure Firewall Threat Defense device.,Modify the configuration to add the specified ACL or to correct the ACL name.,4,Warning,45,authentication,aaa
+%FTD-4-113031,113031,Group group User user IP ipaddr AnyConnect 'vpn-filter filter' is an IPv6 ACL; ACL not applied.,%FTD-4-113031: Group group User user IP ipaddr AnyConnect 'vpn-filter filter' is an IPv6 ACL; ACL not applied.,The type of ACL to be applied is incorrect. An IPv6 ACL has been configured as an IPv4 ACL through the vpn-filter command.,"Validate the VPN filter and IPv6 VPN filter configurations on the Secure Firewall Threat Defense device, and the filter parameters on the AAA (RADIUS) server. Make sure that the correct type of ACL is specified.",4,Warning,45,authentication,aaa
+%FTD-4-113032,113032,Group group User user IP ipaddr AnyConnect 'ipv6-vpn-filter filter' is an IPv4 ACL; ACL not applied.,%FTD-4-113032: Group group User user IP ipaddr AnyConnect 'ipv6-vpn-filter filter' is an IPv4 ACL; ACL not applied.,The type of ACL to be applied is incorrect. An IPv4 ACL has been configured as an IPv6 ACL through the ipv6-vpn-filter command.,Validate the VPN filter and IPv6 VPN filter configurations on the Secure Firewall Threat Defense device and the filter parameters on the AAA (RADIUS) server. Make sure that the correct type of ACL is specified.,4,Warning,45,authentication,aaa
+%FTD-6-113033,113033,Group group User user IP ipaddr AnyConnect session not allowed. ACL parse error.,%FTD-6-113033: Group group User user IP ipaddr AnyConnect session not allowed. ACL parse error.,None provided.,None provided.,6,Informational,15,authentication,aaa
+%FTD-4-113034,113034,"Group group User user IP ipaddr User ACL acl from AAA ignored, AV-PAIR ACL used instead.","%FTD-4-113034: Group group User user IP ipaddr User ACL acl from AAA ignored, AV-PAIR ACL used instead.",The specified ACL was not used because a Cisco AV-PAIR ACL was used.,Determine the correct ACL to use and correct the configuration.,4,Warning,45,authentication,aaa
+%FTD-4-113035,113035,Group <group> User <user> IP <ip_address> Session terminated: AnyConnect not enabled or invalid AnyConnect image on the device_name,%FTD-4-113035: Group <group> User <user> IP <ip_address> Session terminated: AnyConnect not enabled or invalid AnyConnect image on the device_name,"The user logged in via the AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The session connection has been terminated.",Enable the SVC globally using the svc-enable command. Validate the integrity and versions of the SVC images by reloading new images using the svc image command.,4,Warning,75,authentication,aaa
+%FTD-4-113036,113036,Group group User user IP ipaddr AAA parameter name value invalid.,%FTD-4-113036: Group group User user IP ipaddr AAA parameter name value invalid.,The given parameter has a bad value. The value is not shown because it might be very long.,Modify the configuration to correct the indicated parameter.,4,Warning,55,authentication,aaa
+%FTD-6-113037,113037,"Group <group> User <user> IP <ip_address> Reboot pending, new sessions disabled. Denied user login.","%FTD-6-113037: Group <group> User <user> IP <ip_address> Reboot pending, new sessions disabled. Denied user login.",A user was unable to log in to WebVPN because the Secure Firewall Threat Defense device is in the process of rebooting.,None required.,6,Informational,45,authentication,aaa
+%FTD-4-113038,113038,Group group User user IP ipaddr Unable to create AnyConnect_parent session.,%FTD-4-113038: Group group User user IP ipaddr Unable to create AnyConnect_parent session.,"The AnyConnect session was not created for the user in the specified group because of resource issues. For example, the user may have reached the maximum login limit.",None required.,4,Warning,5,authentication,aaa
+%FTD-6-113039,113039,Group group User user IP ipaddr AnyConnect_parent session started.,%FTD-6-113039: Group group User user IP ipaddr AnyConnect_parent session started.,"The AnyConnect session has started for the user in this group at the specified IP address. When the user logs in via the AnyConnect login page, the AnyConnect session starts.",None required.,6,Informational,5,authentication,aaa
+%FTD-4-113040,113040,Group group User user IP ipaddr Terminating the VPN connection attempt from attempted_group. Reason: This connection is group locked to locked_group..,%FTD-4-113040: Group group User user IP ipaddr Terminating the VPN connection attempt from attempted_group. Reason: This connection is group locked to locked_group..,The tunnel group over which the connection is attempted is not the same as the tunnel group set in the group lock.,Check the group-lock value in the group policy or the user attributes.,4,Warning,45,authentication,aaa
+%FTD-4-113041,113041,Redirect ACL configured for assigned_IP does not exist on the device.,%FTD-4-113041: Redirect ACL configured for assigned_IP does not exist on the device.,"An error occurred when the redirect URL was installed and the ACL was received from the ISE, but the redirect ACL does not exist on the Secure Firewall Threat Defense device.",Configure the redirect ACL on the Secure Firewall Threat Defense device.,4,Warning,45,authentication,aaa
+%FTD-4-113042,113042,Non-HTTP connection from src_if:src_ip/src_port to dest_if:dest_ip/dest_port denied by redirect filter; only HTTP connections are supported for redirection.,%FTD-4-113042: Non-HTTP connection from src_if:src_ip/src_port to dest_if:dest_ip/dest_port denied by redirect filter; only HTTP connections are supported for redirection.,"For the CoA feature, the redirect ACL filter drops the matching non-HTTP traffic during the redirect processing and provides information about the terminated traffic flow.",Validate the redirect ACL configuration on the Secure Firewall Threat Defense device. Make sure that the correct filter is used to match the traffic to redirect and does not block the flow that is intended to be allowed through.,4,Warning,65,authentication,aaa
+%FTD-1-114001,114001,Failed to initialize card-type I/O card due to error_string.,%FTD-1-114001: Failed to initialize card-type I/O card due to error_string.,The system failed to initialize a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are I2C serial bus errors:,None provided.,1,Alert,85,system,hardware
+%FTD-1-114002,114002,Failed to initialize SFP in card-type I/O card due to error_string.,%FTD-1-114002: Failed to initialize SFP in card-type I/O card due to error_string.,The system failed to initialize an SFP connector in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are the I2C serial bus errors:,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",1,Alert,85,system,hardware
+%FTD-1-114003,114003,Failed to run cached commands in card-type I/O card due to error_string.,%FTD-1-114003: Failed to run cached commands in card-type I/O card due to error_string.,The system failed to run cached commands in a 4GE SSM I/O card because of an I2C error or a switch initialization error.,None provided.,1,Alert,85,system,hardware
+%FTD-6-114004,114004,4GE_SSM I/O card Initialization is started.,%FTD-6-114004: 4GE_SSM I/O card Initialization is started.,The user has been notified that a 4GE SSM I/O initialization is starting.,None required.,6,Informational,5,system,hardware
+%FTD-6-114005,114005,4GE_SSM I/O card Initialization has completed.,%FTD-6-114005: 4GE_SSM I/O card Initialization has completed.,The user has been notified that an 4GE SSM I/O initialization is finished.,None required.,6,Informational,5,system,hardware
+%FTD-3-114006,114006,Failed to get port statistics in card-type I/O card due to error_string.,%FTD-3-114006: Failed to get port statistics in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to obtain port statistics in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are the I2C serial bus errors:,None provided.,3,Error,75,system,hardware
+%FTD-3-114007,114007,Failed to get current msr in card-type I/O card due to error_string.,%FTD-3-114007: Failed to get current msr in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to obtain the current module status register information in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are the I2C serial bus errors:,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-114008,114008,Failed to enable port after link is up in card-type I/O card due to error_string.,%FTD-3-114008: Failed to enable port after link is up in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to enable a port after the link transition to Up state is detected in a 4GE SSM I/O card because of either an I2C serial bus access error or a switch access error. following are I2C serial bus errors:,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-114009,114009,Failed to set multicast address in card-type I/O card due to error_string.,%FTD-3-114009: Failed to set multicast address in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to set the multicast address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are I2C serial bus errors:,None provided.,3,Error,75,system,hardware
+%FTD-3-114010,114010,Failed to set multicast hardware address in card-type I/O card due to error_string.,%FTD-3-114010: Failed to set multicast hardware address in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to set the multicast hardware address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are I2C serial bus errors:,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-114011,114011,Failed to delete multicast address in card-type I/O card due to error_string.,%FTD-3-114011: Failed to delete multicast address in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to delete the multicast address in a 4GE SSM I/O card because of either an I2C error or a switch initialization error.,None provided.,3,Error,75,system,hardware
+%FTD-3-114012,114012,Failed to delete multicast hardware address in card-type I/O card due to error_string.,%FTD-3-114012: Failed to delete multicast hardware address in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to delete the multicast hardware address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are I2C serial bus errors:,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-114013,114013,Failed to set mac address table in card-type I/O card due to error_string.,%FTD-3-114013: Failed to set mac address table in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to set the MAC address table in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-114014,114014,Failed to set mac address in card-type I/O card due to error_string.,%FTD-3-114014: Failed to set mac address in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to set the MAC address in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR,None provided.,3,Error,75,system,hardware
+%FTD-3-114015,114015,Failed to set mode in card-type I/O card due to error_string.,%FTD-3-114015: Failed to set mode in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to set individual or promiscuous mode in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-114016,114016,Failed to set multicast mode in card-type I/O card due to error_string.,%FTD-3-114016: Failed to set multicast mode in card-type I/O card due to error_string.,None provided.,None provided.,3,Error,75,system,hardware
+%FTD-3-114017,114017,Failed to get link status in card-type I/O card due to error_string.,%FTD-3-114017: Failed to get link status in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to obtain link status in a 4GE SSM I/O card because of an I2C serial bus access error or a switch access error. following are the I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR,None provided.,3,Error,75,system,hardware
+%FTD-3-114018,114018,Failed to set port speed in card-type I/O card due to error_string.,%FTD-3-114018: Failed to set port speed in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to set the port speed in a 4GE SSM I/O card because of an I2C error or a switch initialization error. following are the I2C serial bus errors: - I2C_BUS_TRANSACTION_ERROR - I2C_CHKSUM_ERROR - I2C_TIMEOUT_ERROR - I2C_BUS_COLLISION_ERROR - I2C_HOST_BUSY_ERROR - I2C_UNPOPULATED_ERROR - I2C_SMBUS_UNSUPPORT - I2C_BYTE_COUNT_ERROR - I2C_DATA_PTR_ERROR,"Perform the following steps: 1. Log and review the messages and the errors associated with the event. 2. Reboot the software running on the Secure Firewall Threat Defense device. 3. Power cycle the device. When you turn off the power, make sure you wait several seconds before turning the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-114019,114019,Failed to set media type in card-type I/O card due to error_string.,%FTD-3-114019: Failed to set media type in card-type I/O card due to error_string.,The Secure Firewall Threat Defense device failed to set the media type in a 4GE SSM I/O card because of an I2C error or a switch initialization error.,None provided.,3,Error,75,system,hardware
+%FTD-3-114020,114020,Port link speed is unknown in 4GE_SSM I/O card.,%FTD-3-114020: Port link speed is unknown in 4GE_SSM I/O card.,The Secure Firewall Threat Defense device cannot detect the port link speed in a 4GE SSM I/O card.,"Perform the following steps: 1. Log and review the messages associated with the event. 2. Reset the 4GE SSM I/O card and observe whether or not the software automatically recovers from the event. 3. If the software does not recover automatically, power cycle the device. When you turn off the power, make sure you wait several seconds before you turn the power on. 4. If the problem persists, contact the Cisco TAC.",3,Error,65,system,hardware
+%FTD-3-114021,114021,Failed to set multicast address table in 4GE_SSM I/O card due to error.,%FTD-3-114021: Failed to set multicast address table in 4GE_SSM I/O card due to error.,The Secure Firewall Threat Defense device failed to set the multicast address table in the 4GE SSM I/O card because of either an I2C serial bus access error or a switch access error. errors include: - I2C_BUS_TRANSACTION_ERROR,None provided.,3,Error,75,system,hardware
+%FTD-3-114022,114022,Failed to pass broadcast traffic in 4GE SSM I/O card due to error_string,%FTD-3-114022: Failed to pass broadcast traffic in 4GE SSM I/O card due to error_string,The Secure Firewall Threat Defense device failed to pass broadcast traffic in the 4GE SSM I/O card because of a switch access error.,"Perform the following steps: 1. Log the message and errors surrounding the event. 2. Retrieve the ssm4ge_dump file from the compact flash, and send it to Cisco TAC. 3. Contact Cisco TAC with the information collected in Steps 1 and 2. The 4GE SSM will be automatically reset and recover. Note",3,Error,75,system,hardware
+%FTD-3-114023,114023,Failed to cache/flush mac table in 4GE_SSM I/O card due to error_string.,%FTD-3-114023: Failed to cache/flush mac table in 4GE_SSM I/O card due to error_string.,A failure to cache or flush the MAC table in a 4GE SSM I/O card occurred because of an I2C serial bus access error or a switch access error. This message rarely occurs. access error (which is a decimal error code). I2C_BUS_TRANSACTION_ERROR,None provided.,3,Error,75,system,hardware
+%FTD-2-115000,115000,"Critical assertion in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","%FTD-2-115000: Critical assertion in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","The critical assertion has gone off and is used during development in checked builds only, but never in production builds.","A high priority defect should be filed, the reason for the assertion should be investigated, and the problem corrected.",2,Critical,95,system,general
+%FTD-3-115001,115001,"Error in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","%FTD-3-115001: Error in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition",None provided.,None provided.,3,Error,65,system,general
+%FTD-4-115002,115002,"Warning in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","%FTD-4-115002: Warning in process: process name fiber: fiber name , component: component name , subcomponent: subcomponent name , file: filename , line: line number , cond: condition","A warning assertion has gone off and is used during development in checked builds only, but never in production builds.","The reason for the assertion should be investigated and if a problem is found, a defect should be filed, and the problem corrected.",4,Warning,55,system,general
+%FTD-5-199001,199001,Reloaded at time by user. Reload reason: reload reason,%FTD-5-199001: Reloaded at time by user. Reload reason: reload reason,The address of the host that is initiating an Secure Firewall Threat Defense device reboot with the reload command has been recorded.,None required.,5,Notification,45,system,general
+%FTD-6-199002,199002,Startup completed. Beginning operation.,%FTD-6-199002: Startup completed. Beginning operation.,"The Secure Firewall Threat Defense device finished its initial boot and the flash memory reading sequence, and is ready to begin operating normally.",None provided.,6,Informational,15,system,general
+%FTD-6-199003,199003,Reducing Link MTU dec,%FTD-6-199003: Reducing Link MTU dec,The Secure Firewall Threat Defense device received a packet from the outside network that uses a larger MTU than the inside network. The Secure Firewall Threat Defense device then sent an ICMP message to the outside host to negotiate an appropriate MTU. The log message includes the sequence number of the ICMP message.,None required.,6,Informational,5,system,general
+%FTD-6-199005,199005,Startup begin,%FTD-6-199005: Startup begin,The Secure Firewall Threat Defense device started.,None required.,6,Informational,5,system,general
+%FTD-1-199010,199010,"Signal number caught in process/fiber (rtcli_async_executor_process)/(rtcli_async_executor) at address ip_address, corrective action at ip_address","%FTD-1-199010: Signal number caught in process/fiber (rtcli_async_executor_process)/(rtcli_async_executor) at address ip_address, corrective action at ip_address",The system has recovered from a serious error.,Contact the Cisco TAC.,1,Alert,75,system,general
+%FTD-2-199011,199011,"Close on bad channel in process/fiber process_name/fiber_name, channel ID p, channel state channel_state","%FTD-2-199011: Close on bad channel in process/fiber process_name/fiber_name, channel ID p, channel state channel_state",An unexpected channel close condition has been detected.,Contact the Cisco TAC and attach a log file.,2,Critical,85,system,general
+%FTD-1-199012,199012,"Stack overflow during new_stack_call in process/fiber process_name/fiber_name, call target f, stack size s","%FTD-1-199012: Stack overflow during new_stack_call in process/fiber process_name/fiber_name, call target f, stack size s",None provided.,None provided.,1,Alert,75,system,general
+%FTD-1-199013,199013,syslog,%FTD-1-199013: syslog,A variable syslog was generated by an assistive process.,Contact the Cisco TAC.,1,Alert,75,system,general
+%FTD-2-199014,199014,syslog,%FTD-2-199014: syslog,A variable syslog was generated by an assistive process.,Contact the Cisco TAC.,2,Critical,85,system,general
+%FTD-3-199015,199015,syslog,%FTD-3-199015: syslog,A variable syslog was generated by an assistive process. Example of syslog messages generated: These logs do not indicate any issues. They are populated only to provide information. Note = Ethernet 1/5 for slot 0 port = port interfaceName = Ethernet 1/16,Contact the Cisco TAC.,3,Error,65,system,general
+%FTD-4-199016,199016,syslog,%FTD-4-199016: syslog,"A variable syslog was generated by an assistive process. In some instances, the message may appear to be an issue that is internal to the device platform process. For example, in the following message though it indicates to be an internal device issue, it is related to an internal virtual device which is not used on the device platform, and it does not cause any functionality impact. %FTD-4-199016: mm dd HH:MM:SS acpid: input device has been disconnected, fd 4",Contact the Cisco TAC.,4,Warning,45,system,general
+%FTD-5-199017,199017,syslog,%FTD-5-199017: syslog,A variable syslog was generated by an assistive process.,None required.,5,Notification,5,system,general
+%FTD-6-199018,199018,syslog,%FTD-6-199018: syslog,A variable syslog was generated by an assistive process.,None required.,6,Informational,5,system,general
+%FTD-7-199019,199019,syslog,%FTD-7-199019: syslog,A variable syslog was generated by an assistive process.,None required.,7,Debugging,5,system,general
+%FTD-2-199020,199020,System memory utilization has reached X %. System will reload if memory usage reaches the configured trigger level of Y %.,%FTD-2-199020: System memory utilization has reached X %. System will reload if memory usage reaches the configured trigger level of Y %.,The system memory utilization has reached 80% of the system memory watchdog facility's configured value.,"Reduce system memory utilization by reducing traffic load, removing traffic inspections, reducing the number of ACL entries, and so on. If a memory leak is suspected, contact Cisco TAC.",2,Critical,100,system,general
+%FTD-1-199021,199021,System memory utilization has reached the configured threshold of Y%%. System will now reload.,%FTD-1-199021: System memory utilization has reached the configured threshold of Y%%. System will now reload.,The system memory utilization has reached 100% of the system memory watchdog facility's configured value. The system will automatically reload.,"Reduce system memory utilization by reducing traffic load, removing traffic inspections, reducing the number of ACL entries, and so on. If a memory leak is suspected, contact Cisco TAC.",1,Alert,95,system,general
+%FTD-3-201002,201002,Too many TCP connections on {static|xlate} global_address ! econns_nconns,%FTD-3-201002: Too many TCP connections on {static|xlate} global_address ! econns_nconns,The maximum number of TCP connections to the specified global address was exceeded.,Use the show static or show nat command to check the limit imposed on connections to a static address. The limit is configurable.,3,Error,75,network,session
+%FTD-2-201003,201003,Embryonic limit exceeded nconns/elimit for outside_address/outside_port to inside_address(global_address)/inside_port on interface interface_name,%FTD-2-201003: Embryonic limit exceeded nconns/elimit for outside_address/outside_port to inside_address(global_address)/inside_port on interface interface_name,"The number of embryonic connections from the specified foreign address with the specified static global address to the specified local address exceeds the embryonic limit. When the limit on embryonic connections to the Secure Firewall Threat Defense device is reached, the Secure Firewall Threat Defense device attempts to accept them anyway, but puts a time limit on the connections. This situation allows some connections to succeed even if the Secure Firewall Threat Defense device is very busy. This message indicates a more serious overload than message 201002, which can be caused by a SYN attack, or by a very heavy load of legitimate traffic.",Use the show static command to check the limit imposed on embryonic connections to a static address.,2,Critical,100,network,session
+%FTD-3-201004,201004,Too many udp connections on {static|xlate} global_address! udp_connections_limit,%FTD-3-201004: Too many udp connections on {static|xlate} global_address! udp_connections_limit,The maximum number of UDP connections to the specified global address was exceeded.,Use the show static or show nat command to check the limit imposed on connections to a static address. You can configure the limit.,3,Error,75,network,session
+%FTD-3-201005,201005,FTP data connection failed for IP_address,%FTD-3-201005: FTP data connection failed for IP_address,The Secure Firewall Threat Defense device cannot allocate a structure to track the data connection for FTP because of insufficient memory.,Reduce the amount of memory usage or purchase additional memory.,3,Error,75,network,session
+%FTD-3-201006,201006,RCMD backconnection failed for IP_address/port,%FTD-3-201006: RCMD backconnection failed for IP_address/port,The Secure Firewall Threat Defense device cannot preallocate connections for inbound standard output for rsh commands because of insufficient memory.,"Check the rsh client version; the Secure Firewall Threat Defense device only supports the Berkeley rsh client version. You can also reduce the amount of memory usage, or purchase additional memory.",3,Error,75,network,session
+%FTD-3-201008,201008,Disallowing new connections.,%FTD-3-201008: Disallowing new connections.,You have enabled TCP system log messaging and the syslog server cannot be reached.,"Disable TCP syslog messaging. Also, make sure that the syslog server is up and you can ping the host from the Secure Firewall Threat Defense console. Then restart TCP system message logging to allow traffic.",3,Error,65,network,session
+%FTD-3-201009,201009,TCP connection limit of number for host IP_address on interface_name exceeded,%FTD-3-201009: TCP connection limit of number for host IP_address on interface_name exceeded,The maximum number of connections to the specified static address was exceeded.,None provided.,3,Error,75,network,session
+%FTD-6-201010,201010,Embryonic connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port on interface interface_name,%FTD-6-201010: Embryonic connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port on interface interface_name,"An attempt to establish a TCP connection failed because of an exceeded embryonic connection limit, which was configured with the set connection embryonic-conn-max MPC command for a traffic class. To reduce the impact of anomalous incoming traffic on ASA's different management or data interfaces and protocols, the interfaces are configured with a default embryonic limit of 100. This syslog message appears when the embryonic connections to ASA interface exceeds 100. This default value cannot be modified or disabled. output: The first packet that initiates the connection is an output packet on the interface interface_name connection the connection",None required.,6,Informational,5,network,session
+%FTD-3-201011,201011,Connection limit exceeded cnt/limit for dir packet from sip/sport to dip/dport on interface if_name,%FTD-3-201011: Connection limit exceeded cnt/limit for dir packet from sip/sport to dip/dport on interface if_name,"A new connection through the Secure Firewall Threat Defense device resulted in exceeding at least one of the configured maximum connection limits. This message applies both to connection limits configured using a static command, or to those configured using Cisco Modular Policy Framework. The new connection will not be allowed through the Secure Firewall Threat Defense device until one of the existing connections is torn down, which brings the current connection count below the configured maximum.",None required.,3,Error,5,network,session
+%FTD-6-201012,201012,Per-client embryonic connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name,%FTD-6-201012: Per-client embryonic connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name,"An attempt to establish a TCP connection failed because the per-client embryonic connection limit was exceeded. By default, this message is rate limited to 1 message every 10 seconds.","When the limit is reached, any new connection request will be proxied by the Secure Firewall Threat Defense device to prevent a SYN flood attack. The Secure Firewall Threat Defense device will only connect to the server if the client is able to finish the three-way handshake. This usually does not affect the end user or the application. However, if this creates a problem for any application that has a legitimate need for a higher number of embryonic connections, you can adjust the setting by entering the set connection per-client-embryonic-max command.",6,Informational,45,network,session
+%FTD-3-201013,201013,Per-client connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name,%FTD-3-201013: Per-client connection limit exceeded curr_num/limit for [input|output] packet from ip_address/port to ip_address/port on interface interface_name,A connection was rejected because the per-client connection limit was exceeded.,"When the limit is reached, any new connection request will be silently dropped. Normally an application will retry the connection, which will cause a delay or even a timeout if all retries also fail. If an application has a legitimate need for a higher number of concurrent connections, you can adjust the setting by entering the set connection per-client-max command.",3,Error,95,network,session
+%FTD-3-202010,202010,{NAT | PAT} pool exhausted in pool'pool_name' IP ip_addressport_range [1-511 | 512-1023 | 1024-65535] Unable to create protocol connection from inside_interface:src_ip/src_port to outside_interface:dest_ip/dest_port.,%FTD-3-202010: {NAT | PAT} pool exhausted in pool'pool_name' IP ip_addressport_range [1-511 | 512-1023 | 1024-65535] Unable to create protocol connection from inside_interface:src_ip/src_port to outside_interface:dest_ip/dest_port.,None provided.,None provided.,3,Error,75,network,session
+%FTD-3-202016,202016,Unable to pre-allocate SIP ip_protocol secondary channel for message from src_ifname:src_ip_addr/src_port to dst_ifname:dest_ip_addr/dest_port with PAT and missing port information.,%FTD-3-202016: Unable to pre-allocate SIP ip_protocol secondary channel for message from src_ifname:src_ip_addr/src_port to dst_ifname:dest_ip_addr/dest_port with PAT and missing port information.,"When SIP application generates an SDP payload with Media port set to 0, you cannot allocate a PAT xlate for such invalid port request and drop the packet with this syslog.",None. This is an application specific issue.,3,Error,95,network,session
+%FTD-3-208005,208005,Clear (command) return code,%FTD-3-208005: Clear (command) return code,The Secure Firewall Threat Defense device received a nonzero value (an internal error) when attempting to clear the configuration in flash memory. The message includes the reporting subroutine filename and line number.,"For performance reasons, the end host should be configured not to inject IP fragments. This configuration change is probably because of NFS. Set the read and write size equal to the interface MTU for NFS.",3,Error,65,system,config
+%FTD-4-209003,209003,"Fragment database limit of number exceeded: src = source_address , dest = dest_address , proto = protocol , id = number","%FTD-4-209003: Fragment database limit of number exceeded: src = source_address , dest = dest_address , proto = protocol , id = number","Too many IP fragments are currently awaiting reassembly. By default, the maximum number of fragments is 200 (to raise the maximum, see the fragment size command in the command reference guide). The Secure Firewall Threat Defense device limits the number of IP fragments that can be concurrently reassembled. This restriction prevents memory depletion at the Secure Firewall Threat Defense device under abnormal network conditions. In general, fragmented traffic should be a small percentage of the total traffic mix. An exception is in a network environment with NFS over UDP where a large percentage is fragmented traffic; if this type of traffic is relayed through the Secure Firewall Threat Defense device, consider using NFS",None provided.,4,Warning,55,network,ip_stack
+%FTD-4-209004,209004,"Invalid IP fragment, size = bytes exceeds maximum size = bytes : src = source_address , dest = dest_address , proto = protocol , id = number","%FTD-4-209004: Invalid IP fragment, size = bytes exceeds maximum size = bytes : src = source_address , dest = dest_address , proto = protocol , id = number","An IP fragment is malformed. The total size of the reassembled IP packet exceeds the maximum possible size of 65,535 bytes.","A possible intrusion event may be in progress. If this message persists, contact the remote peer administrator or upstream provider.",4,Warning,75,network,ip_stack
+%FTD-4-209005,209005,Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.,%FTD-4-209005: Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.,"The Secure Firewall Threat Defense device disallows any IP packet that is fragmented into more than 24 fragments. For more information, see the fragment command in the command reference guide.","A possible intrusion event may be in progress. If the message persists, contact the remote peer administrator or upstream provider. You can change the number of fragments per packet by using the fragment chain xxx interface_name command.",4,Warning,65,network,ip_stack
+%FTD-4-209006,209006,"Fragment queue threshold exceeded, dropped protocol fragment from IP address/port to IP address/port on outside interface.","%FTD-4-209006: Fragment queue threshold exceeded, dropped protocol fragment from IP address/port to IP address/port on outside interface.","The Secure Firewall Threat Defense device drops the fragmented packets when the fragment database threshold, that is 2/3 of the queue size per interface, has exceeded.",None required.,4,Warning,75,network,ip_stack
+%FTD-3-210001,210001,LU sw_module_name error = number,%FTD-3-210001: LU sw_module_name error = number,A Stateful Failover error occurred.,"If this error persists after traffic lessens through the Secure Firewall Threat Defense device, report this error to the Cisco TAC.",3,Error,65,system,failover
+%FTD-3-210002,210002,LU allocate block (bytes) failed,%FTD-3-210002: LU allocate block (bytes) failed,None provided.,None provided.,3,Error,75,system,failover
+%FTD-3-210003,210003,Unknown LU Object number,%FTD-3-210003: Unknown LU Object number,"Stateful Failover received an unsupported Logical Update object and was unable to process it. This can be caused by corrupted memory, LAN transmissions, and other events.","If you see this error infrequently, then no action is required. If this error occurs frequently, check the Stateful Failover link LAN connection. If the error was not caused by a faulty failover link LAN connection, determine if an external user is trying to compromise the protected network. Also check for misconfigured clients.",3,Error,95,system,failover
+%FTD-3-210005,210005,LU allocate secondary (optional ) connection failed for protocol [TCP |UDP ] connection from ingress interface name :Real IP Address /Real Port to egress interface name :Real IP Address /Real Port,%FTD-3-210005: LU allocate secondary (optional ) connection failed for protocol [TCP |UDP ] connection from ingress interface name :Real IP Address /Real Port to egress interface name :Real IP Address /Real Port,Stateful Failover cannot allocate a new connection on the standby unit. This may be caused by little or no RAM memory available within the Secure Firewall Threat Defense device. This could additionally be caused by flow creation failure due to resource limitation or reaching configured resource usage limits. The secondary field in the syslog message is optional and appears only if the connection is a secondary connection. Note,"Check the available memory using the show memory command to make sure that the Secure Firewall Threat Defense device has free memory. If there is no available memory, add more physical memory to the Secure Firewall Threat Defense device. Check resource limitation using the show resource usage command and show asp drop to ensure that the device is not reaching the resource limitation.",3,Error,95,system,failover
+%FTD-3-210006,210006,LU look NAT for IP_address failed,%FTD-3-210006: LU look NAT for IP_address failed,Stateful Failover was unable to locate a NAT group for the IP address on the standby unit. The active and standby Secure Firewall Threat Defense devices may be out-of-sync with each other.,Use the write standby command on the active unit to synchronize system memory with the standby unit.,3,Error,75,system,failover
+%FTD-3-210007,210007,LU allocate xlate failed for type-staticdynamic NAT translation from PAT:secondary(optional)/protocol (ingress_interface_name/Real_IP_Address) to real_port:Mapped_IP_Address/Mapped_Port (egress_interface_name/Real_IP_Address),%FTD-3-210007: LU allocate xlate failed for type-staticdynamic NAT translation from PAT:secondary(optional)/protocol (ingress_interface_name/Real_IP_Address) to real_port:Mapped_IP_Address/Mapped_Port (egress_interface_name/Real_IP_Address),Stateful Failover failed to allocate a translation slot record.,"Check the available memory by using the show memory command to make sure that the Secure Firewall Threat Defense device has free memory available. If no memory is available, add more memory.",3,Error,75,system,failover
+%FTD-3-210008,210008,LU no xlate for inside_address/inside_port outside_address/outside_port,%FTD-3-210008: LU no xlate for inside_address/inside_port outside_address/outside_port,"The Secure Firewall Threat Defense device cannot find a translation slot record for a Stateful Failover connection; as a result, the Secure Firewall Threat Defense device cannot process the connection information.",Use the write standby command on the active unit to synchronize system memory between the active and standby units.,3,Error,65,system,failover
+%FTD-3-210010,210010,LU make UDP connection for outside_address:outside_port inside_address:inside_port failed,%FTD-3-210010: LU make UDP connection for outside_address:outside_port inside_address:inside_port failed,Stateful Failover was unable to allocate a new record for a UDP connection.,"Check the available memory by using the show memory command to make sure that the Secure Firewall Threat Defense device has free memory available. If no memory is available, add more memory.",3,Error,75,system,failover
+%FTD-3-210020,210020,LU PAT port port reserve failed,%FTD-3-210020: LU PAT port port reserve failed,Stateful Failover is unable to allocate a specific PAT address that is in use.,Use the write standby command on the active unit to synchronize system memory between the active and standby units.,3,Error,75,system,failover
+%FTD-3-210021,210021,LU create static xlate global_address ifc interface_name failed,%FTD-3-210021: LU create static xlate global_address ifc interface_name failed,Stateful Failover is unable to create a translation slot.,Enter the write standby command on the active unit to synchronize system memory between the active and standby units.,3,Error,75,system,failover
+%FTD-6-210022,210022,LU missed number updates,%FTD-6-210022: LU missed number updates,"Stateful Failover assigns a sequence number for each record sent to the standby unit. When a received record sequence number is out of sequence with the last updated record, the information in between is assumed to be lost, and this error message is sent as a result.","Unless LAN interruptions occur, check the available memory on both Secure Firewall Threat Defense units to ensure that enough memory is available to process the stateful information. Use the show failover command to monitor the quality of stateful information updates. This chapter includes messages from 211001 to 219002.",6,Informational,15,system,failover
+%FTD-3-211001,211001,Memory allocation Error,%FTD-3-211001: Memory allocation Error,The Secure Firewall Threat Defense device failed to allocate RAM system memory.,"If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC.",3,Error,75,system,general
+%FTD-3-211003,211003,Error in computed percentage CPU usage value,%FTD-3-211003: Error in computed percentage CPU usage value,The percentage of CPU usage is greater than 100 percent.,"If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC.",3,Error,65,system,general
+%FTD-1-211004,211004,"WARNING: Minimum Memory Requirement for device version ver not met. min MB required, actual MB found.","%FTD-1-211004: WARNING: Minimum Memory Requirement for device version ver not met. min MB required, actual MB found.",The Secure Firewall Threat Defense device does not meet the minimum memory requirements for this version.,Install the required amount of RAM.,1,Alert,75,system,general
+%FTD-3-212001,212001,"Unable to open SNMP channel (UDP port port) on interface ""interface_number"", error code = code","%FTD-3-212001: Unable to open SNMP channel (UDP port port) on interface ""interface_number"", error code = code","The Secure Firewall Threat Defense device is unable to receive SNMP requests destined for the Secure Firewall Threat Defense device from SNMP management stations located on this interface. The SNMP traffic passing through the Secure Firewall Threat Defense device on any interface is not affected. The error codes are as follows: transport for the interface. This can occur when the user attempts to change the port on which SNMP accepts queries to one that is already in use by another feature. In this case, the port used by SNMP will be reset to the default port for incoming SNMP queries (UDP 161). transport for the interface.","After the Secure Firewall Threat Defense device reclaims some of its resources when traffic is lighter, reenter the snmp-server host command for that interface.",3,Error,75,system,snmp
+%FTD-3-212002,212002,"Unable to open SNMP trap channel (UDP port port) on interface ""interface_number"", error code = code","%FTD-3-212002: Unable to open SNMP trap channel (UDP port port) on interface ""interface_number"", error code = code",The Secure Firewall Threat Defense device is unable to send its SNMP traps from the Secure Firewall Threat Defense device to SNMP management stations located on this interface. The SNMP traffic passing through the Secure Firewall Threat Defense device on any interface is not affected. The error codes are as follows: transport for the interface. transport for the interface. as write-only.,"After the Secure Firewall Threat Defense device reclaims some of its resources when traffic is lighter, reenter the snmp-server host command for that interface.",3,Error,75,system,snmp
+%FTD-3-212003,212003,"Unable to receive an SNMP request on interface ""interface_number"", error code = code, will try again.","%FTD-3-212003: Unable to receive an SNMP request on interface ""interface_number"", error code = code, will try again.",An internal error occurred in receiving an SNMP request destined for the Secure Firewall Threat Defense device on the specified interface. The error codes are as follows: transport type for the interface. UDP channel for the interface.,None provided.,3,Error,75,system,snmp
+%FTD-3-212004,212004,"Unable to send an SNMP response to IP_address, error code = port","%FTD-3-212004: Unable to send an SNMP response to IP_address, error code = port",An internal error occurred in sending an SNMP response from the Secure Firewall Threat Defense device to the specified host on the specified interface. The error codes are as follows: transport type for the interface. destination IP address in the UDP channel. exceeded the supported UDP segment size. system block to construct the PDU.,None required.,3,Error,5,system,snmp
+%FTD-3-212005,212005,"incoming SNMP request (number bytes) from interface_name exceeds data buffer size, discarding this SNMP request.","%FTD-3-212005: incoming SNMP request (number bytes) from interface_name exceeds data buffer size, discarding this SNMP request.",The length of the incoming SNMP request that is destined for the Secure Firewall Threat Defense device exceeds the size of the internal data buffer (512 bytes) used for storing the request during internal processing. The Secure Firewall Threat Defense device is unable to process this request. The SNMP traffic passing through the Secure Firewall Threat Defense device on any interface is not affected.,"Have the SNMP management station resend the request with a shorter length. For example, instead of querying multiple MIB variables in one request, try querying only one MIB variable in a request. You may need to modify the configuration of the SNMP manager software.",3,Error,75,system,snmp
+%FTD-3-212006,212006,Dropping SNMP request from src_addr/src_port to ifc:dst_addr/dst_port because: reasonusername,%FTD-3-212006: Dropping SNMP request from src_addr/src_port to ifc:dst_addr/dst_port because: reasonusername,The Secure Firewall Threat Defense device cannot process the SNMP request being sent to it for the following reasons:,None provided.,3,Error,85,system,snmp
+%FTD-5-212009,212009,Configuration request for SNMP group groupname failed. User username reason,%FTD-5-212009: Configuration request for SNMP group groupname failed. User username reason,"A user has tried to change the SNMP server group configuration. One or more users that refer to the group have insufficient settings to comply with the requested group changes. - missing auth-password —A user has tried to add authentication to the group, and the user has not specified an authentication password - missing priv-password —A user has tried to add privacy to the group, and the user has not specified an encryption password - reference group intended for removal —A user has tried to remove a group that has users belonging to it","The user must update the indicated user configurations before changing the group or removing indicated users, and then add them again after making changes to the group.",5,Notification,35,system,snmp
+%FTD-3-212010,212010,Configuration request for SNMP user s failed. Host s reason,%FTD-3-212010: Configuration request for SNMP user s failed. Host s reason,A user has tried to change the SNMP server user configuration by removing one or more hosts that reference the user. One message is generated per host. - references user intended for removal— The name of the user to be removed from the host.,None provided.,3,Error,75,system,snmp
+%FTD-3-212011,212011,engineBoots is set to maximum value. Reason: Reason. User intervention necessary. For example:,%FTD-3-212011: engineBoots is set to maximum value. Reason: Reason. User intervention necessary. For example:,"The device has rebooted 214783647 times, which is the maximum allowed value of the engineBoots variable, or an error reading the persistent value from flash memory has occurred. The engineBoots value is stored in flash memory in the flash:/snmp/ctx-name file, where ctx-name is the name of the context. In single mode, the name of this file is flash:/snmp/single_vf. In multi-mode, the name of the file for the admin context is flash:/snmp/admin. During a reboot, if the device is unable to read from the file or write to the file, the engineBoots value is set to the maximum. The two valid strings are “device reboots” and “error accessing persistent data.”","For the first string, the administrator must delete all SNMP Version 3 users and add them again to reset the engineBoots variable to 1. All subsequent Version 3 queries will fail until all users have been removed. For the second string, the administrator must delete the context-specific file, then delete all SNMP Version users, and add them again to reset the engineBoots variable to 1. All subsequent Version 3 queries will fail until all users have been removed.",3,Error,75,system,snmp
+%FTD-3-212012,212012,Unable to write engine data to persistent storage.,%FTD-3-212012: Unable to write engine data to persistent storage.,"The SNMP engine data is written to the file, flash:/snmp/context-name . For example: in single mode, the data is written to the file, flash:/snmp/single_vf. In the admin context in multi-mode, the file is written to the directory, flash:/snmp/admin. The error may be caused by a failure to create the flash:/snmp directory or the flash:/snmp/context-name file. The error may also be caused by a failure to write to the file.","The system administrator should remove the flash:/snmp/context-name file, then remove all SNMP Version 3 users, and add them again. This procedure should recreate the flash:/snmp/context-name file. If the problem persists, the system administrator should try reformatting the flash.",3,Error,75,system,snmp
+%FTD-2-214001,214001,Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number bytes) longer than number bytes,%FTD-2-214001: Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number bytes) longer than number bytes,An incoming encrypted data packet destined for the Secure Firewall Threat Defense management port indicates a packet length exceeding the specified upper limit. This may be a hostile event. The Secure Firewall Threat Defense device immediately terminates this management connection.,Ensure that the management connection was initiated by Cisco Secure Policy Manager.,2,Critical,85,system,general
+%FTD-2-215001,215001,"Bad route_compress() call, sdb = number","%FTD-2-215001:Bad route_compress() call, sdb = number",An internal software error occurred.,Contact the Cisco TAC.,2,Critical,85,network,ip_stack
+%FTD-3-216002,216002,"Unexpected event (major: major_id , minor: minor_id ) received by task_string in function at line: line_num","%FTD-3-216002: Unexpected event (major: major_id , minor: minor_id ) received by task_string in function at line: line_num","A task registers for event notification, but the task cannot handle the specific event. Events that can be watched include those associated with queues, booleans, and timer services. If any of the registered events occur, the scheduler wakes up the task to process the event. This message is generated if an unexpected event woke up the task, but it does not know how to handle the event. If an event is left unprocessed, it can wake up the task very often to make sure that it is processed, but this should not occur under normal conditions. If this message appears, it does not necessarily mean the device is unusable, but something unusual has occurred and needs to be investigated.","If the problem persists, contact the Cisco TAC.",3,Error,75,system,general
+%FTD-3-216003,216003,"Unrecognized timer timer_ptr , timer_id received by task_string in function at line: line_num","%FTD-3-216003: Unrecognized timer timer_ptr , timer_id received by task_string in function at line: line_num","An unexpected timer event woke up the task, but the task does not know how to handle the event. A task can register a set of timer services with the scheduler. If any of the timers expire, the scheduler wakes up the task to take action. This message is generated if the task is awakened by an unrecognized timer event.",None provided.,3,Error,65,system,general
+%FTD-4-216004,216004,prevented: error in function at file(line) - stack trace,%FTD-4-216004: prevented: error in function at file(line) - stack trace,"An internal logic error has occurred, which should not occur during normal operation. - Exception - Dereferencing null pointer - Array index out of bounds - Invalid buffer size - Writing from input - Source and destination overlap - Invalid date - Access offset from array indices 0x00304e58 0x00670060 0x00130b04”)","If the problem persists, contact the Cisco TAC.",4,Warning,55,system,general
+%FTD-2-217001,217001,No memory for string in string,%FTD-2-217001: No memory for string in string,An operation failed because of low memory.,"If sufficient memory exists, then send the error message, the configuration, and any details about the events leading up to the error to the Cisco TAC.",2,Critical,95,system,general
+%FTD-2-218001,218001,Failed Identification Test in slot# [fail #/res ].,%FTD-2-218001: Failed Identification Test in slot# [fail #/res ].,None provided.,None provided.,2,Critical,95,system,hardware
+%FTD-2-218002,218002,"Module slot# is a registered proto-type for Cisco Lab use only, and not certified for live network operation.","%FTD-2-218002: Module slot# is a registered proto-type for Cisco Lab use only, and not certified for live network operation.",The hardware in the specified location is a prototype module that came from a Cisco lab.,"If this message reoccurs, copy it exactly as it appears on the console or in the system log. Research and try to resolve the error using the Output Interpreter. Also perform a search with the Bug Toolkit. If the problem persists, contact the Cisco TAC.",2,Critical,85,system,hardware
+%FTD-2-218003,218003,"Module Version in slot# is obsolete. The module in slot = slot# is obsolete and must be returned via RMA to Cisco Manufacturing. If it is a lab unit, it must be returned to Proto Services for upgrade.","%FTD-2-218003: Module Version in slot# is obsolete. The module in slot = slot# is obsolete and must be returned via RMA to Cisco Manufacturing. If it is a lab unit, it must be returned to Proto Services for upgrade.",Obsolete hardware has been detected or the show module command has been run for the module. This message is generated once per minute after it first appears.,"If this message recurs, copy it exactly as it appears on the console or in the system log. Research and try to resolve the error using the Output Interpreter. Also perform a search with the Bug Toolkit. If the problem persists, contact the Cisco TAC.",2,Critical,95,system,hardware
+%FTD-2-218004,218004,Failed Identification Test in slot# [fail#/res],%FTD-2-218004: Failed Identification Test in slot# [fail#/res],A problem occurred while identifying hardware in the specified location.,"If this message recurs, copy it exactly as it appears on the console or in the system log. Research and try to resolve the error using the Output Interpreter. Also perform a search with the Bug Toolkit. If the problem persists, contact the Cisco TAC.",2,Critical,95,system,hardware
+%FTD-2-218005,218005,Inconsistency detected in the system information programmed in non-volatile memory.,%FTD-2-218005: Inconsistency detected in the system information programmed in non-volatile memory.,System information programmed in non-volatile memory is not consistent. This syslog will be generated during bootup if Secure Firewall Threat Defense device detects that the contents of the IDPROM are not identical to the contents of ACT2 EEPROM. Since the IDPROM and ACT2 EEPROM are programmed,None provided.,2,Critical,85,system,hardware
+%FTD-3-219002,219002,"I2C_API_name() error, slot = slot_number, device = device_number, address = address, byte count = count. Reason: reason_string","%FTD-3-219002: I2C_API_name() error, slot = slot_number, device = device_number, address = address, byte count = count. Reason: reason_string","The I2C serial bus API has failed because of a hardware or software problem. occurred. The slot number cannot be unique to a slot in the chassis. Depending on the chassis, two different slots might have the same I2C slot number. Also, the value is not necessarily less than or equal to the number of slots. The value depends on the way the I2C hardware is wired. performed",Perform the following steps:,3,Error,75,system,hardware
+%FTD-6-302003,302003,Built H245 connection for faddr foreign_ip_address laddr local_ip_address/local_port,%FTD-6-302003: Built H245 connection for faddr foreign_ip_address laddr local_ip_address/local_port,An H.245 connection has been started from the foreign_ip_address to the local_ip_address. The Secure Firewall Threat Defense device has detected the use of an Intel Internet Phone. The foreign port (foreign_port ) only appears on connections from outside the Secure Firewall Threat Defense device. The local port value (local_port ) only appears on connections that were started on an internal interface.,None required.,6,Informational,5,network,session
+%FTD-6-302004,302004,Pre-allocate H323 {TCP | UDP} backconnection for faddr foreign_ip_address to laddr local_ip_address/local_port,%FTD-6-302004: Pre-allocate H323 {TCP | UDP} backconnection for faddr foreign_ip_address to laddr local_ip_address/local_port,An H.323 UDP back connection has been preallocated to the foreign address (foreign_ip_address) from the local address (local_ip_address). The Secure Firewall Threat Defense device has detected the use of an Intel Internet Phone. The foreign port (foreign_port) only appears on connections from outside the Secure Firewall Threat Defense device. The local port value (local_port) only appears on connections that were started on an internal interface.,None required.,6,Informational,5,network,session
+%FTD-6-302010,302010,"connections in use, connections most used","%FTD-6-302010: connections in use, connections most used",Provides information on the number of connections that are in use and most used.,None required.,6,Informational,5,network,session
+%FTD-6-302013,302013,Built {inbound | outbound}[Probe] TCP connection connection_id for interface:real-address/real-port ((mapped-address/mapped-port))idfw_user to interface:real-address/real-port (mapped-address/mapped-port)inside_idfw_and_sg_info id_port_num rx_ring_num [(user)],%FTD-6-302013: Built {inbound | outbound}[Probe] TCP connection connection_id for interface:real-address/real-port ((mapped-address/mapped-port))idfw_user to interface:real-address/real-port (mapped-address/mapped-port)inside_idfw_and_sg_info id_port_num rx_ring_num [(user)],"A TCP connection slot between two hosts was created. If inbound is specified, the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, the original control connection was initiated from the inside.",None required.,6,Informational,5,network,session
+%FTD-6-302014,302014,Teardown [Probe]TCP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes reason_stringteardown_initiatorinitiator port_num rx_ring_num max-rate conn_rate/max_permissible_rate (user),%FTD-6-302014: Teardown [Probe]TCP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes reason_stringteardown_initiatorinitiator port_num rx_ring_num max-rate conn_rate/max_permissible_rate (user),None provided.,None provided.,6,Informational,15,network,session
+%FTD-6-302015,302015,Built {inbound | outbound} UDP connection connection_id for interface:real_address/real_port (mapped_address/mapped_port)idfw_user to interface:real_address/real_port (mapped_address/mapped_port)idfw_user id_port_num rx_ring_num [(user)],%FTD-6-302015: Built {inbound | outbound} UDP connection connection_id for interface:real_address/real_port (mapped_address/mapped_port)idfw_user to interface:real_address/real_port (mapped_address/mapped_port)idfw_user id_port_num rx_ring_num [(user)],"A UDP connection slot between two hosts was created. The following list describes the message values: If inbound is specified, then the original control connection is initiated from the outside. For example, for UDP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, then the original control connection is initiated from the inside.",None required.,6,Informational,5,network,session
+%FTD-6-302016,302016,Teardown UDP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num max-rate conn_rate/max_permissible_rate Bps (user),%FTD-6-302016: Teardown UDP connection connection_id for interface:real_address/real_portidfw_user to interface:real_address/real_portidfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num max-rate conn_rate/max_permissible_rate Bps (user),A UDP connection slot between two hosts was deleted. The following list describes the message values:,None required.,6,Informational,5,network,session
+%FTD-6-302017,302017,Built {inbound | outbound} GRE connection id from interface:real_address (translated_address)idfw_user to interface:real_address/real_cid (translated_address/translated_cid)idfw_user id_port_num rx_ring_num [(user)],%FTD-6-302017: Built {inbound | outbound} GRE connection id from interface:real_address (translated_address)idfw_user to interface:real_address/real_cid (translated_address/translated_cid)idfw_user id_port_num rx_ring_num [(user)],"A GRE connection slot between two hosts was created. The id is an unique identifier. The interface, real_address, real_cid tuple identifies the one of the two simplex PPTP GRE streams. The parenthetical translated_address, translated_cid tuple identifies the translated value with NAT. If inbound is indicated, then the connection can only be used inbound. If outbound is indicated, then the connection can only be used for outbound. The following list describes the message values:",None provided.,6,Informational,15,network,session
+%FTD-6-302018,302018,Teardown GRE connection id from interface:real_addresstranslated_address to interface:real_address/real_cididfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num [(user)],%FTD-6-302018: Teardown GRE connection id from interface:real_addresstranslated_address to interface:real_address/real_cididfw_user duration hh:mm:ss bytes bytes id_port_num rx_ring_num [(user)],"A GRE connection slot between two hosts was deleted. The interface, real_address, real_port tuples identify the actual sockets. Duration identifies the lifetime of the connection. The following list describes the message values:",None required.,6,Informational,5,network,session
+%FTD-3-302019,302019,"H.323 library_name ASN Library failed to initialize, error code number","%FTD-3-302019: H.323 library_name ASN Library failed to initialize, error code number","The specified ASN librar y that the Secure Firewall Threat Defense device uses for decoding the H.323 messages failed to initialize; the Secure Firewall Threat Defense device cannot decode or inspect the arriving H.323 packet. The Secure Firewall Threat Defense device allows the H.323 packet to pass through without any modification. When the next H.323 message arrives, the Secure Firewall Threat Defense device tries to initialize the library again.","If this message is generated consistently for a particular library, contact the Cisco TAC and provide them with all log messages (preferably with timestamps).",3,Error,75,network,session
+%FTD-6-302021,302021,Teardown ICMP connection for faddr src_ip_address/src_portoutside_idfw_user gaddr dest_ip_address/dest_port laddr dest_ip_address/dest_portinside_idfw_user [(user)] type type code code Internal-Data0/port_num:RX[rx_ring_num],%FTD-6-302021: Teardown ICMP connection for faddr src_ip_address/src_portoutside_idfw_user gaddr dest_ip_address/dest_port laddr dest_ip_address/dest_portinside_idfw_user [(user)] type type code code Internal-Data0/port_num:RX[rx_ring_num],This message is generated when an ICMP session is removed in the fast-path. The following list describes the message values:,None provided.,6,Informational,15,network,session
+%FTD-6-302022,302022,Built role stub TCP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port)),%FTD-6-302022: Built role stub TCP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port)),A TCP director/backup/forwarder flow has been created.,None required.,6,Informational,5,network,session
+%FTD-6-302023,302023,Teardown stub TCP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason,%FTD-6-302023: Teardown stub TCP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason,A TCP director/backup/forwarder flow has been torn down.,None required.,6,Informational,5,network,session
+%FTD-6-302024,302024,Built role stub UDP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port),%FTD-6-302024: Built role stub UDP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port),A UDP director/backup/forwarder flow has been created.,None required.,6,Informational,5,network,session
+%FTD-6-302025,302025,Teardown stub UDP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason,%FTD-6-302025: Teardown stub UDP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason,A UDP director/backup/forwarder flow has been torn down.,None required.,6,Informational,5,network,session
+%FTD-6-302026,302026,Built role stub ICMP connection for interface:real-address/real-port (mapped-address) to interface:real-address/real-port (mapped-address),%FTD-6-302026: Built role stub ICMP connection for interface:real-address/real-port (mapped-address) to interface:real-address/real-port (mapped-address),An ICMP director/backup/forwarder flow has been created.,None required.,6,Informational,5,network,session
+%FTD-6-302027,302027,Teardown stub ICMP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason,%FTD-6-302027: Teardown stub ICMP connection for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss forwarded bytes bytes reason,An ICMP director/backup/forwarder flow has been torn down.,None required.,6,Informational,5,network,session
+%FTD-4-302034,302034,Unable to Pre-allocate H323 GUP Connection for faddr interface_name:foreign_ip_address to laddr interface_name:local_ip_address/local_port,%FTD-4-302034: Unable to Pre-allocate H323 GUP Connection for faddr interface_name:foreign_ip_address to laddr interface_name:local_ip_address/local_port,The module failed to allocate RAM system memory while starting a connection or has no more address translation slots available.,"If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC. You can check the size of the global pool compared to the number of inside network clients.",4,Warning,55,network,session
+%FTD-6-302037,302037,Built {inbound|outbound} IPINIP connection conn_id from outside_interface:outside_ip/{outside_mapped_ip|outside_port} outside_idfw_user to inside_interface_name:inside_ip/{inside_mapped_ip|inside_port} inside_idfw_user [(user)],%FTD-6-302037: Built {inbound|outbound} IPINIP connection conn_id from outside_interface:outside_ip/{outside_mapped_ip|outside_port} outside_idfw_user to inside_interface_name:inside_ip/{inside_mapped_ip|inside_port} inside_idfw_user [(user)],IPINIP flow has been created. the FTD the FTD FTD FTD,None required.,6,Informational,5,network,session
+%FTD-3-302302,302302,ACL=deny;no_sa_created,%FTD-3-302302: ACL=deny;no_sa_created,IPsec proxy mismatches have occurred. Proxy hosts for the negotiated SA correspond to a deny access-list command policy.,Check the access-list command statement in the configuration. Contact the administrator for the peer.,3,Error,95,network,session
+%FTD-6-302303,302303,Built TCP state-bypass connection conn_id from initiator_interface:real_ip/real_port (mapped_ip/mapped_port) to responder_interface:real_ip/real_port (mapped_ip/mapped_port),%FTD-6-302303: Built TCP state-bypass connection conn_id from initiator_interface:real_ip/real_port (mapped_ip/mapped_port) to responder_interface:real_ip/real_port (mapped_ip/mapped_port),"A new TCP connection has been created, and this connection is a TCP-state-bypass connection. This type of connection bypasses all the TCP state checks and additional security checks and inspections.","If you need to secure TCP traffic with all the normal TCP state checks as well as all other security checks and inspections, you can use the no set connection advanced-options tcp-state-bypass command to disable this feature for TCP traffic.",6,Informational,15,network,session
+%FTD-6-302304,302304,Teardown TCP state-bypass connection conn_id from initiator_interface:ip/portuser to responder_interface:ip/portuser duration duration bytes bytesteardown reason .,%FTD-6-302304: Teardown TCP state-bypass connection conn_id from initiator_interface:ip/portuser to responder_interface:ip/portuser duration duration bytes bytesteardown reason .,"A new TCP connection has been torn down, and this connection is a TCP-state-bypass connection. This type of connection bypasses all the TCP state checks and additional security checks and inspections.",None provided.,6,Informational,15,network,session
+%FTD-4-302311,302311,Failed to create a new protocol connection from ingress_interface:source_ip/source_port to egress_interface:destination_ip/destination_port due to application cache memory allocation failure. The app-cache memory threshold level is threshold% and threshold check is enabled/disabled,%FTD-4-302311: Failed to create a new protocol connection from ingress_interface:source_ip/source_port to egress_interface:destination_ip/destination_port due to application cache memory allocation failure. The app-cache memory threshold level is threshold% and threshold check is enabled/disabled,A new connection could not be created due to app-cache memory allocation failure. The failure could be due to system running out of memory or exceeding app-cache memory threshold.,Disable memory intensive features on the device or reduce the number of through-the-box connections.,4,Warning,55,network,session
+%FTD-6-303002,303002,"FTP connection from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port, userusername action file filename","%FTD-6-303002: FTP connection from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port, userusername action file filename",A client has uploaded or downloaded a file from the FTP server.,None required.,6,Informational,5,network,session
+%FTD-5-303004,303004,"FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_interface","%FTD-5-303004: FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_interface","Strict FTP inspection on FTP traffic has been used, and an FTP request message contains a command that is not recognized by the device.",None required.,5,Notification,5,network,session
+%FTD-5-303005,303005,"Strict FTP inspection matched match_string in policy-map policy-name, action_string from src_ifc:sip/sport to dest_ifc:dip/dport","%FTD-5-303005: Strict FTP inspection matched match_string in policy-map policy-name, action_string from src_ifc:sip/sport to dest_ifc:dip/dport","When FTP inspection matches any of the following configured values: filename, file type, request command, server, or username, then the action specified by the action_string in this message occurs.",None required.,5,Notification,5,network,session
+%FTD-3-305006,305006,{outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port [(idfw_user )] dst interface_name:dest_address/dest_port [(idfw_user )],%FTD-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port [(idfw_user )] dst interface_name:dest_address/dest_port [(idfw_user )],"The ICMP error inspection was enabled and the following conditions were met: protocols. For example, forward flow is UDP or TCP, reverse flow is ICMP. The switch in protocols occurs when either the receiver or any intermediary device in the path returns ICMP error messages, for example type 3 code 3. translate the outer header IP addresses because the device does not apply PAT to all ICMP message types; it only applies PAT ICMP echo and echo-reply packets (types 8 and 0).",None required.,3,Error,5,network,nat
+%FTD-6-305009,305009,Built {dynamic|static} translation from interface_name[(acl-name)]:real_addressidfw_user to interfacename:mapped_address,%FTD-6-305009: Built {dynamic|static} translation from interface_name[(acl-name)]:real_addressidfw_user to interfacename:mapped_address,"An address translation slot was created. The slot translates the source address from the local side to the global side. In reverse, the slot translates the destination address from the global side to the local side.",None required.,6,Informational,5,network,nat
+%FTD-6-305010,305010,Teardown {dynamic|static} translation from interface_name:real_address idfw_user to interfacename:mapped_address duration time,%FTD-6-305010: Teardown {dynamic|static} translation from interface_name:real_address idfw_user to interfacename:mapped_address duration time,The address translation slot was deleted.,None required.,6,Informational,5,network,nat
+%FTD-6-305011,305011,Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name:real_address/real_portidfw_user to interfacename:mapped_address/mapped_port,%FTD-6-305011: Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name:real_address/real_portidfw_user to interfacename:mapped_address/mapped_port,"A TCP, UDP, or ICMP address translation slot was created. The slot translates the source socket from the local side to the global side. In reverse, the slot translates the destination socket from the global side to the local side.",None required.,6,Informational,5,network,nat
+%FTD-6-305012,305012,Teardown interface_name acl-name translation from real_address:real_port/real_ICMP_IDidfw_user to interface_namemapped_address:mapped_port/mapped_ICMP_ID duration time,%FTD-6-305012: Teardown interface_name acl-name translation from real_address:real_port/real_ICMP_IDidfw_user to interface_namemapped_address:mapped_port/mapped_ICMP_ID duration time,The address translation slot was deleted.,None required.,6,Informational,5,network,nat
+%FTD-6-305014,305014,Allocated num_of_blocks block of ports for translation from real_interface:real_host_ip to real_dest_interface:real_dest_ip/real_dest_port_start-real_dest_port_end,%FTD-6-305014: Allocated num_of_blocks block of ports for translation from real_interface:real_host_ip to real_dest_interface:real_dest_ip/real_dest_port_start-real_dest_port_end,"When CGNAT “block-allocation” is configured, this syslog will be generated on allocation of a new port block.",None.,6,Informational,15,network,nat
+%FTD-6-305015,305015,Released block_size block of ports for translation from real_interface:real_host_ip to real_destination_interface:real_dest_ip/port_start-port_end,%FTD-6-305015: Released block_size block of ports for translation from real_interface:real_host_ip to real_destination_interface:real_dest_ip/port_start-port_end,None provided.,None provided.,6,Informational,15,network,nat
+%FTD-3-305016,305016,Unable to create protocol connection from source_interface_name:source_ip_address/source_port to destination_interface_name:destination_ip/destination_port due to reaching per-host PAT port block limit of threshold-limit.,%FTD-3-305016: Unable to create protocol connection from source_interface_name:source_ip_address/source_port to destination_interface_name:destination_ip/destination_port due to reaching per-host PAT port block limit of threshold-limit.,The maximum port blocks per host limit has been reached for a host or the port blocks have been exhausted.,"For reaching the per-host PAT port block limit, review the maximum blocks per host limit by entering the following command: xlate block-allocation maximum-per-host 4 For the port block exhaustion in the PAT pool, we recommend increasing the pool size. Also, review the block size by entering the following command: xlate block-allocation size 512",3,Error,75,network,nat
+%FTD-3-305017,305017,Pba-interim-logging: Active Active_ICMP block of ports for translation from source:device_IP to destination:device_IP/Active_Port-Block,%FTD-3-305017: Pba-interim-logging: Active Active_ICMP block of ports for translation from source:device_IP to destination:device_IP/Active_Port-Block,When CGNAT interim logging feature is turned on. This syslog specifies the Active Port Block from a particular source IP address to a destination IP address at that time.,None.,3,Error,65,network,nat
+%FTD-4-305021,305021,Ports exhausted in pre-allocated PAT pool IP mapped_ip_address for host real_host_ip. Allocating from new PAT pool IP mapped_ip_address,%FTD-4-305021: Ports exhausted in pre-allocated PAT pool IP mapped_ip_address for host real_host_ip. Allocating from new PAT pool IP mapped_ip_address,None provided.,None provided.,4,Warning,45,network,nat
+%FTD-4-305022,305022,Cluster unit unit_name has been allocated num_of_port_blocks port-blocks from ip_address on interface interface_name for PAT usage. All units should have at least min_num_of_port_blocks port-blocks,%FTD-4-305022: Cluster unit unit_name has been allocated num_of_port_blocks port-blocks from ip_address on interface interface_name for PAT usage. All units should have at least min_num_of_port_blocks port-blocks,This message is generated on a node when it joins cluster and does not get any or unequal share of port blocks. Examples %FTD-4-305022: Cluster unit FTD-4 has been allocated 0 port blocks for PAT usage. All units should have at least 32 port blocks. %FTD-4-305022: Cluster unit FTD-4 has been allocated 12 port blocks for PAT usage. All units should have at least 32 port blocks.,None.,4,Warning,45,network,nat
+%FTD-3-305023,305023,Unable to create TCP connection from inside:<ip/port> to outside:<ip/port> due to IP port block exhaustion in PAT pool pool_name IP port_address.,%FTD-3-305023: Unable to create TCP connection from inside:<ip/port> to outside:<ip/port> due to IP port block exhaustion in PAT pool pool_name IP port_address.,This message is generated when the device could not create a new connection because the PAT pool was exhausted.,None.,3,Error,75,network,nat
+%FTD-6-308001,308001,Console enable password incorrect for number tries (from IP_address),%FTD-6-308001: Console enable password incorrect for number tries (from IP_address),This is a Secure Firewall Threat Defense management message. This message appears after the specified number of times a user incorrectly types the password to enter privileged mode. The maximum is three attempts.,Verify the password and try again.,6,Informational,25,system,config
+%FTD-4-308002,308002,static global_address inside_address netmask netmask overlapped with global_address inside_address netmask netmask,%FTD-4-308002: static global_address inside_address netmask netmask overlapped with global_address inside_address netmask netmask,None provided.,None provided.,4,Warning,45,system,config
+%FTD-6-311001,311001,LU loading standby start,%FTD-6-311001: LU loading standby start,Stateful Failover update information was sent to the standby Secure Firewall Threat Defense device when the standby Secure Firewall Threat Defense device is first to be online.,None required.,6,Informational,5,system,failover
+%FTD-6-311002,311002,LU loading standby end,%FTD-6-311002: LU loading standby end,Stateful Failover update information stopped sending to the standby Secure Firewall Threat Defense device.,None required.,6,Informational,5,system,failover
+%FTD-6-311003,311003,LU recv thread up,%FTD-6-311003: LU recv thread up,An update acknowledgment was received from the standby Secure Firewall Threat Defense device.,None required.,6,Informational,5,system,failover
+%FTD-6-311004,311004,LU xmit thread up,%FTD-6-311004: LU xmit thread up,A Stateful Failover update was transmitted to the standby Secure Firewall Threat Defense device.,None required.,6,Informational,5,system,failover
+%FTD-6-312001,312001,"RIP hdr failed from IP_address: cmd=string, version=number, domain=string on interface interface_name","%FTD-6-312001: RIP hdr failed from IP_address: cmd=string, version=number, domain=string on interface interface_name","The Secure Firewall Threat Defense device received a RIP message with an operation code other than reply, the message has a version number different from what is expected on this interface, and the routing domain entry was nonzero. Another RIP device may not be configured correctly to communicate with the Secure Firewall Threat Defense device.",None required.,6,Informational,5,network,routing_rip
+%FTD-3-313001,313001,"Denied ICMP type=number, code=code from IP_address on interface interface_name","%FTD-3-313001: Denied ICMP type=number, code=code from IP_address on interface interface_name","When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMP packet continues processing. If the first matched entry is a deny entry, or an entry is not matched, the Secure Firewall Threat Defense device discards the ICMP packet and generates this message. The icmp command enables or disables pinging to an interface. With pinging disabled, the Secure Firewall Threat Defense device cannot be detected on the network. This feature is also referred to as configurable proxy pinging.",Contact the administrator of the peer device.,3,Error,85,network,ip_stack
+%FTD-4-313005,313005,No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info_icmp_msg_info=.,%FTD-4-313005: No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info_icmp_msg_info=.,ICMP error packets were dropped by the Secure Firewall Threat Defense device because the ICMP error messages are not related to any session already established in the Secure Firewall Threat Defense device.,"Review the Original IP Payload information embedded in the message. Inspect the original source and destination and verify if it is a valid packet in your network. If the packet is valid and as expected, you can ignore the message. If the cause is an attack, you can deny the host by using ACLs.",4,Warning,75,network,ip_stack
+%FTD-3-313008,313008,"Denied IPv6-ICMP type=number, code=code from IP_address on interface interface_name","%FTD-3-313008: Denied IPv6-ICMP type=number, code=code from IP_address on interface interface_name","When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMPv6 packet continues processing. If the first matched entry is a deny entry, or an entry is not matched, the Secure Firewall Threat Defense device discards the ICMPv6 packet and generates this message. The icmp command enables or disables pinging to an interface. When pinging is disabled, the Secure Firewall Threat Defense device is undetectable on the network. This feature is also referred to as “configurable proxy pinging.”",None provided.,3,Error,85,network,ip_stack
+%FTD-4-313009,313009,"Denied invalid ICMP code icmp_code, for src_ifc:src_address/src_port (mapped_src_address/mapped_src_port) to dest_ifc:dest_address/dest_port (mapped_dest_address/mapped_dest_port) [(user)], ICMP id icmp_id, ICMP type icmp_type","%FTD-4-313009: Denied invalid ICMP code icmp_code, for src_ifc:src_address/src_port (mapped_src_address/mapped_src_port) to dest_ifc:dest_address/dest_port (mapped_dest_address/mapped_dest_port) [(user)], ICMP id icmp_id, ICMP type icmp_type",An ICMP echo request/reply packet was received with a malformed code(non-zero).,"If it is an intermittent event, no action is required. If the cause is an attack, you can deny the host using the ACLs.",4,Warning,75,network,ip_stack
+%FTD-6-314001,314001,Pre-allocate RTSP UDP backconnection for src_intf:src_IP to dst_intf:dst_IP/dst_port.,%FTD-6-314001: Pre-allocate RTSP UDP backconnection for src_intf:src_IP to dst_intf:dst_IP/dst_port.,The Secure Firewall Threat Defense device opened a UDP media channel for the RTSP client that was receiving data from the server.,None required.,6,Informational,5,network,session
+%FTD-6-314002,314002,RTSP failed to allocate UDP media connection from src_intf:src_IP to dst_intf:dst_IP/dst_port reason: reason_string.,%FTD-6-314002: RTSP failed to allocate UDP media connection from src_intf:src_IP to dst_intf:dst_IP/dst_port reason: reason_string.,The Secure Firewall Threat Defense device cannot open a new pinhole for the media channel.,"If the reason is unknown, check the free memory available by running the show memory command, or the number of connections used by running the show conn command, because the Secure Firewall Threat Defense device is low on memory.",6,Informational,25,network,session
+%FTD-3-316001,316001,Denied new tunnel to IP_address . VPN peer limit (platform_vpn_peer_limit) exceeded,%FTD-3-316001: Denied new tunnel to IP_address . VPN peer limit (platform_vpn_peer_limit) exceeded,None provided.,None provided.,3,Error,95,vpn,ipsec
+%FTD-3-316002,316002,"VPN Handle error: protocol=protocol, src in_if_num:src_addr, dst out_if_num:dst_addr.","%FTD-3-316002: VPN Handle error: protocol=protocol, src in_if_num:src_addr, dst out_if_num:dst_addr.","The Secure Firewall Threat Defense device cannot create a VPN handle, because the VPN handle already exists.","This message may occur during normal operation; however, if the message occurs repeatedly and a major malfunction of VPN-based applications occurs, a software defect may be the cause. Enter the following commands to collect more information and contact the Cisco TAC to investigate the issue further: capture name type asp-drop vpn-handle-error show asp table classify crypto detail show asp table vpn-context",3,Error,95,vpn,ipsec
+%FTD-3-317001,317001,No memory available for limit_slow,%FTD-3-317001: No memory available for limit_slow,The requested operation failed because of a low-memory condition.,"Reduce other system activity to ease memory demands. If conditions warrant, upgrade to a larger memory configuration.",3,Error,85,network,ip_stack
+%FTD-3-317002,317002,"Bad path pointer of number for IP_address, number max","%FTD-3-317002: Bad path pointer of number for IP_address, number max",A software error occurred.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,ip_stack
+%FTD-3-317003,317003,IP routing table creation failure - reason,%FTD-3-317003: IP routing table creation failure - reason,"An internal software error occurred, which prevented the creation of a new IP routing table.","Copy the message exactly as it appears, and report it to Cisco TAC.",3,Error,75,network,ip_stack
+%FTD-3-317004,317004,IP routing table limit warning - limit_context,%FTD-3-317004: IP routing table limit warning - limit_context,The number of routes in the named IP routing table has reached the configured warning limit.,"Reduce the number of routes in the table, or reconfigure the limit.",3,Error,75,network,ip_stack
+%FTD-3-317005,317005,IP routing table limit exceeded - reason,%FTD-3-317005: IP routing table limit exceeded - reason,Additional routes will be added to the table.,"Reduce the number of routes in the table, or reconfigure the limit.",3,Error,85,network,ip_stack
+%FTD-3-317006,317006,"Pdb index error %08x, %04x, pdb","%FTD-3-317006: Pdb index error %08x, %04x, pdb",The index into the PDB is out of range.,"If the problem persists, copy the error message exactly as it appears on the console or in the system log, contact the Cisco TAC, and provide the representative with the collected information.",3,Error,65,network,ip_stack
+%FTD-6-317007,317007,Added route_type route dest_address netmask via gateway_address [distance /metric ] on interface_name route_type,%FTD-6-317007: Added route_type route dest_address netmask via gateway_address [distance /metric ] on interface_name route_type,"A new route has been added to the routing table. Routing protocol type: C – connected, S – static, I – IGRP, R – RIP, M – mobile B – BGP, D – EIGRP, EX - EIGRP external, O - OSPF IA - OSPF inter area, N1 - OSPF NSSA external type 1 N2 - OSPF NSSA external type 2, E1 - OSPF external type 1 E2 - OSPF external type 2, E – EGP, i - IS-IS, L1 - IS-IS level-1 L2 - IS-IS level-2, ia - IS-IS inter area",None provided.,6,Informational,15,network,ip_stack
+%FTD-6-317008,317008,Community list check with bad list list_number,%FTD-6-317008: Community list check with bad list list_number,"When an out of range community list is identified, this message is generated along with the list number.",None required.,6,Informational,5,network,ip_stack
+%FTD-3-317012,317012,Interface IP route counter negative - nameif-string-value,%FTD-3-317012: Interface IP route counter negative - nameif-string-value,Indicates that the interface route count is negative.,None required.,3,Error,5,network,ip_stack
+%FTD-6-317077,317077,Added protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id],%FTD-6-317077: Added protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id],This message is generated when a route is added successfully on the Secure Firewall Threat Defense device.,None required.,6,Informational,5,network,ip_stack
+%FTD-6-317078,317078,Deleted protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id],%FTD-6-317078: Deleted protocol_name route destination_address subnet-mask via gateway-address [admin_distance/metric] on [inf_name] [vrf_name] tableid [table_id],This message is generated when a route is deleted from the Secure Firewall Threat Defense device.,None required.,6,Informational,5,network,ip_stack
+%FTD-3-318001,318001,Internal error: reason,%FTD-3-318001: Internal error: reason,An internal software error occurred. This message occurs at five-second intervals.,"Copy the message exactly as it appears, and report it to the Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-3-318002,318002,Flagged as being an ABR without a backbone area,%FTD-3-318002: Flagged as being an ABR without a backbone area,None provided.,None provided.,3,Error,65,network,routing_ospf
+%FTD-3-318003,318003,Reached unknown state in neighbor state machine,%FTD-3-318003: Reached unknown state in neighbor state machine,An internal software error occurred. This message occurs at five-second intervals.,"Copy the message exactly as it appears, and report it to the Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-3-318004,318004,DB already exist : area string lsid IP_address adv netmask type 0xnumber,%FTD-3-318004: DB already exist : area string lsid IP_address adv netmask type 0xnumber,"The OSPF process had a problem locating the link state advertisement, which might lead to a memory leak.","If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-3-318005,318005,No corresponding LSA in retransmission database for ip_address,%FTD-3-318005: No corresponding LSA in retransmission database for ip_address,OSPF found an inconsistency between its database and the IP routing table.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-3-318006,318006,if interface_name if_state number,%FTD-3-318006: if interface_name if_state number,An internal error occurred.,"Copy the message exactly as it appears, and report it to the Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-3-318008,318008,Reconfigure virtual link,%FTD-3-318008: Reconfigure virtual link,"The OSPF process is being reset, and it is going to select a new router ID. This action will bring down all virtual links.",Change the virtual link configuration on all of the virtual link neighbors to reflect the new router ID.,3,Error,75,network,routing_ospf
+%FTD-3-318101,318101,Internal error: REASON,%FTD-3-318101: Internal error: REASON,An internal software error has occurred.,None provided.,3,Error,65,network,routing_ospf
+%FTD-3-318102,318102,Flagged as being an ABR without a backbone area,%FTD-3-318102: Flagged as being an ABR without a backbone area,The router was flagged as an Area Border Router (ABR) without a backbone area in the router.,Restart the OSPF process.,3,Error,65,network,routing_ospf
+%FTD-3-318103,318103,Reached unknown state in neighbor state machine,%FTD-3-318103: Reached unknown state in neighbor state machine,An internal software error has occurred.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318104,318104,DB already exist : area AREA_ID_STR lsid i adv i type 0xx,%FTD-3-318104: DB already exist : area AREA_ID_STR lsid i adv i type 0xx,"OSPF has a problem locating the LSA, which could lead to a memory leak.",None required.,3,Error,5,network,routing_ospf
+%FTD-3-318105,318105,No corresponding LSA in retransmission database for i,%FTD-3-318105: No corresponding LSA in retransmission database for i,OSPF found an inconsistency between its database and the IP routing table.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318106,318106,if IF_NAME if_state d,%FTD-3-318106: if IF_NAME if_state d,An internal error has occurred.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318108,318108,OSPF process d is changing router-id. Reconfigure virtual link neighbors with our new router-id,%FTD-3-318108: OSPF process d is changing router-id. Reconfigure virtual link neighbors with our new router-id,"The OSPF process is being reset, and it is going to select a new router ID, which brings down all virtual links. To make them work again, you need to change the virtual link configuration on all virtual link neighbors.",Change the virtual link configuration on all the virtual link neighbors to include the new router ID.,3,Error,75,network,routing_ospf
+%FTD-3-318109,318109,Received packet with wrong state x,%FTD-3-318109: Received packet with wrong state x,OSPFv3 has received an unexpected interprocess message.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318110,318110,Invalid encrypted key key_string.,%FTD-3-318110: Invalid encrypted key key_string.,The specified encrypted key is not valid.,"Either specify a clear text key and enter the service password-encryption command for encryption, or ensure that the specified encrypted key is valid. If the specified encrypted key is not valid, an error message appears during system configuration.",3,Error,75,network,routing_ospf
+%FTD-3-318111,318111,IPSEC policy for area u already exists,%FTD-3-318111: IPSEC policy for area u already exists,An attempt was made to use a SPI that has already been used.,Choose a different SPI.,3,Error,65,network,routing_ospf
+%FTD-3-318112,318112,IPSEC SPI u already in use for area d,%FTD-3-318112: IPSEC SPI u already in use for area d,An attempt was made to use a SPI that has already been used.,None provided.,3,Error,65,network,routing_ospf
+%FTD-3-318113,318113,IPSEC SPI s s reused for different policy on area u,%FTD-3-318113: IPSEC SPI s s reused for different policy on area u,An attempt was made to use a SPI that has already been used.,"Unconfigure the SPI first, or choose a different one.",3,Error,65,network,routing_ospf
+%FTD-3-318114,318114,IPSEC invalid key length spi_value,%FTD-3-318114: IPSEC invalid key length spi_value,The key length was incorrect.,Choose a valid IPsec key. An IPsec authentication key must be 32 (MD5) or 40 (SHA-1) hexidecimal digits long.,3,Error,75,network,routing_ospf
+%FTD-3-318115,318115,IPSEC create policy error s for area u,%FTD-3-318115: IPSEC create policy error s for area u,An IPsec API (internal) error has occurred.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318116,318116,IPSEC policy does not exist for area u,%FTD-3-318116: IPSEC policy does not exist for area u,An attempt was made to unconfigure a SPI that is not being used with OSPFv3.,Enter a show command to see which SPIs are used by OSPFv3.,3,Error,65,network,routing_ospf
+%FTD-3-318117,318117,IPSEC policy still in use for area u,%FTD-3-318117: IPSEC policy still in use for area u,"An attempt was made to remove the policy for the indicated SPI, but the policy was still being used by a secure socket.",None provided.,3,Error,65,network,routing_ospf
+%FTD-3-318118,318118,IPSEC remove policy error s for area u,%FTD-3-318118: IPSEC remove policy error s for area u,An IPsec API (internal) error has occurred.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318119,318119,IPSEC close session error u for area s,%FTD-3-318119: IPSEC close session error u for area s,An IPsec API (internal) error has occurred.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318120,318120,OSPFv3 was unable to register with Ipsec,%FTD-3-318120: OSPFv3 was unable to register with Ipsec,An internal error has occurred.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318121,318121,IPSEC general error s for area d,%FTD-3-318121: IPSEC general error s for area d,An internal error has occurred.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318122,318122,IPSEC error message retry for area s,%FTD-3-318122: IPSEC error message retry for area s,An internal error has occurred. The system is trying to reopen the secure socket and to recover.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318123,318123,IPSEC error message abort for area s,%FTD-3-318123: IPSEC error message abort for area s,An internal error has occurred. The maximum number of recovery attempts has been exceeded.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318125,318125,Interface IF_NAME initialization failed,%FTD-3-318125: Interface IF_NAME initialization failed,The interface initialization failed. Possible reasons include the following:,Remove the configuration command that initializes the interface and then try it again.,3,Error,75,network,routing_ospf
+%FTD-3-318126,318126,Interface IF_NAME attached to multiple areas,%FTD-3-318126: Interface IF_NAME attached to multiple areas,The interface is on the interface list for an area other than the one to which the interface links.,None required.,3,Error,5,network,routing_ospf
+%FTD-3-318127,318127,Could not allocate or find the neighbor,%FTD-3-318127: Could not allocate or find the neighbor,An internal error has occurred.,None required. This chapter includes messages from 320001 to 341011.,3,Error,5,network,routing_ospf
+%FTD-3-320001,320001,The subject name of the peer cert is not allowed for connection,%FTD-3-320001: The subject name of the peer cert is not allowed for connection,"When the Secure Firewall Threat Defense device is an easy VPN remote device or server, the peer certificate includes asubject name that does not match the output of the ca verifycertdn command. A man-in-the-middle attack might be occurring, where a device spoofs the peer IP address and tries to intercept a VPN connection from the Secure Firewall Threat Defense device.",None provided.,3,Error,95,vpn,ipsec
+%FTD-5-321001,321001,Resource var1 limit of var2 reached.,%FTD-5-321001: Resource var1 limit of var2 reached.,A configured resource usage or rate limit for the indicated resource was reached.,"If the platform maximum connections were reached, it takes some time to reallocate memory to free system memory, resulting in traffic failure. After memory space is released, you must reload the device. For further assistance, contact TAC team.",5,Notification,65,system,resource
+%FTD-5-321002,321002,Resource var1 rate limit of var2 reached.,%FTD-5-321002: Resource var1 rate limit of var2 reached.,A configured resource usage or rate limit for the indicated resource was reached.,"If the platform maximum connections were reached, it takes some time to reallocate memory to free system memory, resulting in traffic failure. After memory space is released, you must reload the device. For further assistance, contact TAC team.",5,Notification,65,system,resource
+%FTD-6-321003,321003,Resource var1 log level of var2 reached.,%FTD-6-321003: Resource var1 log level of var2 reached.,A configured resource usage or rate logging level for the indicated resource was reached.,None required.,6,Informational,5,system,resource
+%FTD-6-321004,321004,Resource var1 rate log level of var2 reached,%FTD-6-321004: Resource var1 rate log level of var2 reached,A configured resource usage or rate logging level for the indicated resource was reached.,None required.,6,Informational,5,system,resource
+%FTD-2-321005,321005,System CPU utilization reached utilization%%%,%FTD-2-321005: System CPU utilization reached utilization%%%,The system CPU utilization has reached 95 percent or more and remains at this level for five minutes.,"If this message occurs periodically, you can ignore it. If it repeats frequently, check the output of the show cpu command and verify the CPU usage. If it is high, contact the Cisco TAC.",2,Critical,95,system,resource
+%FTD-2-321006,321006,System Memory usage reached utilization%%%,%FTD-2-321006: System Memory usage reached utilization%%%,None provided.,None provided.,2,Critical,85,system,resource
+%FTD-3-321007,321007,System is low on free memory blocks of size block_size (free_blocks CNT out of max_blocks MAX),%FTD-3-321007: System is low on free memory blocks of size block_size (free_blocks CNT out of max_blocks MAX),The system is low on free blocks of memory. Running out of blocks may result in traffic disruption. command column after using the show blocks command,"Use the show blocks command to monitor the amount of free blocks in the CNT column of the output for the indicated block size. If the CNT column remains zero, or very close to it for an extended period of time, then the Secure Firewall Threat Defense device may be overloaded or running into another issue that needs additional investigation.",3,Error,65,system,resource
+%FTD-3-322001,322001,"Deny MAC address MAC_address, possible spoof attempt on interface interface","%FTD-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface","The Secure Firewall Threat Defense device received a packet from the offending MAC address on the specified interface, but the source MAC address in the packet is statically bound to another interface in the configuration. Either a MAC-spoofing attack or a misconfiguration may be the cause.",Check the configuration and take appropriate action by either finding the offending host or correcting the configuration.,3,Error,85,access_control,layer2_protection
+%FTD-3-322002,322002,"ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2","%FTD-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2","If the ARP inspection module is enabled, it checks whether a new ARP entry advertised in the packet conforms to the statically configured or dynamically learned IP-MAC address binding before forwarding ARP packets across the Secure Firewall Threat Defense device. If this check fails, the ARP inspection module drops the ARP packet and generates this message. This situation may be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).","If the cause is an attack, you can deny the host using the ACLs. If the cause is an invalid configuration, correct the binding.",3,Error,95,access_control,layer2_protection
+%FTD-3-322003,322003,"ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address","%FTD-3-322003: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address","If the ARP inspection module is enabled, it checks whether a new ARP entry advertised in the packet conforms to the statically configured IP-MAC address binding before forwarding ARP packets across the Secure Firewall Threat Defense device. If this check fails, the ARP inspection module drops the ARP packet and generates this message. This situation may be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).","If the cause is an attack, you can deny the host using the ACLs. If the cause is an invalid configuration, correct the binding.",3,Error,95,access_control,layer2_protection
+%FTD-6-322004,322004,No management IP address configured for transparent firewall. Dropping protocol protocol packet from interface_in:source_address/source_port to interface_out:dest_address/dest_port,%FTD-6-322004: No management IP address configured for transparent firewall. Dropping protocol protocol packet from interface_in:source_address/source_port to interface_out:dest_address/dest_port,The Secure Firewall Threat Defense device dropped a packet because no management IP address was configured in the transparent mode.,Configure the device with the management IP address and mask values.,6,Informational,35,access_control,layer2_protection
+%FTD-3-323002,323002,"Module module_id is not able to shut down, shut down request not answered.","%FTD-3-323002: Module module_id is not able to shut down, shut down request not answered.","The module installed did not respond to a shutdown request. indicates the system main board, and slot 1 indicates the module installed in the expansion slot.","If the problem persists, contact the Cisco TAC.",3,Error,65,system,hardware
+%FTD-3-323003,323003,"Module module_id is not able to reload, reload request not answered.","%FTD-3-323003: Module module_id is not able to reload, reload request not answered.","The module installed did not respond to a reload request. indicates the system main board, and slot 1 indicates the module installed in the expansion slot.","If the problem persists, contact the Cisco TAC.",3,Error,85,system,hardware
+%FTD-3-323004,323004,"Module in slot string_one failed to write software vnewver (currently vver), reason. hw-module reset is required before further use.","%FTD-3-323004: Module in slot string_one failed to write software vnewver (currently vver), reason. hw-module reset is required before further use.","The module failed to accept a software version, and will be transitioned to an UNRESPONSIVE state. The module is not usable until the software is updated. example, 1.0(1)0) include the following: - write failure - failed to create a thread to write the image","If the module software cannot be updated, it will not be usable. If the problem persists, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-3-323005,323005,Module syslog_string can not be started completely.,%FTD-3-323005: Module syslog_string can not be started completely.,This message indicates that the module cannot be started completely. The module will remain in the UNRESPONSIVE state until this condition is corrected. A module that is not fully seated in the slot is the most likely cause.,"Verify that the module is fully seated and check to see if any status LEDs on the module are on. It may take a minute after fully reseating the module for the Secure Firewall Threat Defense device to recognize that it is powered up. If this message appears after verifying that the module is seated and after resetting the module using either the sw-module module service-module-name reset command or the hw-module module slotnum reset command, contact the Cisco TAC.",3,Error,75,system,hardware
+%FTD-1-323006,323006,"Module ips experienced a data channel communication failure, data channel is DOWN.","%FTD-1-323006: Module ips experienced a data channel communication failure, data channel is DOWN.","A data channel communication failure occurred and the Secure Firewall Threat Defense device was unable to forward traffic to the services module. This failure triggers a failover when the failure occurs on the active Secure Firewall Threat Defense device in an HA configuration. The failure also results in the configured fail open or fail closed policy being enforced on traffic that would normally be sent to the services module. This message is generated whenever a communication problem over the Secure Firewall Threat Defense device dataplane occurs between the system module and the services module, which can be caused when the services module stops, resets, is removed or disabled.","For software services modules such as IPS, recover the module using the sw-module module ips recover command. For hardware services modules, if this message is not the result of the SSM reloading or resetting and the corresponding syslog message 505010 is not seen after the SSM returns to an UP state, reset the module using the hw-module module 1 reset command.",1,Alert,100,system,hardware
+%FTD-3-323007,323007,Module in slot slot experienced a firmware failure and the recovery is in progress.,%FTD-3-323007: Module in slot slot experienced a firmware failure and the recovery is in progress.,"An Secure Firewall Threat Defense device with a 4GE-SSM installed experienced a short power surge, then rebooted. As a result, the 4GE-SSM may come online in an unresponsive state. The Secure Firewall Threat Defense device has detected that the 4GE-SSM is unresponsive, and automatically restarts the 4GE-SSM.",None required.,3,Error,5,system,hardware
+%FTD-5-324012,324012,"GTP_PARSE: GTP_IE_TYPE[GTP_IE_TYPE_NUMBER]: Invalid Length Received Length: Length_Received, Minimum Expected Length: Expected_Length","%FTD-5-324012: GTP_PARSE: GTP_IE_TYPE[GTP_IE_TYPE_NUMBER]: Invalid Length Received Length: Length_Received, Minimum Expected Length: Expected_Length","When GTP IE length received is less than the minimum length, an error message appears with the following data:",None provided.,5,Notification,35,network,general
+%FTD-4-324302,324302,"Server=IPaddr:port, ID=id: Rejecting the RADIUS response: Reason.","%FTD-4-324302: Server=IPaddr:port, ID=id: Rejecting the RADIUS response: Reason.",This message is generated when RADIUS response is rejected either because the required message-authenticator payload is missing in the response or if the Message-Authenticator payload failed validation check.,None.,4,Warning,55,authentication,aaa
+%FTD-6-324303,324303,"Server=IPaddr:port ID=id The RADIUS server supports and included the Message-Authenticator payload in its response. To prevent Man-In-The-Middle attacks, consider enabling ‘ message-authenticator’ on the aaa-server-group configuration for this server as a security best practice.","%FTD-6-324303: Server=IPaddr:port ID=id The RADIUS server supports and included the Message-Authenticator payload in its response. To prevent Man-In-The-Middle attacks, consider enabling ‘ message-authenticator’ on the aaa-server-group configuration for this server as a security best practice.","This message is generated to convey that the RADIUS server supports and included Message-authenticator payload in the RADIUS response. Also, provides best security practices that is configurable and could disable this syslog. In addition, this syslog is rate-limited to report not more than 10 syslog messages in a 5-minute interval window by default. You can configure custom rate-limit interval and count through CLI. To view the existing rate limits, use: show running-configuration all logging | grep 324303",None provided.,6,Informational,35,authentication,aaa
+%FTD-3-325001,325001,Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings,%FTD-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings,Another router on the link sent router advertisements with conflicting parameters.,"Verify that all IPv6 routers on the link have the same parameters in the router advertisement for hop_limit, managed_config_flag, other_config_flag, reachable_time and ns_interval, and that preferred and valid lifetimes for the same prefix, advertised by several routers, are the same. To list the parameters per interface, enter the show ipv6 interface command.",3,Error,75,network,ipv6
+%FTD-4-325002,325002,Duplicate address ipv6_address/MAC_address on interface,%FTD-4-325002: Duplicate address ipv6_address/MAC_address on interface,Another system is using your IPv6 address.,Change the IPv6 address of one of the two systems.,4,Warning,45,network,ipv6
+%FTD-7-325007,325007,IPv6 security check failed. Dropped packet from interface:address/port to address/port with source MAC address MAC_address and hop limit limit_value,%FTD-7-325007: IPv6 security check failed. Dropped packet from interface:address/port to address/port with source MAC address MAC_address and hop limit limit_value,Security check failed.,None.,7,Debugging,35,network,ipv6
+%FTD-3-326001,326001,Unexpected error in the timer library: error_message,%FTD-3-326001: Unexpected error in the timer library: error_message,"A managed timer event was received without a context or a correct type, or no handler exists. Alternatively, if the number of events queued exceeds a system limit, an attempt to process them will occur at a later time.","If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326002,326002,Error in error_message : error_message,%FTD-3-326002: Error in error_message : error_message,The IGMP process failed to shut down upon request. Events that are performed in preparation for this shutdown may be out-of-sync.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326004,326004,An internal error occurred while processing a packet queue,%FTD-3-326004: An internal error occurred while processing a packet queue,The IGMP packet queue received a signal without a packet.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326005,326005,"Mrib notification failed for (IP_address, IP_address )","%FTD-3-326005: Mrib notification failed for (IP_address, IP_address )","A packet triggering a data-driven event was received, and the attempt to notify the MRIB failed.","If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326006,326006,"Entry-creation failed for (IP_address, IP_address )","%FTD-3-326006: Entry-creation failed for (IP_address, IP_address )","The MFIB received an entry update from the MRIB, but failed to create the entry related to the addresses displayed. The probable cause is insufficient memory.","If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326007,326007,"Entry-update failed for (IP_address, IP_address )","%FTD-3-326007: Entry-update failed for (IP_address, IP_address )","The MFIB received an interface update from the MRIB, but failed to create the interface related to the addresses displayed. The probable cause is insufficient memory.","If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326008,326008,MRIB registration failed,%FTD-3-326008: MRIB registration failed,The MFIB failed to register with the MRIB.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326009,326009,MRIB connection-open failed,%FTD-3-326009: MRIB connection-open failed,The MFIB failed to open a connection to the MRIB.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326010,326010,EIGRP-ddb_name tableid as_id: Neighbor address (%interface) is event_msg: msg,%FTD-3-326010: EIGRP-ddb_name tableid as_id: Neighbor address (%interface) is event_msg: msg,The MFIB failed to unbind from the MRIB.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326011,326011,MRIB table deletion failed,%FTD-3-326011: MRIB table deletion failed,The MFIB failed to retrieve the table that was supposed to be deleted.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326012,326012,Initialization of string functionality failed,%FTD-3-326012: Initialization of string functionality failed,The initialization of a specified functionality failed. This component might still operate without the functionality.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326013,326013,Internal error: string in string line %d (%s ),%FTD-3-326013: Internal error: string in string line %d (%s ),A fundamental error occurred in the MRIB.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326014,326014,Initialization failed: error_message error_message,%FTD-3-326014: Initialization failed: error_message error_message,The MRIB failed to initialize.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326015,326015,Communication error: error_message error_message,%FTD-3-326015: Communication error: error_message error_message,None provided.,None provided.,3,Error,65,network,routing
+%FTD-3-326016,326016,Failed to set un-numbered interface for interface_name (string ),%FTD-3-326016: Failed to set un-numbered interface for interface_name (string ),"The PIM tunnel is not usable without a source address. This situation occurs because a numbered interface cannot be found, or because of an internal error.","If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326017,326017,Interface Manager error - string in string : string,%FTD-3-326017: Interface Manager error - string in string : string,An error occurred while creating a PIM tunnel interface.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326019,326019,string in string : string,%FTD-3-326019: string in string : string,An error occurred while creating a PIM RP tunnel interface.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326020,326020,List error in string : string,%FTD-3-326020: List error in string : string,An error occurred while processing a PIM interface list.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326021,326021,Error in string : string,%FTD-3-326021: Error in string : string,An error occurred while setting the SRC of a PIM tunnel interface.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326022,326022,Error in string : string,%FTD-3-326022: Error in string : string,The PIM process failed to shut down upon request. Events that are performed in preparation for this shutdown may be out-of-sync.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326023,326023,string - IP_address : string,%FTD-3-326023: string - IP_address : string,An error occurred while processing a PIM group range.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326024,326024,An internal error occurred while processing a packet queue.,%FTD-3-326024: An internal error occurred while processing a packet queue.,The PIM packet queue received a signal without a packet.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326025,326025,string,%FTD-3-326025: string,"An internal error occurred while trying to send a message. Events scheduled to occur on the receipt of a message, such as deletion of the PIM tunnel IDB, may not occur.","If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-326026,326026,Server unexpected error: error_message,%FTD-3-326026: Server unexpected error: error_message,The MRIB failed to register a client.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing
+%FTD-3-326027,326027,Corrupted update: error_message,%FTD-3-326027: Corrupted update: error_message,The MRIB received a corrupt update.,"If the problem persists, contact the Cisco TAC.",3,Error,85,network,routing
+%FTD-3-326028,326028,Asynchronous error: error_message,%FTD-3-326028: Asynchronous error: error_message,An unhandled asynchronous error occurred in the MRIB API.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing
+%FTD-3-327001,327001,IP SLA Monitor: Cannot create a new process,%FTD-3-327001: IP SLA Monitor: Cannot create a new process,The IP SLA monitor was unable to start a new process.,None provided.,3,Error,75,network,monitoring
+%FTD-3-327002,327002,"IP SLA Monitor: Failed to initialize, IP SLA Monitor functionality will not work","%FTD-3-327002: IP SLA Monitor: Failed to initialize, IP SLA Monitor functionality will not work",The IP SLA monitor failed to initialize. This condition is caused by either the timer wheel function failing to initialize or a process not being created. Sufficient memory is probably not available to complete the task.,"Check the system memory. If memory is low, then this is probably the cause. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.",3,Error,75,network,monitoring
+%FTD-3-327003,327003,IP SLA Monitor: Generic Timer wheel timer functionality failed to initialize,%FTD-3-327003: IP SLA Monitor: Generic Timer wheel timer functionality failed to initialize,The IP SLA monitor cannot initialize the timer wheel.,"Check the system memory. If memory is low, then the timer wheel function did not initialize. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.",3,Error,75,network,monitoring
+%FTD-3-328001,328001,Attempt made to overwrite a set stub function in string .,%FTD-3-328001: Attempt made to overwrite a set stub function in string .,A single function can be set as a callback for when a stub with a check registry is invoked. An attempt to set a new callback failed because a callback function has already been set.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,general
+%FTD-3-328002,328002,Attempt made in string to register with out of bounds key,%FTD-3-328002: Attempt made in string to register with out of bounds key,"In the FASTCASE registry, the key has to be smaller than the size specified when the registry was created. An attempt was made to register with a key out-of-bounds.","Copy the error message exactly as it appears, and report it to the Cisco TAC.",3,Error,65,network,general
+%FTD-3-329001,329001,The string0 subblock named string1 was not removed,%FTD-3-329001: The string0 subblock named string1 was not removed,A software error has occurred. IDB subblocks cannot be removed.,None provided.,3,Error,65,network,general
+%FTD-3-331001,331001,Dynamic DNS Update for 'fqdn_name' <=> ip_address failed,%FTD-3-331001: Dynamic DNS Update for 'fqdn_name' <=> ip_address failed,The dynamic DNS subsystem failed to update the resource records on the DNS server. This failure might occur if the Secure Firewall Threat Defense device is unable to contact the DNS server or the DNS service is not running on the destination system.,"Make sure that a DNS server is configured and reachable by the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",3,Error,75,network,dns
+%FTD-5-331002,331002,Dynamic DNS type RR for 'fqdn_name' -> 'ip_address ' successfully updated in DNS server ip_address,%FTD-5-331002: Dynamic DNS type RR for 'fqdn_name' -> 'ip_address ' successfully updated in DNS server ip_address,A dynamic DNS update succeeded in the DNS server.,None required.,5,Notification,5,network,dns
+%FTD-3-332001,332001,"Unable to open cache discovery socket, WCCP V2 closing down","%FTD-3-332001: Unable to open cache discovery socket, WCCP V2 closing down",An internal error that indicates the WCCP process was unable to open the UDP socket used to listen for protocol messages from caches.,Ensure that the IP configuration is correct and that at least one IP address has been configured.,3,Error,75,network,proxy_wccp
+%FTD-3-332002,332002,"Unable to allocate message buffer, WCCP V2 closing down","%FTD-3-332002: Unable to allocate message buffer, WCCP V2 closing down",An internal error that indicates the WCCP process was unable to allocate memory to hold incoming protocol messages.,Ensure that enough memory is available for all processes.,3,Error,75,network,proxy_wccp
+%FTD-5-332003,332003,Web Cache IP_address/service_ID acquired,%FTD-5-332003: Web Cache IP_address/service_ID acquired,None provided.,None provided.,5,Notification,25,network,proxy_wccp
+%FTD-1-332004,332004,Web Cache IP_address/service_ID lost,%FTD-1-332004: Web Cache IP_address/service_ID lost,A service from the web cache of the Secure Firewall Threat Defense device was lost.,Verify operation of the specified web cache.,1,Alert,85,network,proxy_wccp
+%FTD-6-333001,333001,EAP association initiated - context: EAP-context,%FTD-6-333001: EAP association initiated - context: EAP-context,"An EAP association has been initiated with a remote host. (for example, 0x2D890AE0)",None required.,6,Informational,5,authentication,eap
+%FTD-5-333002,333002,Timeout waiting for EAP response - context:EAP-context,%FTD-5-333002: Timeout waiting for EAP response - context:EAP-context,"A timeout occurred while waiting for an EAP response. (for example, 0x2D890AE0)",None required.,5,Notification,5,authentication,eap
+%FTD-6-333003,333003,EAP association terminated - context:EAP-context,%FTD-6-333003: EAP association terminated - context:EAP-context,"The EAP association has been terminated with the remote host. (for example, 0x2D890AE0)",None required.,6,Informational,5,authentication,eap
+%FTD-7-333004,333004,EAP-SQ response invalid - context:EAP-context,%FTD-7-333004: EAP-SQ response invalid - context:EAP-context,None provided.,None provided.,7,Debugging,15,authentication,eap
+%FTD-7-333005,333005,EAP-SQ response contains invalid TLV(s) - context:EAP-context,%FTD-7-333005: EAP-SQ response contains invalid TLV(s) - context:EAP-context,"The EAP-Status Query response has one or more invalid TLVs. (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.",7,Debugging,15,authentication,eap
+%FTD-7-333006,333006,EAP-SQ response with missing TLV(s) - context:EAP-context,%FTD-7-333006: EAP-SQ response with missing TLV(s) - context:EAP-context,"The EAP-Status Query response is missing one or more mandatory TLVs. (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.",7,Debugging,5,authentication,eap
+%FTD-7-333007,333007,EAP-SQ response TLV has invalid length - context:EAP-context,%FTD-7-333007: EAP-SQ response TLV has invalid length - context:EAP-context,"The EAP-Status Query response includes a TLV with an invalid length. (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.",7,Debugging,15,authentication,eap
+%FTD-7-333008,333008,EAP-SQ response has invalid nonce TLV - context:EAP-context,%FTD-7-333008: EAP-SQ response has invalid nonce TLV - context:EAP-context,"The EAP-Status Query response includes an invalid nonce TLV. (for example, 0x2D890AE0)","If the problem persists, contact the Cisco TAC.",7,Debugging,15,authentication,eap
+%FTD-6-333009,333009,EAP-SQ response MAC TLV is invalid - context:EAP-context,%FTD-6-333009: EAP-SQ response MAC TLV is invalid - context:EAP-context,The EAP-Status Query response includes a MAC that does not match the calculated MAC.,None provided.,6,Informational,25,authentication,eap
+%FTD-5-333010,333010,EAP-SQ response Validation Flags TLV indicates PV request - context:EAP-context,%FTD-5-333010: EAP-SQ response Validation Flags TLV indicates PV request - context:EAP-context,"The EAP-Status Query response includes a validation flags TLV, which indicates that the peer requested a full posture validation.",None required.,5,Notification,5,authentication,eap
+%FTD-6-334001,334001,EAPoUDP association initiated - host-address,%FTD-6-334001: EAPoUDP association initiated - host-address,An EAPoUDP association has been initiated with a remote host.,None required.,6,Informational,5,authentication,eap
+%FTD-5-334002,334002,EAPoUDP association successfully established - host-address,%FTD-5-334002: EAPoUDP association successfully established - host-address,An EAPoUDP association has been successfully established with the host.,None required.,5,Notification,5,authentication,eap
+%FTD-5-334003,334003,EAPoUDP association failed to establish - host-address,%FTD-5-334003: EAPoUDP association failed to establish - host-address,An EAPoUDP association has failed to establish with the host.,Verify the configuration of the Cisco Secure Access Control Server.,5,Notification,45,authentication,eap
+%FTD-6-334004,334004,Authentication request for NAC Clientless host - host-address,%FTD-6-334004: Authentication request for NAC Clientless host - host-address,An authentication request was made for a NAC clientless host.,None required.,6,Informational,5,authentication,eap
+%FTD-5-334005,334005,Host put into NAC Hold state - host-address,%FTD-5-334005: Host put into NAC Hold state - host-address,The NAC session for the host was put into the Hold state.,None required.,5,Notification,5,authentication,eap
+%FTD-5-334006,334006,EAPoUDP failed to get a response from host - host-address,%FTD-5-334006: EAPoUDP failed to get a response from host - host-address,An EAPoUDP response was not received from the host.,None required.,5,Notification,5,authentication,eap
+%FTD-6-334007,334007,EAPoUDP association terminated - host-address,%FTD-6-334007: EAPoUDP association terminated - host-address,An EAPoUDP association has terminated with the host.,None required.,6,Informational,5,authentication,eap
+%FTD-6-334008,334008,"NAC EAP association initiated - host-address , EAP context: EAP-context","%FTD-6-334008: NAC EAP association initiated - host-address , EAP context: EAP-context","EAPoUDP has initiated EAP with the host. (for example, 0x2D890AE0)",None required.,6,Informational,5,authentication,eap
+%FTD-6-334009,334009,Audit request for NAC Clientless host - Assigned_IP.,%FTD-6-334009: Audit request for NAC Clientless host - Assigned_IP.,An audit request is being sent for the specified assigned IP address.,None required.,6,Informational,5,authentication,eap
+%FTD-3-336001,336001,IP-EIGRP(AS desination_network): ddb_name as_num stuck in active state,%FTD-3-336001: IP-EIGRP(AS desination_network): ddb_name as_num stuck in active state,"The SIA state means that an EIGRP router has not received a reply to a query from one or more neighbors within the time allotted (approximately three minutes). When this happens, EIGRP clears the neighbors that did not send a reply and logs an error message for the route that became active.",Check to see why the router did not get a response from all of its neighbors and why the route disappeared.,3,Error,65,network,routing_eigrp
+%FTD-3-336002,336002,Handle not allocated in pool,%FTD-3-336002: Handle not allocated in pool,The EIGRP router is unable to find the handle for the next hop.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing_eigrp
+%FTD-3-336003,336003,Unable to alloc pkt buffer,%FTD-3-336003: Unable to alloc pkt buffer,The DUAL software was unable to allocate a packet buffer. The Secure Firewall Threat Defense device may be out of memory.,"Check to see if the Secure Firewall Threat Defense device is out of memory by entering the show mem or show tech command. If the problem persists, contact the Cisco TAC.",3,Error,75,network,routing_eigrp
+%FTD-3-336004,336004,Negative refcount in pakdesc,%FTD-3-336004: Negative refcount in pakdesc,The reference count packet count became negative.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing_eigrp
+%FTD-3-336005,336005,Flow control error,%FTD-3-336005: Flow control error,"The interface is flow blocked for multicast. Qelm is the queue element, and in this case, the last multicast packet on the queue for this particular interface.",None provided.,3,Error,85,network,routing_eigrp
+%FTD-3-336006,336006,Peers exist on IIDB,%FTD-3-336006: Peers exist on IIDB,Peers still exist on a particular interface during or after cleanup of the IDB of the EIGRP.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing_eigrp
+%FTD-3-336007,336007,Anchor Count negative,%FTD-3-336007: Anchor Count negative,An error occurred and the count of the anchor became negative when it was released.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing_eigrp
+%FTD-3-336008,336008,Lingering DRDB deleting IIDB,%FTD-3-336008: Lingering DRDB deleting IIDB,An interface is being deleted and some lingering DRDB exists.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing_eigrp
+%FTD-3-336009,336009,ddb_name as_id: Internal error,%FTD-3-336009: ddb_name as_id: Internal error,An internal error occurred.,"If the problem persists, contact the Cisco TAC.",3,Error,65,network,routing_eigrp
+%FTD-5-336010,336010,IP-EIGRP(AS ddb_name): Neighbor neighbor_address(interface_name) is event_state: event_reason,%FTD-5-336010: IP-EIGRP(AS ddb_name): Neighbor neighbor_address(interface_name) is event_state: event_reason,A neighbor went up or down.,None provided.,5,Notification,25,network,routing_eigrp
+%FTD-6-336011,336011,hw or sw error occurred,%FTD-6-336011: hw or sw error occurred,A dual event occurred. The events can be one of the following:,"If the problem persists, contact the Cisco TAC.",6,Informational,15,network,routing_eigrp
+%FTD-6-337000,337000,"Session created, NeighAddr: Created BFD session with local discriminator id, SrcAddr: real_interface","%FTD-6-337000: Session created, NeighAddr: Created BFD session with local discriminator id, SrcAddr: real_interface",This syslog message indicates that a BFD active session has been created.,None provided.,6,Informational,15,network,proxy_phone
+%FTD-6-337001,337001,"Session destroyed, NeighAddr: Terminated BFD session with local discriminator id, SrcAddr: real_interface","%FTD-6-337001: Session destroyed, NeighAddr: Terminated BFD session with local discriminator id, SrcAddr: real_interface","This syslog message indicates that an active BFD session has been terminated. removal on peer’s side, Detection timer expiration, Echo function failure, Path to peer going down, Local BFD configuration removal, BFD client configuration removal",None.,6,Informational,25,network,proxy_phone
+%FTD-4-337005,337005,Phone Proxy SRTP: Media session not found for media_term_ip/media_term_port for packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port,%FTD-4-337005: Phone Proxy SRTP: Media session not found for media_term_ip/media_term_port for packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port,"The adaptive security appliance received an SRTP or RTP packet that was destined to go to the media termination IP address and port, but the corresponding media session to process this packet was not found.","If this message occurs at the end of the call, it is considered normal because the signaling messages may have released the media session, but the endpoint is continuing to send a few SRTP or RTP packets. If this message occurs for an odd-numbered media termination port, the endpoint is sending RTCP, which must be disabled from the CUCM. If this message happens continuously for a call, debug the signaling message transaction either using phone proxy debug commands or capture commands to determine if the signaling messages are being modified with the media termination IP address and port..",4,Warning,45,network,proxy_phone
+%FTD-3-339006,339006,Umbrella resolver current_resolver_ipv46 is reachable. Resuming redirect,%FTD-3-339006: Umbrella resolver current_resolver_ipv46 is reachable. Resuming redirect,"Umbrella had failed to open, and the resolver was unreachable. The resolver is now reacheable and service is resumed.",None.,3,Error,75,network,uc_ims
+%FTD-3-339007,339007,"Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-open. Starting probe to resolver","%FTD-3-339007: Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-open. Starting probe to resolver",Umbrella fail-open has been configured and a resolver unreachabilty has been detected.,Check the network settings for reachability to the Umbrella resolvers.,3,Error,65,network,uc_ims
+%FTD-3-339008,339008,"Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-close","%FTD-3-339008: Umbrella resolver current_resolver_ipv46 is unreachable, moving to fail-close",Umbrella fail-open has NOT been configured and a resolver unreachabilty has been detected.,Check the network settings for reachability to the Umbrella resolvers.,3,Error,65,network,uc_ims
+%FTD-3-340001,340001,Vnet-proxy handshake error error_string - context_id (version),%FTD-3-340001: Vnet-proxy handshake error error_string - context_id (version),"Loopback proxy allows third-party applications running on the Secure Firewall Threat Defense device to access the network. The loopback proxy encountered an error. bind), or UA (UDP association) DNS (domain name service) server used for communication used for communication remote host used for communication used for communication",Copy the syslog message and contact the Cisco TAC.,3,Error,65,network,proxy
+%FTD-6-340002,340002,Vnet-proxy data relay error error_string from context_id/version to request_type/address_type - client_address_internal (client_port_internal),%FTD-6-340002: Vnet-proxy data relay error error_string from context_id/version to request_type/address_type - client_address_internal (client_port_internal),Loopback proxy allows third-party applications running on the Secure Firewall Threat Defense device to access the network. The loopback proxy generated debugging information for use in troubleshooting.,None provided.,6,Informational,15,network,proxy
+%FTD-6-341001,341001,Policy Agent started successfully for VNMC vnmc_ip_addr,%FTD-6-341001: Policy Agent started successfully for VNMC vnmc_ip_addr,"The policy agent processes (DME, ducatiAG, and commonAG) started successfully.",None.,6,Informational,15,system,storage
+%FTD-6-341002,341002,Policy Agent stopped successfully for VNMC vnmc_ip_addr,%FTD-6-341002: Policy Agent stopped successfully for VNMC vnmc_ip_addr,"The policy agent processes (DME, ducatiAG, and commonAG) were stopped.",None.,6,Informational,15,system,storage
+%FTD-3-341003,341003,Policy Agent failed to start for VNMC vnmc_ip_addr,%FTD-3-341003: Policy Agent failed to start for VNMC vnmc_ip_addr,The policy agent failed to start.,"Check for console history and the disk0:/pa/log/vnm_pa_error_status for error messages. To retry starting the policy agent, issue the registration host command again.",3,Error,75,system,storage
+%FTD-3-341004,341004,Storage device not available. Attempt to shutdown module module_name failed.,%FTD-3-341004: Storage device not available. Attempt to shutdown module module_name failed.,"All SSDs have failed or been removed with the system in Up state. The system has attempted to shut down the software module, but that attempt has failed.",None provided.,3,Error,75,system,storage
+%FTD-3-341005,341005,Storage device not available. Shutdown issued for module module_name.,%FTD-3-341005: Storage device not available. Shutdown issued for module module_name.,All SSDs have failed or been removed with the system in Up state. The system is shutting down the software module.,Replace the removed or failed drive and reload the software module.,3,Error,100,system,storage
+%FTD-3-341006,341006,Storage device not available. Failed to stop recovery of module module_name.,%FTD-3-341006: Storage device not available. Failed to stop recovery of module module_name.,"All SSDs have failed or been removed with the system in recorvery state. The system attempted to stop the recover, but that attempt failed.",Replace the removed or failed drive and reload the Secure Firewall Threat Defense device.,3,Error,100,system,storage
+%FTD-3-341007,341007,Storage device not available. Further recovery of module module_name was stopped. This may take several minutes to complete.,%FTD-3-341007: Storage device not available. Further recovery of module module_name was stopped. This may take several minutes to complete.,All SSDs have failed or been removed with the system in recovery state. The system is stopping the recovery of the softwaremodule.,Replace the removed or failed drive and reload the software module.,3,Error,100,system,storage
+%FTD-3-341008,341008,Storage device not found. Auto-boot of module module_name cancelled. Install drive and reload to try again.,%FTD-3-341008: Storage device not found. Auto-boot of module module_name cancelled. Install drive and reload to try again.,"After getting the system into Up state, all SSDs have failed or been removed before reloading the system. Because the default action during boot is to auto-boot the software module, that action is blocked because there is no storage device available.",Replace the removed or failed drive and reload the software module.,3,Error,100,system,storage
+%FTD-6-341010,341010,Storage device with serial number ser_no [inserted_into|removed_from] bay bay_no,%FTD-6-341010: Storage device with serial number ser_no [inserted_into|removed_from] bay bay_no,The Secure Firewall Threat Defense device has detected insertion or removal events and generates this syslog message immediately.,None required.,6,Informational,5,system,storage
+%FTD-3-341011,341011,Storage device with serial number ser_no in bay bay_no faulty,%FTD-3-341011: Storage device with serial number ser_no in bay bay_no faulty,The Secure Firewall Threat Defense device polls the hard disk drive (HDD) health status every 10 minutes and generates this syslog message if the HDD is in a failed state.,None required.,3,Error,5,system,storage
+%FTD-4-401001,401001,Shuns cleared,%FTD-4-401001: Shuns cleared,The clear shun command was entered to remove existing shuns from memory. An institution to keep a record of shunning activity was allowed.,None required.,4,Warning,5,threat_detection,ips
+%FTD-4-401002,401002,Shun added: IP_address IP_address port port,%FTD-4-401002: Shun added: IP_address IP_address port port,"A shun command was entered, where the first IP address is the shunned host. The other addresses and ports are optional and are used to terminate the connection if available. An institution to keep a record of shunning activity was allowed.",None required.,4,Warning,5,threat_detection,ips
+%FTD-4-401003,401003,Shun deleted: IP_address,%FTD-4-401003: Shun deleted: IP_address,A single shunned host was removed from the shun database. An institution to keep a record of shunning activity was allowed.,None required.,4,Warning,5,threat_detection,ips
+%FTD-4-401004,401004,Shunned packet: IP_address ==> IP_address on interface interface_name,%FTD-4-401004: Shunned packet: IP_address ==> IP_address on interface interface_name,"A packet was dropped because the host defined by IP SRC is a host in the shun database. A shunned host cannot pass traffic on the interface on which it is shunned. For example, an external host on the Internet can be shunned on the outside interface. A record of the activity of shunned hosts was provided. This message and message %Firewall Threat Defense-4-401005 can be used to evaluate further risk concerning this host.",None required.,4,Warning,65,threat_detection,ips
+%FTD-4-401005,401005,Shun add failed: unable to allocate resources for IP_address IP_address port port,%FTD-4-401005: Shun add failed: unable to allocate resources for IP_address IP_address port port,The Secure Firewall Threat Defense device is out of memory; a shun cannot be applied.,"The Cisco IPS should continue to attempt to apply this rule. Try to reclaim memory and reapply a shun manually, or wait for the Cisco IPS to do this.",4,Warning,55,threat_detection,ips
+%FTD-4-402114,402114,"IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP to local_IP with an invalid SPI.","%FTD-4-402114: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP to local_IP with an invalid SPI.","An IPsec packet was received that specifies an SPI that does not exist in the SA database. This may be a temporary condition caused by slight differences in aging of SAs between the IPsec peers, or it may be because the local SAs have been cleared. It may also indicate incorrect packets sent by the IPsec peer, which may be part of an attack. This message is rate limited to no more than one message every five seconds.","The peer may not acknowledge that the local SAs have been cleared. If a new connection is established from the local router, the two peers may then reestablish connection successfully. Otherwise, if the problem occurs for more than a brief period, either attempt to establish a new connection or contact the peer administrator.",4,Warning,75,vpn,ipsec
+%FTD-4-402115,402115,IPSEC: Received a packet from remote_IP to local_IP containing act_prot data instead of exp_prot data.,%FTD-4-402115: IPSEC: Received a packet from remote_IP to local_IP containing act_prot data instead of exp_prot data.,"An IPsec packet was received that is missing the expected ESP header. The peer is sending packets that do not match the negotiated security policy, which may indicate an attack. This message is rate limited to no more than one message every five seconds.",None provided.,4,Warning,65,vpn,ipsec
+%FTD-4-402116,402116,"IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_ip (user= username) to local_ip. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as pkt_daddr, its source as pkt_saddr, and its protocol as pkt_prot. The SA specifies its local proxy as id_daddr/id_dmask/id_dprot/id_dport and its remote_proxy as id_saddr/id_smask/id_sprot/id_sport.","%FTD-4-402116: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_ip (user= username) to local_ip. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as pkt_daddr, its source as pkt_saddr, and its protocol as pkt_prot. The SA specifies its local proxy as id_daddr/id_dmask/id_dprot/id_dport and its remote_proxy as id_saddr/id_smask/id_sprot/id_sport.",": A decapsulated IPsec packet does not match the negotiated identity. The peer is sending other traffic through this security association, which may be caused by a security association selection error by the peer, or it may be part of an attack. This message is rate limited to no more than one message every five seconds.",Contact the administrator of the peer and compare policy settings.,4,Warning,65,vpn,ipsec
+%FTD-4-402117,402117,IPSEC: Received a non-IPSec packet (protocol= protocol) from remote_IP to local_IP.,%FTD-4-402117: IPSEC: Received a non-IPSec packet (protocol= protocol) from remote_IP to local_IP.,"The received packet matched the crypto map ACL, but it is not IPsec-encapsulated. The IPsec peer is sending unencapsulated packets. This error can occur because of a policy setup error on the peer. For example, the firewall may be configured to only accept encrypted Telnet traffic to the outside interface port 23. If you attempt to use Telnet without IPsec encryption to access the outside interface on port 23, this",None provided.,4,Warning,45,vpn,ipsec
+%FTD-4-402118,402118,"IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP containing an illegal IP fragment of length frag_len with offset frag_offset.","%FTD-4-402118: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP containing an illegal IP fragment of length frag_len with offset frag_offset.",A decapsulatd IPsec packet included an IP fragment with an offset less than or equal to 128 bytes. The latest version of the security architecture for IP RFC recommends 128 bytes as the minimum IP fragment offset to prevent reassembly attacks. This may be part of an attack. This message is rate limited to no more than one message every five seconds.,Contact the administrator of the remote peer to compare policy settings.,4,Warning,65,vpn,ipsec
+%FTD-4-402119,402119,"IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed anti-replay checking.","%FTD-4-402119: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed anti-replay checking.",An IPsec packet was received with an invalid sequence number. The peer is sending packets including sequence numbers that may have been previously used. This message indicates that an IPsec packet has been received with a sequence number outside of the acceptable window. This packet will be dropped by IPsec as part of a possible attack. This message is rate limited to no more than one message every five seconds.,Contact the administrator of the peer.,4,Warning,75,vpn,ipsec
+%FTD-4-402120,402120,"IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed authentication.","%FTD-4-402120: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from remote_IP (user= username) to local_IP that failed authentication.","An IPsec packet was received and failed authentication. The packet is dropped. The packet may have been corrupted in transit, or the peer may be sending invalid IPsec packets, which may indicate an attack if many of these packets were received from the same peer. This message is rate limited to no more than one message every five seconds.",Contact the administrator of the remote peer if many failed packets were received.,4,Warning,75,vpn,ipsec
+%FTD-4-402121,402121,"IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from peer_addr (user= username) to lcl_addr that was dropped by IPSec (drop_reason).","%FTD-4-402121: IPSEC: Received an protocol packet (SPI= spi, sequence number= seq_num) from peer_addr (user= username) to lcl_addr that was dropped by IPSec (drop_reason).",An IPsec packet to be decapsulated was received and subsequently dropped by the IPsec subsystem. This may indicate a problem with the Secure Firewall Threat Defense configuration or with the Secure Firewall Threat Defense device itself.,"If the problem persists, contact the Cisco TAC.",4,Warning,65,vpn,ipsec
+%FTD-4-402122,402122,IPSEC: Received a cleartext packet from src_addr to dest_addr that was to be encapsulated in IPSec that was dropped by IPSec (drop_reason).,%FTD-4-402122: IPSEC: Received a cleartext packet from src_addr to dest_addr that was to be encapsulated in IPSec that was dropped by IPSec (drop_reason).,A packet to be encapsulated in IPsec was received and subsequently dropped by the IPsec subsystem. This may indicate a problem with the Secure Firewall Threat Defense configuration or with the Secure Firewall Threat Defense device itself.,"If the problem persists, contact the Cisco TAC.",4,Warning,65,vpn,ipsec
+%FTD-4-402123,402123,"CRYPTO: The accel_type hardware accelerator encountered an error (eror_type, code= error_string) while executing the command command_name (command).","%FTD-4-402123: CRYPTO: The accel_type hardware accelerator encountered an error (eror_type, code= error_string) while executing the command command_name (command).","An error was detected while running a crypto command with a hardware accelerator, which may indicate a problem with the accelerator. This type of error may occur for a variety of reasons, and this message supplements the crypto accelerator counters to help determine the cause.","If the problem persists, contact the Cisco TAC.",4,Warning,45,vpn,ipsec
+%FTD-4-402126,402126,CRYPTO: The platform created Crypto Archive File <Archive_Filename> as a Soft Reset was necessary. Please forward this archived information to Cisco,%FTD-4-402126: CRYPTO: The platform created Crypto Archive File <Archive_Filename> as a Soft Reset was necessary. Please forward this archived information to Cisco,None provided.,None provided.,4,Warning,45,vpn,ipsec
+%FTD-4-402127,402127,CRYPTO: The platform is skipping the writing of latest Crypto Archive File as the maximum # of files ( max_number ) allowed have been written to <archive_directory>. Please archive remove files from < Archive Directory > if you want more Crypto Archive Files saved,%FTD-4-402127: CRYPTO: The platform is skipping the writing of latest Crypto Archive File as the maximum # of files ( max_number ) allowed have been written to <archive_directory>. Please archive remove files from < Archive Directory > if you want more Crypto Archive Files saved,"A functional problem with the hardware crypto chip was detected (see messages 4402124 and 4402125). This message indicates a crypto archive file was not written, because the maximum number of crypto archive files already existed.",Forward previously generated crypto archive files to the Cisco TAC. Remove the previously generated archive file(s) so that more can be written (if deemed necessary).,4,Warning,45,vpn,ipsec
+%FTD-5-402128,402128,"CRYPTO: An attempt to allocate a large memory block failed, size: size, limit: limit.","%FTD-5-402128: CRYPTO: An attempt to allocate a large memory block failed, size: size, limit: limit.",An SSL connection is attempting to use more memory than allowed. The request has been denied.,"If this message persists, an SSL denial of service attack may be in progress. Contact the remote peer administrator or upstream provider.",5,Notification,55,vpn,ipsec
+%FTD-6-402129,402129,"CRYPTO: An attempt to release a DMA memory block failed, location: address.","%FTD-6-402129: CRYPTO: An attempt to release a DMA memory block failed, location: address.",An internal software error has occurred.,Contact the Cisco TAC for assistance.,6,Informational,25,vpn,ipsec
+%FTD-6-402130,402130,"CRYPTO: Received an ESP packet (SPI = xxxxxxxxxx, sequence number=xxxx) from 172.16.0.1 (user=user) to 192.168.0.2 with incorrect IPsec padding.","%FTD-6-402130: CRYPTO: Received an ESP packet (SPI = xxxxxxxxxx, sequence number=xxxx) from 172.16.0.1 (user=user) to 192.168.0.2 with incorrect IPsec padding.",The Secure Firewall Threat Defense device crypto hardware accelerator detected an IPsec packet with invalid padding. The ATT VPN client sometimes pads IPsec packets incorrectly.,"While this message is None required and does not indicate a problem with the Secure Firewall Threat Defense device, customers using the ATT VPN client may wish to upgrade their VPN client software.",6,Informational,5,vpn,ipsec
+%FTD-4-402131,402131,CRYPTO: status changing the accel_instance hardware accelerator's configuration bias from old_config_bias to new_config_bias.,%FTD-4-402131: CRYPTO: status changing the accel_instance hardware accelerator's configuration bias from old_config_bias to new_config_bias.,The hardware accelerator configuration has been changed on the Secure Firewall Threat Defense device. Some Secure Firewall Threat Defense platforms have multiple hardware accelerators. One syslog message is generated for each hardware accelerator change.,"If any of the accelerators fails when attempting to change its configuration, collect logging information and contact the Cisco TAC. If a failure occurs, the software will retry the configuration change multiple times. The software will fall back to the original configuration bias if the retry attempts fail. If multiple attempts to reconfigure the hardware accelerator fail, it may indicate a hardware failure.",4,Warning,65,vpn,ipsec
+%FTD-3-402140,402140,CRYPTO: RSA key generation error: modulus len len,%FTD-3-402140: CRYPTO: RSA key generation error: modulus len len,An error occurred during an RSA public key pair generation.,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402141,402141,"CRYPTO: Key zeroization error: key set 'type', reason 'reason'","%FTD-3-402141: CRYPTO: Key zeroization error: key set 'type', reason 'reason'",An error occurred during an RSA public key pair generation.,None provided.,3,Error,65,vpn,ipsec
+%FTD-3-402142,402142,"CRYPTO: Bulk data op error: algorithm 'alg', mode 'mode'","%FTD-3-402142: CRYPTO: Bulk data op error: algorithm 'alg', mode 'mode'",An error occurred during a symmetric key operation. stateless-RC4,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402143,402143,CRYPTO: alg type key op error,%FTD-3-402143: CRYPTO: alg type key op error,An error occurred during an asymmetric key operation.,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402144,402144,"CRYPTO: Digital signature error: signature algorithm 'sig', hash algorithm 'hash'","%FTD-3-402144: CRYPTO: Digital signature error: signature algorithm 'sig', hash algorithm 'hash'",An error occurred during digital signature generation. SHA512,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402145,402145,CRYPTO: Hash generation error: algorithm 'hash',%FTD-3-402145: CRYPTO: Hash generation error: algorithm 'hash',A hash generation error occurred. SHA512,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402146,402146,"CRYPTO: Keyed hash generation error: algorithm 'hash', key len len","%FTD-3-402146: CRYPTO: Keyed hash generation error: algorithm 'hash', key len len",A keyed hash generation error occurred. SHA512,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402147,402147,CRYPTO: HMAC generation error: algorithm 'alg',%FTD-3-402147: CRYPTO: HMAC generation error: algorithm 'alg',"An HMAC generation error occurred. HMAC-SHA2, or AES-XCBC",Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402148,402148,CRYPTO: Random Number Generator error,%FTD-3-402148: CRYPTO: Random Number Generator error,A random number generator error occurred.,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ipsec
+%FTD-3-402149,402149,CRYPTO: Weak encryption_type (length) provided. Operation disallowed. Not FIPS 140-2 compliant,%FTD-3-402149: CRYPTO: Weak encryption_type (length) provided. Operation disallowed. Not FIPS 140-2 compliant,"The Secure Firewall Threat Defense device tried to use an RSA key that is less than 2048 bits or DH groups 1, 2, or 5.","Configure the Secure Firewall Threat Defense device or external application to use an RSA key that is at least 2048 bits, or to configure a DH group that is not 1, 2, or 5.",3,Error,65,vpn,ipsec
+%FTD-3-402150,402150,CRYPTO: Deprecated hash algorithm used for RSA operation (hash_alg). Operation disallowed. Not FIPS 140-2 compliant,%FTD-3-402150: CRYPTO: Deprecated hash algorithm used for RSA operation (hash_alg). Operation disallowed. Not FIPS 140-2 compliant,An unacceptable hashing algorithm has been used for digital certificate signing or verification for FIPS 140-2 certification.,None provided.,3,Error,65,vpn,ipsec
+%FTD-6-403500,403500,PPPoE - Service name 'any' not received in interface_name. AC:ac_name.,%FTD-6-403500: PPPoE - Service name 'any' not received in interface_name. AC:ac_name.,"The Secure Firewall Threat Defense device requested the PPPoE service any from the access controller at the Internet service provider. The response from the service provider includes other services, but does not include the service any . This is a discrepancy in the implementation of the protocol. The PADO packet is processed normally, and connection negotiations continue.",None required.,6,Informational,5,vpn,vpdn
+%FTD-3-403501,403501,PPPoE - Bad host-unique in PADO - packet dropped. AC:interface_name.,%FTD-3-403501: PPPoE - Bad host-unique in PADO - packet dropped. AC:interface_name.,"The Secure Firewall Threat Defense device sent an identifier called the host-unique value to the access controller. The access controller responded with a different host-unique value. The Secure Firewall Threat Defense device was unable to identify the corresponding connection request for this response. The packet was dropped, and connection negotiations were discontinued.","Contact the Internet service provider. Either the access controller at the service provider is mishandling the host-unique value, or the PADO packet is being forged.",3,Error,95,vpn,vpdn
+%FTD-3-403502,403502,PPPoE - Bad host-unique in PADS - packet dropped. AC:interface_name.,%FTD-3-403502: PPPoE - Bad host-unique in PADS - packet dropped. AC:interface_name.,"The Secure Firewall Threat Defense device sent an identifier called the host-unique value to the access controller. The access controller responded with a different host-unique value. The Secure Firewall Threat Defense device was unable to identify the corresponding connection request for this response. The packet was dropped, and connection negotiations were discontinued.","Contact the Internet service provider. Either the access controller at the service provider is mishandling the host-unique value, or the PADO packet is being forged.",3,Error,95,vpn,vpdn
+%FTD-3-403503,403503,Header_string:PPP link down[:reason string],%FTD-3-403503: Header_string:PPP link down[:reason string],The PPP link has gone down. There are many reasons why this can happen. The first format will display a reason if PPP provides one.,Check the network link to ensure that the link is connected. The access concentrator may be down. Make sure that your authentication protocol matches the access concentrator and that your name and password are correct. Verify this information with your ISP or network support person.,3,Error,75,vpn,vpdn
+%FTD-3-403504,403504,group_name:No 'vpdn group' for PPPoE has been created!,%FTD-3-403504: group_name:No 'vpdn group' for PPPoE has been created!,"PPPoE requires a dial-out configuration before starting a PPPoE session. In general, the configuration should specify a dialing policy, the PPP authentication, the username, and a password. The following example configures the Secure Firewall Threat Defense device for PPPoE dialout. The my-username and my-password commands are used to authenticate the access concentrator, using PAP if necessary. For example: ciscoftd# vpdn group my-pppoe request dialout pppoe ciscoftd# vpdn group my-pppoe ppp authentication pap ciscoftd# vpdn group my-pppoe localname my-username ciscoftd# vpdn username my-username password my-password ciscoftd# ip address outside pppoe setroute",Configure a VPDN group for PPPoE.,3,Error,65,vpn,vpdn
+%FTD-4-403505,403505,PPPoE:PPP - Unable to set default route to IP_address at interface_name. interface,%FTD-4-403505: PPPoE:PPP - Unable to set default route to IP_address at interface_name. interface,"This message is usually followed by the message, default route already exists.",Remove the current default route or remove the setroute parameter so that there is no conflict between PPPoE and the manually configured route.,4,Warning,55,vpn,vpdn
+%FTD-4-403506,403506,PPPoE: failed to assign PPP address IP_address netmask netmask at interface interface_name,%FTD-4-403506: PPPoE: failed to assign PPP address IP_address netmask netmask at interface interface_name,"This message is followed by one of the followings messages: subnet is the same as interface, or on failover channel.","In the first case, change the address causing the conflict. In the second case, configure the PPPoE on an interface other than the failover interface.",4,Warning,55,vpn,vpdn
+%FTD-3-403507,403507,PPPoE:PPPoE client on interface interface failed to locate PPPoE vpdn group group_name,%FTD-3-403507: PPPoE:PPPoE client on interface interface failed to locate PPPoE vpdn group group_name,"You can configure the PPPoE client on an interface to use a particular VPDN group by entering the pppoe client vpdn group group_name command. If a PPPoE VPDN group of the configured name was not located during system startup, this message is generated.",Perform the following steps:,3,Error,75,vpn,vpdn
+%FTD-4-405001,405001,Received ARP {request | response} collision from ip_address/MAC_address on interface interface_name with existing ARP entry ip_address/MAC_address,%FTD-4-405001: Received ARP {request | response} collision from ip_address/MAC_address on interface interface_name with existing ARP entry ip_address/MAC_address,"The Secure Firewall Threat Defense device received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.","This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and to see if they belong to a valid host.",4,Warning,65,network,session
+%FTD-4-405002,405002,Received mac mismatch packet from IP_address/{MAC_bytes|MAC_address} for authenticated host,%FTD-4-405002: Received mac mismatch packet from IP_address/{MAC_bytes|MAC_address} for authenticated host,"This packet appears for one of the following conditions: MAC address from one of its uauth entries. and the Secure Firewall Threat Defense device received a packet with an exempt MAC address, but a different IP address from the corresponding uauth entry.","This traffic might be legitimate, or it might indicate that a spoofing attack is in progress. Check the source MAC address and IP address to determine where the packets are coming from and if they belong to a valid host.",4,Warning,75,network,session
+%FTD-4-405003,405003,"IP address collision detected between host ip_address at MAC_address and interface interface_name, MAC_address","%FTD-4-405003: IP address collision detected between host ip_address at MAC_address and interface interface_name, MAC_address",A client IP address in the network is the same as the Secure Firewall Threat Defense interface IP address.,Change the IP address of the client.,4,Warning,45,network,session
+%FTD-4-405103,405103,H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator hex,%FTD-4-405103: H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator hex,"The Secure Firewall Threat Defense device is expecting the protocol discriminator, 0x08, but it received something other than 0x08. The endpoint may be sending a bad packet, or received a message segment other than the first segment. The packet is allowed through.",None required.,4,Warning,5,network,session
+%FTD-4-405104,405104,H225 message string received from outside_address/outside_port to inside_address/inside_port before SETUP,%FTD-4-405104: H225 message string received from outside_address/outside_port to inside_address/inside_port before SETUP,"An H.225 message was received out of order, before the initial SETUP message, which is not allowed. The Secure Firewall Threat Defense device must receive an initial SETUP message for that H.225 call signalling channel before accepting any other H.225 messages.",None required.,4,Warning,5,network,session
+%FTD-4-405105,405105,H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without an AdmissionRequest,%FTD-4-405105: H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without an AdmissionRequest,"A gatekeeper has sent an ACF, but the Secure Firewall Threat Defense device did not send an ARQ to the gatekeeper.",Check the gatekeeper with the specified source_address to determine why it sent an ACF without receiving an ARQ from the Secure Firewall Threat Defense device.,4,Warning,45,network,session
+%FTD-4-406001,406001,FTP port command low port: IP_address/port to IP_address on interface interface_name,%FTD-4-406001: FTP port command low port: IP_address/port to IP_address on interface interface_name,"A client entered an FTP port command and supplied a port less than 1024 (in the well-known port range usually devoted to server ports). This is indicative of an attempt to avert the site security policy. The Secure Firewall Threat Defense device drops the packet, terminates the connection, and logs the event.",None required.,4,Warning,65,network,session
+%FTD-4-406002,406002,FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name,%FTD-4-406002: FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name,"A client entered an FTP port command and supplied an address other than the address used in the connection. An attempt to avert the site security policy occurred. For example, an attacker might attempt to hijack an FTP session by changing the packet on the way, and putting different source information instead of the correct source information. The Secure Firewall Threat Defense device drops the packet, terminates the connection, and logs the event. The address in parentheses is the address from the port command.",None required.,4,Warning,65,network,session
+%FTD-4-407001,407001,"Deny traffic for local-host interface_name:inside_address, license limit of number exceeded","%FTD-4-407001: Deny traffic for local-host interface_name:inside_address, license limit of number exceeded",The host limit was exceeded. An inside host is counted toward the limit when one of the following conditions is true: five minutes. Defense device.,"The host limit is enforced on the low-end platforms. Use the show version command to view the host limit. Use the show local-host command to view the current active hosts and the inside users that have sessions at the Secure Firewall Threat Defense device. To forcefully disconnect one or more users, use the clear local-host command. To expire the inside users more quickly from the limit, set the xlate, connection, and uauth timeouts to the recommended values or lower as given in the table below:",4,Warning,75,network,session
+%FTD-4-407002,407002,Embryonic limit for through connections exceeded nconns/elimit. outside_address/outside_port to global_address(inside_address)/inside_port on interface interface_name,%FTD-4-407002: Embryonic limit for through connections exceeded nconns/elimit. outside_address/outside_port to global_address(inside_address)/inside_port on interface interface_name,"The number of connections from a specified foreign address over a specified global address to the specified local address exceeded the maximum embryonic limit for that static. The Secure Firewall Threat Defense device tries to accept the connection if it can allocate memory for that connection. It proxies on behalf of the local host and sends a SYN_ACK packet to the foreign host. The Secure Firewall Threat Defense device retains pertinent state information, drops the packet, and waits for the acknowledgment from the client. The message might indicate legitimate traffic or that a DoS attack is in progress.",Check the source address to determine where the packets are coming from and whether or not a valid host is sending them.,4,Warning,75,network,session
+%FTD-4-407003,407003,Established limit for RPC services exceeded,%FTD-4-407003: Established limit for RPC services exceeded,The Secure Firewall Threat Defense device tried to open a new hole for a pair of RPC servers or services that have already been configured after the maximum number of holes has been met.,"Wait for other holes to be closed (through associated timeout expiration), or limit the number of active pairs of servers or services.",4,Warning,55,network,session
+%FTD-4-408001,408001,IP route counter negative,%FTD-4-408001: IP route counter negative,An attempt to decrement the IP route counter into a negative value failed.,"Enter the clear ip route command to reset the route counter. If the problem persists, contact the Cisco TAC.",4,Warning,55,network,ip_stack
+%FTD-4-408101,408101,KEYMAN : Type encrption_type encryption unknown. Interpreting keystring as literal.,%FTD-4-408101: KEYMAN : Type encrption_type encryption unknown. Interpreting keystring as literal.,"The format type was not recognized by the system. A keystring format type value of 0 (unencrypted keystring) or 7 (hidden keystring), followed by a space, can precede the actual keystring to",None provided.,4,Warning,45,network,ip_stack
+%FTD-4-408102,408102,KEYMAN : Bad encrypted keystring for key id key_id.,%FTD-4-408102: KEYMAN : Bad encrypted keystring for key id key_id.,The system could not successfully decrypt an encrypted keystring. The keystring may have been corrupted during system configuration.,"Re-enter the key-string command, and reconfigure the key string.",4,Warning,75,network,ip_stack
+%FTD-4-409023,409023,Attempting AAA Fallback method method_name for request_type request for user user : Auth-server group Auth-server unreachable,%FTD-4-409023: Attempting AAA Fallback method method_name for request_type request for user user : Auth-server group Auth-server unreachable,An authentication or authorization attempt to an external server has failed and will be performed using the local user database.,Investigate any connectivity problems with the AAA servers configured in the first method. Ping the authentication servers from the Secure Firewall Threat Defense device. Make sure that the daemons are running on the AAA server. This chapter includes messages from 410001 to 450002.,4,Warning,65,network,routing_ospf
+%FTD-4-410001,410001,Dropped UDP DNS request from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; label|domain-name length number bytes exceeds remaining_packet_length limit of number bytes,%FTD-4-410001: Dropped UDP DNS request from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; label|domain-name length number bytes exceeds remaining_packet_length limit of number bytes,"The label length exceeds bytes in a UDP DNS packet. See RFC 1035, section 2.3.4 for more information. .",Create the policy-map and add a custom DNS class-map to match traffic and exclude it from inspection to allow packets exceeding the label length.,4,Warning,65,access_control,packet_filter
+%FTD-4-411001,411001,"Line protocol on Interface interface_name, changed state to up","%FTD-4-411001: Line protocol on Interface interface_name, changed state to up","The status of the line protocol has changed from down to up . If interface_name is a logical interface name such as inside and outside, this message indicates that the logical interface line protocol has changed from down to up . If interface_name is a physical interface name such as Ethernet0 and GigabitEthernet0/1, this message indicates that the physical interface line protocol has changed from down to up .",None required.,4,Warning,5,network,interfaces
+%FTD-4-411002,411002,"Line protocol on Interface interface_name, changed state to down","%FTD-4-411002: Line protocol on Interface interface_name, changed state to down","The status of the line protocol has changed from up to down. If interface_name is a logical interface name such as inside and outside, this message indicates that the logical interface line protocol has",None provided.,4,Warning,45,network,interfaces
+%FTD-4-411003,411003,"Interface interface_name, changed state to administratively up","%FTD-4-411003: Interface interface_name, changed state to administratively up",The configuration status of the interface has changed from down to up.,"If this is an unexpected event, check the physical line.",4,Warning,45,network,interfaces
+%FTD-4-411004,411004,"Interface interface_name, changed state to administratively down","%FTD-4-411004: Interface interface_name, changed state to administratively down",The configuration status of the interface has changed from down to up.,None required.,4,Warning,5,network,interfaces
+%FTD-4-411005,411005,Interface variable_1 experienced a hardware transmit hang. A software reset has been performed.,%FTD-4-411005: Interface variable_1 experienced a hardware transmit hang. A software reset has been performed.,The interface experienced a hardware transmit freeze that required a reset of the Ethernet controller to restore the interface to full operation.,None required.,4,Warning,5,network,interfaces
+%FTD-4-412001,412001,MAC MAC_address moved from interface_1 to interface_2,%FTD-4-412001: MAC MAC_address moved from interface_1 to interface_2,"A host move was detected from one module interface to another. In a transparent Secure Firewall Threat Defense, mapping between the host (MAC) and Secure Firewall Threat Defense port is maintained in a Layer 2 forwarding table. The table dynamically binds packet source MAC addresses to an Secure Firewall Threat Defense port. In this process, whenever movement of a host from one interface to another interface is detected, this message is generated.","The host move might be valid or might be an attempt to spoof host MACs on other interfaces. If it is a MAC spoof attempt, you can either locate vulnerable hosts on your network and remove them or configure static MAC entries, which will not allow MAC address and port binding to change. If it is a genuine host move, no action is required.",4,Warning,45,network,interfaces
+%FTD-4-412002,412002,Detected bridge table full while inserting MAC MAC_address on interface interface. Number of entries = num,%FTD-4-412002: Detected bridge table full while inserting MAC MAC_address on interface interface. Number of entries = num,"The bridge table was full and an attempt was made to add one more entry. The Secure Firewall Threat Defense device maintains a separate Layer 2 forwarding table per context and the message is generated whenever a context exceeds its size limit. The MAC address will be added, but it will replace the oldest existing dynamic entry (if available) in the table. This might be an attempted attack.","Make sure that the new bridge table entries are valid. In case of attack, use EtherType ACLs to control access to vulnerable hosts.",4,Warning,75,network,interfaces
+%FTD-4-413001,413001,Module module_id is not able to shut down. Module Error: errnum message,%FTD-4-413001: Module module_id is not able to shut down. Module Error: errnum message,"The module identified by module_id was not able to comply with a request from the Secure Firewall Threat Defense system module to shut down. It may be performing a task that cannot be interrupted, such as a software upgrade. The errnum and message text describes the reason why the module cannot shut down, and the recommended corrective action.","Wait for the task on the module to complete before shutting down the module, or use the session command to access the CLI on the module, and stop the task that is preventing the module from shutting down.",4,Warning,55,system,platform
+%FTD-4-413002,413002,Module module_id is not able to reload. Module Error: errnum message,%FTD-4-413002: Module module_id is not able to reload. Module Error: errnum message,"The module identified by module_id was not able to comply with a request from the Secure Firewall Threat Defense module to reload. It may be performing a task that cannot be interrupted, such as a software upgrade. The errnum and message text describes the reason why the module cannot reload, and the recommended corrective action.","Wait for the task on the module to complete before reloading the module, or use the session command to access the CLI on the module and stop the task that is preventing the module from reloading.",4,Warning,75,system,platform
+%FTD-4-413003,413003,Module string_one is not a recognized type.,%FTD-4-413003: Module string_one is not a recognized type.,A module was detected that is not recognized as a valid module type.,Upgrade to a version of Secure Firewall Threat Defense software that supports the module type installed.,4,Warning,55,system,platform
+%FTD-4-413004,413004,"Module in slot string_one failed to write software vnewver (currently vver), reason. Trying again.","%FTD-4-413004: Module in slot string_one failed to write software vnewver (currently vver), reason. Trying again.","The module failed to accept a software version, and will be transitioned to an UNRESPONSIVE state. Another attempt will be made to update the module software. example, 1.0(1)0) include the following: - write failure - failed to create a thread to write the image",None required. Subsequent attempts will either generate a message indicating a successful update or failure. You may verify the module transitions to UP after a subsequent update attempt by using the show module command.,4,Warning,5,system,platform
+%FTD-4-413005,413005,"Module module_id, application is not supported ""app_name"" version ""app_vers"" type app_type.","%FTD-4-413005: Module module_id, application is not supported ""app_name"" version ""app_vers"" type app_type.",The module installed in slot slot_num was running an unsupported application version or type. and slot 1 indicates the module installed in the expansion slot.,"If the problem persists, contact the Cisco TAC.",4,Warning,45,system,platform
+%FTD-4-413006,413006,"prod-id Module software version mismatch; slot slot is ""prod-id"" version ""running-vers"". Slot slot ""prod-id"" requires version ""required-vers""","%FTD-4-413006: prod-id Module software version mismatch; slot slot is ""prod-id"" version ""running-vers"". Slot slot ""prod-id"" requires version ""required-vers""",The version of software running on the module in slot slot was not the version required by another module.,None provided.,4,Warning,55,system,platform
+%FTD-4-413009,413009,internal_interface =current value,%FTD-4-413009: internal_interface =current value,"The firewall checks the current value of an internal interface or a data ring every one minute. When the current value of the ring falls below 10, this message is generated. %FTD-4-413009: Internal-Data0/1:RX[1]=[2] In the above example, Internal-Data0/1 RX1 value went to 2, which is less than 10.",None.,4,Warning,45,system,platform
+%FTD-3-414001,414001,Failed to save logging buffer to FTP server filename using filename ftp_server_address on interface interface_name: fail_reason,%FTD-3-414001: Failed to save logging buffer to FTP server filename using filename ftp_server_address on interface interface_name: fail_reason,The logging module failed to save the logging buffer to an external FTP server.,"Take applicable actions based on the failed reason: Threat Defense device, and that the FTP sever can accept the FTP port command and PUT requests. correct.",3,Error,75,system,general
+%FTD-3-414002,414002,Failed to save logging buffer to flash:/syslog directory using filename filename: fail_reason,%FTD-3-414002: Failed to save logging buffer to flash:/syslog directory using filename filename: fail_reason,The logging module failed to save the logging buffer to system flash.,"If the failed reason is caused by insufficient space, check the flash free space, and make sure that the configured limits of the logging flash-size command are set correctly. If the error is a flash file system I/O error, then contact the Cisco TAC for assistance.",3,Error,75,system,general
+%FTD-3-414003,414003,"TCP Syslog Server intf:IP_Address/port not responding, New connections are [permitted|denied] based on logging permit-hostdown policy","%FTD-3-414003: TCP Syslog Server intf:IP_Address/port not responding, New connections are [permitted|denied] based on logging permit-hostdown policy","The TCP syslog server for remote host logging was successful, is connected to the server, and new connections are permitted or denied based on the logging permit-hostdown policy. If the logging permit-hostdown policy is configured, a new connection is permitted. If not configured, a new connection is denied.",None provided.,3,Error,85,system,general
+%FTD-3-414005,414005,"TCP Syslog Server intf : IP_Address /port connected, New connections are permitted based on logging permit-hostdown policy","%FTD-3-414005: TCP Syslog Server intf : IP_Address /port connected, New connections are permitted based on logging permit-hostdown policy","The TCP syslog server for remote host logging was successful, is connected to the server, and new connections are permitted based on the logging permit-hostdown policy. If the logging permit-hostdown policy is configured, a new connection is permitted.",None required.,3,Error,5,system,general
+%FTD-3-414006,414006,TCP syslog server configured and logging queue is full. New connections denied based on logging permit-hostdown policy.,%FTD-3-414006: TCP syslog server configured and logging queue is full. New connections denied based on logging permit-hostdown policy.,"The logging queue is close to reaching the configured limit, so there is a risk that syslog messages will be discarded.","See the ""Configuring the Logging Queue"" section in the CLI configuration guide for information about how to tune the queue size to avoid this situation. If you want to deny new connections in this case, use the no logging permit-hostdown command. If you want to allow new connections in this case, use the logging permit-hostdown command.",3,Error,85,system,general
+%FTD-5-415020,415020,"HTTP - matched matched_string in policy-map map_name, a non-ASCII character was matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","%FTD-5-415020: HTTP - matched matched_string in policy-map map_name, a non-ASCII character was matched connection_action int_type:IP_address/port_num to int_type:IP_address/port_num","A non-ASCII character was found. - The class map ID, followed by the name of the class map. This string appears when the class map is user configured. - The actual match command that initiated the message. This string appears when the class map is internal.",None provided.,5,Notification,25,access_control,application_firewall
+%FTD-4-417001,417001,Unexpected event received: number,%FTD-4-417001: Unexpected event received: number,"A process received a signal, but no handler was found for the event.","If the problem persists, contact the Cisco TAC.",4,Warning,45,network,general
+%FTD-4-417004,417004,Filter violation error: conn number (string:string) in string,%FTD-4-417004: Filter violation error: conn number (string:string) in string,A client tried to modify a route attribute that the client does not own.,"If the problem persists, contact the Cisco TAC.",4,Warning,45,network,general
+%FTD-4-417006,417006,No memory for string in string (warning),%FTD-4-417006: No memory for string in string (warning),"An operation failed because of low memory, but will be handled with another mechanism.","If the problem persists, contact the Cisco TAC.",4,Warning,55,network,general
+%FTD-4-418001,418001,Through-the-device packet to/from management-only network is denied: protocol_string,%FTD-4-418001: Through-the-device packet to/from management-only network is denied: protocol_string,A packet from the specified source to the destination was dropped because it is traversing the Secure Firewall Threat Defense device to and from the management-only network.,Determine who is generating this packet and why.,4,Warning,65,access_control,packet_filter
+%FTD-4-419001,419001,"Dropping TCP packet from src_ifc:src_IP/src_port to dest_ifc:dest_IP/dest_port, reason: reason, MSS size, data size","%FTD-4-419001: Dropping TCP packet from src_ifc:src_IP/src_port to dest_ifc:dest_IP/dest_port, reason: reason, MSS size, data size",The length of the TCP packet exceeded the MSS advertised in the three-way handshake.,None provided.,4,Warning,75,network,session
+%FTD-4-419002,419002,Duplicate TCP SYN from in_interface:src_address/src_port to out_interface:dest_address/dest_port with different initial sequence number,%FTD-4-419002: Duplicate TCP SYN from in_interface:src_address/src_port to out_interface:dest_address/dest_port with different initial sequence number,A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number from the SYN that opened the embryonic connection. This may indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later.,None required.,4,Warning,5,network,session
+%FTD-4-419003,419003,Cleared TCP urgent flag from out_ifc:src_ip/src_port to in_ifc:dest_ip/dest_port,%FTD-4-419003: Cleared TCP urgent flag from out_ifc:src_ip/src_port to in_ifc:dest_ip/dest_port,A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number from the SYN that opened the embryonic connection. This may indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later.,"If you need to keep the urgent flag in TCP headers, use the urgent-flag allow command in TCP map configuration mode.",4,Warning,45,network,session
+%FTD-6-419004,419004,TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) is probed by DCD,%FTD-6-419004: TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) is probed by DCD,A TCP connection was probed by Dead Connection Detection (DCD) to determine if connection was still valid.,None.,6,Informational,15,network,session
+%FTD-6-419005,419005,"TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dest_ifc:des_ip/des_port (des_ip/des_port) duration hh:mm:ss data bytes, is kept open by DCD as valid connection","%FTD-6-419005: TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dest_ifc:des_ip/des_port (des_ip/des_port) duration hh:mm:ss data bytes, is kept open by DCD as valid connection",A TCP connection was kept open by Dead Connection Detection (DCD) as a valid connection.,None.,6,Informational,15,network,session
+%FTD-6-419006,419006,"Teardown TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) duration hh:mm:ss data bytes, DCD probe was not responded from client/server interface ifc_name","%FTD-6-419006: Teardown TCP connection ID from src_ifc:src_ip/src_port (src_ip/src_port) to dst_ifc:dst_ip/dst_port (dst_ip/dst_port) duration hh:mm:ss data bytes, DCD probe was not responded from client/server interface ifc_name",A TCP connection was closed by Dead Connection Detection (DCD) as it is no longer required.,None.,6,Informational,15,network,session
+%FTD-6-421005,421005,interface_name:IP_address is counted as a user for application,%FTD-6-421005: interface_name:IP_address is counted as a user for application,A host has been counted toward the license limit. The specified host was counted as a user of application. The total number of users in 24 hours is calculated at midnight for license validation.,None provided.,6,Informational,15,network,interfaces
+%FTD-3-421007,421007,TCP|UDP flow from interface_name :IP_address /port to interface_name :IP_address /port is skipped because application has failed.,%FTD-3-421007: TCP|UDP flow from interface_name :IP_address /port to interface_name :IP_address /port is skipped because application has failed.,"A flow was skipped because the service module application has failed. By default, this message is rate limited to 1 message every 10 seconds.",Determine the problem with the service module.,3,Error,75,network,interfaces
+%FTD-4-422004,422004,IP SLA Monitor number0 : Duplicate event received. Event number number1,%FTD-4-422004: IP SLA Monitor number0 : Duplicate event received. Event number number1,"The IP SLA monitor process has received a duplicate event. Currently, this message applies to destroy events. Only one destroy request will be applied. This is only a warning message.","If this recurs, enter the show sla monitor configuration SLA_operation_id command and copy the output of the command. Copy the message as it appears on the console or in the system log. Then contact the Cisco TAC and provide the representative with the information that you have, along with information about the application that is configuring and polling the SLA probes.",4,Warning,45,network,monitoring
+%FTD-4-422005,422005,IP SLA Monitor Probe(s) could not be scheduled because clock is not set.,%FTD-4-422005: IP SLA Monitor Probe(s) could not be scheduled because clock is not set.,One or more IP SLA monitor probes cannot be scheduled because the system clock was not set.,Make sure that the system clock is functional by using NTP or another mechanism.,4,Warning,45,network,monitoring
+%FTD-4-422006,422006,IP SLA Monitor Probe number : string,%FTD-4-422006: IP SLA Monitor Probe number : string,The IP SLA monitor probe cannot be scheduled. Either the configured starting time has already occurred or the starting time is invalid.,None provided.,4,Warning,55,network,monitoring
+%FTD-4-424001,424001,Packet denied: protocol_string. intf_in interface is in a backup state,%FTD-4-424001: Packet denied: protocol_string. intf_in interface is in a backup state,"A packet was dropped because it was traversing the Secure Firewall Threat Defense device to or from a redundant interface. Interface functionality is limited on low-end platforms. The interface specified by the backup interface command can only be a backup for the primary interface configured. If the default route to the primary interface is up, any traffic through the Secure Firewall Threat Defense device from the backup interface will be denied. Conversely, if the default route to the primary interface is down, traffic through the Secure Firewall Threat Defense device from the primary interface will be denied.",Determine the source of the denied packet.,4,Warning,65,access_control,packet_filter
+%FTD-4-424002,424002,Connection to the backup interface is denied: protocol_string,%FTD-4-424002: Connection to the backup interface is denied: protocol_string,"A connection was dropped because it is in a backup state. Interface functionality is limited on low-end platforms. The backup interface can only be a backup for the primary interface specified by the backup interface command. If the default route to the primary interface is up, any connection to the Secure Firewall Threat Defense device through the backup interface will be denied. Conversely, if the default route to the primary interface is down, connections to the Secure Firewall Threat Defense device through the primary interface will be denied.",Determine the source of the denied packet.,4,Warning,65,access_control,packet_filter
+%FTD-6-425001,425001,Redundant interface redundant_interface_name created.,%FTD-6-425001: Redundant interface redundant_interface_name created.,The specified redundant interface was created in the configuration.,None provided.,6,Informational,15,network,interfaces
+%FTD-6-425002,425002,Redundant interface redundant_interface_name removed.,%FTD-6-425002: Redundant interface redundant_interface_name removed.,The specified redundant interface was removed from the configuration.,None required.,6,Informational,5,network,interfaces
+%FTD-6-425003,425003,Interface interface_name added into redundant interface redundant_interface_name,%FTD-6-425003: Interface interface_name added into redundant interface redundant_interface_name,The specified physical interface was added to the specified redundant interface as a member interface.,None required.,6,Informational,5,network,interfaces
+%FTD-6-425004,425004,Interface interface_name removed from redundant interface redundant_interface_name,%FTD-6-425004: Interface interface_name removed from redundant interface redundant_interface_name,The specified redundant interface was removed from the specified redundant interface.,None required.,6,Informational,5,network,interfaces
+%FTD-5-425005,425005,Interface interface_name become active in redundant interface redundant_interface_name,%FTD-5-425005: Interface interface_name become active in redundant interface redundant_interface_name,"Within a redundant interface, one member interface is the active member. Traffic only passes through the active member interface. The specified physical interface became the active member of the specified redundant interface. Member interface switchover occurs when one of the following is true:",None provided.,5,Notification,25,network,interfaces
+%FTD-3-425006,425006,Redundant interface redundant_interface_name switch active member to interface_name failed,%FTD-3-425006: Redundant interface redundant_interface_name switch active member to interface_name failed,An error occurred when member interface switchover was attempted.,"If the problem persists, contact the Cisco TAC.",3,Error,75,network,interfaces
+%FTD-6-426001,426001,PORT-CHANNEL:Interface ifc_name bundled into EtherChannel interface num,%FTD-6-426001: PORT-CHANNEL:Interface ifc_name bundled into EtherChannel interface num,The interface port-channel num or the channel-group num mode mode command has been used on a nonexistent port channel.,None required.,6,Informational,5,network,interfaces
+%FTD-6-426002,426002,PORT-CHANNEL:Interface ifc_name unbundled from EtherChannel interface num,%FTD-6-426002: PORT-CHANNEL:Interface ifc_name unbundled from EtherChannel interface num,The no interface port-channel num command has been used.,None required.,6,Informational,5,network,interfaces
+%FTD-6-426003,426003,PORT-CHANNEL:Interface ifc_name1 has become standby in EtherChannel interface num,%FTD-6-426003: PORT-CHANNEL:Interface ifc_name1 has become standby in EtherChannel interface num,The channel-group num mode mode command has been used.,None required.,6,Informational,5,network,interfaces
+%FTD-6-426101,426101,PORT-CHANNEL:Interface ifc_name is allowed to bundle into EtherChannel interface port-channel_id by CLACP.,%FTD-6-426101: PORT-CHANNEL:Interface ifc_name is allowed to bundle into EtherChannel interface port-channel_id by CLACP.,A port has been bundled in a span-cluster channel group.,None required.,6,Informational,5,network,interfaces
+%FTD-6-426102,426102,PORT-CHANNEL:Interface ifc_name is moved to standby in EtherChannel interface port-channel_id by CLACP.,%FTD-6-426102: PORT-CHANNEL:Interface ifc_name is moved to standby in EtherChannel interface port-channel_id by CLACP.,A port has been moved to hot-standby state in a span-cluster channel group.,None required.,6,Informational,5,network,interfaces
+%FTD-6-426103,426103,PORT-CHANNEL:Interface ifc_name is selected to move from standby to bundle in EtherChannel interface port-channel_id by CLACP.,%FTD-6-426103: PORT-CHANNEL:Interface ifc_name is selected to move from standby to bundle in EtherChannel interface port-channel_id by CLACP.,A standby port has been selected to move to bundled state in a span-cluster channel group.,None required.,6,Informational,5,network,interfaces
+%FTD-6-426104,426104,PORT-CHANNEL:Interface ifc_name is unselected in EtherChannel interface port-channel_id by CLACP.,%FTD-6-426104: PORT-CHANNEL:Interface ifc_name is unselected in EtherChannel interface port-channel_id by CLACP.,None provided.,None provided.,6,Informational,15,network,interfaces
+%FTD-6-428002,428002,"WAAS confirmed from in_interface :src_ip_addr/src_port to out_interface :dest_ip_addr/dest_port , inspection services bypassed on this connection.","%FTD-6-428002: WAAS confirmed from in_interface :src_ip_addr/src_port to out_interface :dest_ip_addr/dest_port , inspection services bypassed on this connection.","WAAS optimization was detected on a connection. All layer 7 inspection services, including IPS, are bypassed on WAAS-optimized connections.","No action is required if the network includes WAE devices; otherwise, the network administrator should investigate the use of the WAAS option on this connection.",6,Informational,25,system,hardware_bypass
+%FTD-4-429008,429008,Unable to respond to VPN query from CX for session 0x%x . Reason %s,%FTD-4-429008: Unable to respond to VPN query from CX for session 0x%x . Reason %s,"The CX sent a VPN session query to the Secure Firewall Threat Defense device, but it did not respond either because of an invalid session ID or another reason. Valid reasons can be any of the following:",None required.,4,Warning,5,vpn,general
+%FTD-4-434001,434001,"SFR card not up and fail-close mode used, dropping protocol packet from ingress:source/IP_address to source_port:egress_interface/destination_IP_address","%FTD-4-434001: SFR card not up and fail-close mode used, dropping protocol packet from ingress:source/IP_address to source_port:egress_interface/destination_IP_address","A packet has been dropped because of a fail-close configuration for the module. Your loss of connectivity for all the flows is caused by redirecting them to the module, because the fail-close configuration is designed to drop all the flows if the module is down.","Try to understand the reason for failure and restore services. Alternatively, you can use the fail-open option even if the card does not recover immediately. Note that in the fail-open configuration, all packets to the module are bypassed if the card status is down.",4,Warning,75,system,hardware
+%FTD-5-434004,434004,SFR requested device to bypass further packet redirection and process protocol flow from inside_ifc_name:src_ip/src_port to outside_ifc_name:dst_ip/dst_port locally,%FTD-5-434004: SFR requested device to bypass further packet redirection and process protocol flow from inside_ifc_name:src_ip/src_port to outside_ifc_name:dst_ip/dst_port locally,SourceFire (SFR) has determined not to inspect more traffic of a flow and requests the Secure Firewall Threat Defense device to stop redirecting the flow of traffic to SFR.,None Required.,5,Notification,5,system,hardware
+%FTD-4-446003,446003,"Denied TLS Proxy session from src_int :src_ip /src_port to dst_int :dst_ip /dst_port , UC-IME license is disabled.","%FTD-4-446003: Denied TLS Proxy session from src_int :src_ip /src_port to dst_int :dst_ip /dst_port , UC-IME license is disabled.","The UC-IME license is either on or off. Once enabled, UC-IME can use any number of available TLS sessions, according to the Secure Firewall Threat Defense limit and the K8 export limit.",None provided.,4,Warning,65,system,general
+%FTD-4-447001,447001,"ASP DP to CP queue_name was full. Queue length length, limit limit","%FTD-4-447001: ASP DP to CP queue_name was full. Queue length length, limit limit","This message indicates a particular data path (DP) to control point (CP) event queue is full, and one or more multiple enqueue actions have failed. If the event contains a packet block, such as for CP application inspection, the packet will be dropped by the DP, and a counter from the show asp drop command will increment. If the event is for punt to CP, a typical counter is the Punt no memory ASP-drop counter.","The queue-full condition reflects the fact that the load on the CP has exceeded the CP processing ability, which may or may not be a temporary condition. You should consider reducing the feature load on the CP if this message appears repeatedly. Use the show asp event dp-cp command to identify the features that contribute the most load on the event queue.",4,Warning,75,network,general
+%FTD-4-448001,448001,"Denied SRTP crypto session setup on flow from src_int:src_ip/src_port to dst_int:dst_ip/dst_port, licensed K8 SRTP crypto session limit of limit exceeded","%FTD-4-448001: Denied SRTP crypto session setup on flow from src_int:src_ip/src_port to dst_int:dst_ip/dst_port, licensed K8 SRTP crypto session limit of limit exceeded","For a K8 platform, the limit of 250 SRTP crypto sessions is enforced. Each pair of SRTP encrypt or decrypt sessions is counted as one SRTP crypto session. A call is counted toward this limit only when encryption or decryption is required for a medium, which means that if the pass-through is set for the call, even if both legs use SRTP, they are not counted toward this limit.",None required. You can set up new SRTP crypto sessions only when existing SRTP crypto sessions have been released.,4,Warning,75,system,general
+%FTD-4-450002,450002,Teardown string connection connection for interface:address/port to interface:address/port duration hh:mm:ss bytes bytes reason reason_string,%FTD-4-450002: Teardown string connection connection for interface:address/port to interface:address/port duration hh:mm:ss bytes bytes reason reason_string,Drop due to vPath license failure.,None required.,4,Warning,75,network,interfaces
+%FTD-5-500003,500003,"Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags:tcp_flags, on interfaceinterface_name","%FTD-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags:tcp_flags, on interfaceinterface_name","A header length in TCP was incorrect. Some operating systems do not handle TCP resets (RSTs) correctly when responding to a connection request to a disabled socket. If a client tries to connect to an FTP server outside the Secure Firewall Threat Defense device and the FTP server is not listening, then it sends an RST. Some operating systems send incorrect TCP header lengths, which causes this problem. UDP uses ICMP port unreachable messages. The TCP header length may indicate that it is larger than the packet length, which results in a negative number of bytes being transferred. A negative number appears by a message as an unsigned number, which makes it appear much larger than it would be normally; for example, it may show 4 GB transferred in one second. This message should occur infrequently.",None required.,5,Notification,5,network,session
+%FTD-4-500004,500004,"Invalid transport field for protocol=protocol, from source_address/source_port to dest_address/dest_port","%FTD-4-500004: Invalid transport field for protocol=protocol, from source_address/source_port to dest_address/dest_port","An invalid transport number was used, in which the source or destination port number for a protocol is zero. The protocol value is 6 for TCP and 17 for UDP.","If these messages persist, contact the administrator of the peer.",4,Warning,55,network,session
+%FTD-3-500005,500005,Connection terminated for protocol from in_ifc_name:src_adddress/src_port to out_ifc_name:dest_address/dest_port due to invalid combination of inspections on same flow. Inspect inspect_name is not compatible with filter filter_name,%FTD-3-500005: Connection terminated for protocol from in_ifc_name:src_adddress/src_port to out_ifc_name:dest_address/dest_port due to invalid combination of inspections on same flow. Inspect inspect_name is not compatible with filter filter_name,A connection matched with single or multiple inspection and/or single or multiple filter features that are not allowed to be applied to the same connection.,"Review the class-map, policy-map, service-policy, and/or filter command configurations that are causing the referenced inspection and/or filter features that are matched for the connection. The rules for inspection and filter feature combinations for a connection are as follows:",3,Error,75,network,session
+%FTD-4-500006,500006,For flow inside:IP_Address/port to outside:IP_Address/port :existing_flow_message:connection_id,%FTD-4-500006: For flow inside:IP_Address/port to outside:IP_Address/port :existing_flow_message:connection_id,"This message is generated when staleness in pinhole flows persist due to failure to clear timeout expiry, interface flap, and so on. The flow message with connection ID in the message helps in debugging the issue:",None.,4,Warning,55,network,session
+%FTD-5-501101,501101,User transitioning priv level,%FTD-5-501101: User transitioning priv level,The privilege level of a command was changed.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-502101,502101,New user added to local dbase: Uname: user Priv: privilege_level Encpass: *****,%FTD-5-502101: New user added to local dbase: Uname: user Priv: privilege_level Encpass: *****,"A new username record was created, which included the username, privilege level, and encrypted password.",None required.,5,Notification,5,network,session
+%FTD-5-502102,502102,User deleted from local dbase: Uname: user Priv: privilege_level Encpass: *****,%FTD-5-502102: User deleted from local dbase: Uname: user Priv: privilege_level Encpass: *****,"A username record was deleted, which included the username, privilege level, and encrypted password.",None provided.,5,Notification,25,network,session
+%FTD-5-502103,502103,User priv level changed: Uname: user From: privilege_level To: privilege_level,%FTD-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level,The privilege level of a user changed.,None required.,5,Notification,5,network,session
+%FTD-5-502111,502111,New group policy added: name: policy_name Type: policy_type,%FTD-5-502111: New group policy added: name: policy_name Type: policy_type,A group policy was configured using the group-policy CLI command.,None required.,5,Notification,5,network,session
+%FTD-5-502112,502112,Group policy deleted: name: policy_name Type: policy_type,%FTD-5-502112: Group policy deleted: name: policy_name Type: policy_type,A group policy has been removed using the group-policy CLI command.,None required.,5,Notification,5,network,session
+%FTD-5-503001,503001,"Process number, Nbr IP_address on interface_name from string to string , reason","%FTD-5-503001: Process number, Nbr IP_address on interface_name from string to string , reason",An OSPFv2 neighbor has changed its state. The message describes the change and the reason for it. This message appears only if the log-adjacency-changes command is configured for the OSPF process.,"Copy the message exactly as it appears, and report it to the Cisco TAC.",5,Notification,25,network,routing_ospf
+%FTD-5-503002,503002,Last valid authentication key for neighbor nameif expires,%FTD-5-503002: Last valid authentication key for neighbor nameif expires,None of the security associations have a lifetime that include the current system time.,Configure a new security association or alter the lifetime of a current security association.,5,Notification,25,network,routing_ospf
+%FTD-5-503003,503003,Expired key ID sent | received used by neighbor nameif,%FTD-5-503003: Expired key ID sent | received used by neighbor nameif,The Key ID configured on the interface expired.,Configure a new key.,5,Notification,25,network,routing_ospf
+%FTD-5-503004,503004,No key ID key-id for neighbor key-chain-name,%FTD-5-503004: No key ID key-id for neighbor key-chain-name,"OSPF has been configured to use cryptographic authentication, however a key or password has not been configured.",Configure a new security association or alter the lifetime of a current security association.,5,Notification,25,network,routing_ospf
+%FTD-5-503005,503005,No crypto algorithm for neighbor key-id key ID key-chain-name,%FTD-5-503005: No crypto algorithm for neighbor key-id key ID key-chain-name,"OSPF has been configured to use cryptographic authentication, however an algorithm has not been configured.",Configure a cryptographic-algorithm for the security association.,5,Notification,25,network,routing_ospf
+%FTD-5-503101,503101,"Process d, Nbr i on s from s to s, s","%FTD-5-503101: Process d, Nbr i on s from s to s, s",An OSPFv3 neighbor has changed its state. The message describes the change and the reason for it. This message appears only if the log-adjacency-changes command is configured for the OSPF process.,None required.,5,Notification,5,network,routing_ospf
+%FTD-5-504001,504001,Security context context_name was added to the system,%FTD-5-504001: Security context context_name was added to the system,A security context was successfully added to the Secure Firewall Threat Defense device.,None required.,5,Notification,5,system,general
+%FTD-5-504002,504002,Security context context_name was removed from the system,%FTD-5-504002: Security context context_name was removed from the system,A security context was successfully removed from the Secure Firewall Threat Defense device.,None required.,5,Notification,5,system,general
+%FTD-5-505001,505001,Module string_one is shutting down. Please wait...,%FTD-5-505001: Module string_one is shutting down. Please wait...,A module is being shut down.,None required.,5,Notification,5,system,platform
+%FTD-5-505002,505002,Module ips is reloading. Please wait...,%FTD-5-505002: Module ips is reloading. Please wait...,An IPS module is being reloaded.,None required.,5,Notification,45,system,platform
+%FTD-5-505003,505003,Module string_one is resetting. Please wait...,%FTD-5-505003: Module string_one is resetting. Please wait...,A module is being reset.,None required.,5,Notification,5,system,platform
+%FTD-5-505004,505004,Module string_one shutdown is complete.,%FTD-5-505004: Module string_one shutdown is complete.,A module has been shut down.,None required.,5,Notification,5,system,platform
+%FTD-5-505005,505005,Module module_name is initializing control communication. Please wait...,%FTD-5-505005: Module module_name is initializing control communication. Please wait...,"A module has been detected, and the Secure Firewall Threat Defense device is initializing control channel communication with it.",None required.,5,Notification,5,system,platform
+%FTD-5-505006,505006,Module string_one is Up.,%FTD-5-505006: Module string_one is Up.,A module has completed control channel initialization and is in the UP state.,None required.,5,Notification,5,system,platform
+%FTD-5-505007,505007,Module module_id is recovering. Please wait...,%FTD-5-505007: Module module_id is recovering. Please wait...,"A software module is being recovered with the sw-module module service-module-name recover boot command, or a hardware module is being recovered with the hw-module module slotnum recover boot command. board, and slot 1 indicates the module installed in the expansion slot.",None required.,5,Notification,5,system,platform
+%FTD-5-505008,505008,Module module_id software is being updated to vnewver (currently vver),%FTD-5-505008: Module module_id software is being updated to vnewver (currently vver),"The services module software is being upgraded. The update is proceeding normally. example, 1.0(1)0)",None required.,5,Notification,5,system,platform
+%FTD-5-505009,505009,Module in slot string_one software was updated to vnewver (previously vprevver),%FTD-5-505009: Module in slot string_one software was updated to vnewver (previously vprevver),"The 4GE SSM module software was successfully upgraded. example, 1.0(1)0)",None required.,5,Notification,5,system,platform
+%FTD-5-505010,505010,Module in slot slot removed,%FTD-5-505010: Module in slot slot removed,An SSM was removed from the Secure Firewall Threat Defense device chassis.,None required.,5,Notification,5,system,platform
+%FTD-1-505011,505011,Module ips data channel communication is UP.,%FTD-1-505011: Module ips data channel communication is UP.,The data channel communication recovered from a DOWN state.,None required.,1,Alert,5,system,platform
+%FTD-5-505012,505012,"Module module_id, application removed ""application"", version ""ver_num"" version","%FTD-5-505012: Module module_id, application removed ""application"", version ""ver_num"" version",An application was stopped or removed from a services module. This may occur when the services module upgraded an application or when an application on the services module was stopped or uninstalled.,"If an upgrade was not occurring on the 4GE SSM or the application was not intentionally stopped or uninstalled, review the logs from the 4GE SSM to determine why the application stopped.",5,Notification,35,system,platform
+%FTD-5-505013,505013,"Module module_id, application reloading ""application"", version ""version"" newapplication","%FTD-5-505013: Module module_id, application reloading ""application"", version ""version"" newapplication","An application version changed, such as after an upgrade. A software update for the application on the services module is complete.",None provided.,5,Notification,55,system,platform
+%FTD-1-505014,505014,"Module module_id, application down ""name"", version ""version"" reason","%FTD-1-505014: Module module_id, application down ""name"", version ""version"" reason",The application running on the module is disabled. slot 1 indicates the module installed in the expansion slot.,"If the problem persists, contact the Cisco TAC.",1,Alert,75,system,platform
+%FTD-1-505015,505015,"Module module_id, application up ""application"", version ""ver_num"" version","%FTD-1-505015: Module module_id, application up ""application"", version ""ver_num"" version",The application running on the SSM in slot slot_num is up and running. 1 indicates the module installed in the expansion slot.,None required.,1,Alert,5,system,platform
+%FTD-3-505016,505016,"Module module_id, application changed from: ""name"" version ""version"" state ""state"" to: ""name"" version ""version"" state ""state""","%FTD-3-505016: Module module_id, application changed from: ""name"" version ""version"" state ""state"" to: ""name"" version ""version"" state ""state""",The application version or a name change was detected. 1 indicates the module installed in the expansion slot.,Verify that the change was expected and that the new version is correct.,3,Error,75,system,platform
+%FTD-5-506001,506001,event_source_string event_string,%FTD-5-506001: event_source_string event_string,The status of a file system has changed. The event and the source of the event that caused a file system to become available or unavailable appear. Examples of sources and events that can cause a file system status change are as follows:,None required.,5,Notification,5,system,general
+%FTD-5-507001,507001,Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port - reassembly limit of limit bytes exceeded,%FTD-5-507001: Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port - reassembly limit of limit bytes exceeded,The assembly buffer limit was exceeded during TCP segment reassembly. connection connection,None required.,5,Notification,5,network,interfaces
+%FTD-4-507002,507002,Data copy in proxy-mode exceeded the buffer limit,%FTD-4-507002: Data copy in proxy-mode exceeded the buffer limit,An operational error occurred during processing of a fragmented TCP message.,None required.,4,Warning,5,network,dns
+%FTD-3-507003,507003,"protocol flow from originating_interface:src_ip/src_port to dest_if:dest_ip/dest_port terminated by inspection engine, reason - reason.","%FTD-3-507003: protocol flow from originating_interface:src_ip/src_port to dest_if:dest_ip/dest_port terminated by inspection engine, reason - reason.","The TCP proxy or session API terminated a connection for various reasons, which are provided in the message. include: - Failed to create flow - Failed to initialize session API - Filter rules installed/matched are incompatible - Failed to consolidate new buffer data with original - Reset unconditionally - Reset based on “service reset inbound” configuration - Disconnected, dropped packet - Packet length changed - Reset reflected back to sender - Proxy inspector reset unconditionally - Proxy inspector drop reset - Proxy inspector received data after FIN - Proxy inspector disconnected, dropped packet - Inspector reset unconditionally - Inspector drop reset - Inspector received data after FIN - Inspector disconnected, dropped packet - Could not buffer unprocessed data",None provided.,3,Error,95,network,interfaces
+%FTD-5-509001,509001,Connection attempt was prevented by \ command: src_intf,%FTD-5-509001: Connection attempt was prevented by \ command: src_intf,The no forward interface command was entered to block traffic from the source interface to the destination interface given in the message. This command is required on low-end platforms to allow the creation of interfaces beyond the licensed limit. applies applies,"Upgrade the license to remove the requirement of this command on low-end platforms, then remove the command from the configuration.",5,Notification,35,network,session
+%FTD-3-520001,520001,error_string,%FTD-3-520001: error_string,A malloc failure occurred in ID Manager. The errror string can be either of the following:,Contact the Cisco TAC.,3,Error,75,system,general
+%FTD-3-520002,520002,bad new ID table size,%FTD-3-520002: bad new ID table size,A bad new table request to the ID Manager occurred.,Contact the Cisco TAC.,3,Error,65,system,general
+%FTD-3-520003,520003,bad id in error_string (id: 0xid_num),%FTD-3-520003: bad id in error_string (id: 0xid_num),An ID Manager error occurred. The error string may be any of the following:,None provided.,3,Error,65,system,general
+%FTD-3-520004,520004,error_string,%FTD-3-520004: error_string,An id_get was attempted at the interrupt level.,Contact the Cisco TAC.,3,Error,65,system,general
+%FTD-3-520005,520005,error_string,%FTD-3-520005: error_string,An internal error occurred with the ID Manager.,Contact the Cisco TAC.,3,Error,65,system,general
+%FTD-3-520010,520010,"Bad queue elem – qelem_ptr : flink flink_ptr , blink blink_ptr , flink-blink flink_blink_ptr , blink-flink blink_flink_ptr","%FTD-3-520010: Bad queue elem – qelem_ptr : flink flink_ptr , blink blink_ptr , flink-blink flink_blink_ptr , blink-flink blink_flink_ptr","An internal software error occurred, which can be any of the following:",Contact the Cisco TAC.,3,Error,65,system,general
+%FTD-3-520011,520011,Null queue elem,%FTD-3-520011: Null queue elem,None provided.,None provided.,3,Error,65,system,general
+%FTD-3-520013,520013,Regular expression access check with bad list acl_ID,%FTD-3-520013: Regular expression access check with bad list acl_ID,A pointer to an access list is invalid.,"The event that caused this message to be issued should not have occurred. It can mean that one or more data structures have been overwritten. If this message recurs, and you decide to report it to your TAC representative, you should copy the text of the message exactly as it appears and include the associated stack trace. Because access list corruption may have occurred, a TAC representative should verify that access lists are functioning correctly.",3,Error,100,system,general
+%FTD-3-520020,520020,No memory available,%FTD-3-520020: No memory available,The system is out of memory.,Try one of the following actions to correct the problem:,3,Error,65,system,general
+%FTD-3-520021,520021,"Error deleting trie entry, error_message","%FTD-3-520021: Error deleting trie entry, error_message",A software programming error occurred. The error message can be any of the following:,"Copy the error message exactly as it appears, and report it to Cisco TAC.",3,Error,65,system,general
+%FTD-3-520022,520022,"Error adding mask entry, error_message","%FTD-3-520022: Error adding mask entry, error_message",A software or hardware error occurred. The error message can be any of the following:,"Copy the error message exactly as it appears, and report it to Cisco TAC.",3,Error,65,system,general
+%FTD-3-520023,520023,"Invalid pointer to head of tree, 0x radix_node_ptr","%FTD-3-520023: Invalid pointer to head of tree, 0x radix_node_ptr",A software programming error occurred.,"Copy the error message exactly as it appears, and report it to Cisco TAC.",3,Error,75,system,general
+%FTD-3-520024,520024,"Orphaned mask #radix_mask_ptr, refcount= radix_mask_ptr’s ref count at #radix_node_address, next= #radix_node_nxt","%FTD-3-520024: Orphaned mask #radix_mask_ptr, refcount= radix_mask_ptr’s ref count at #radix_node_address, next= #radix_node_nxt",A software programming error occurred.,"Copy the error message exactly as it appears, and report it to Cisco TAC.",3,Error,65,system,general
+%FTD-3-520025,520025,No memory for radix initialization: err_msg,%FTD-3-520025: No memory for radix initialization: err_msg,The system ran out of memory during initialization. This should only occur if an image is too large for the existing dynamic memory. The error message can be either of the following:Initializing leaf nodesMask housekeeping,Use a smaller subset image or upgrade hardware.,3,Error,75,system,general
+%FTD-6-602101,602101,"PMTU-D packet number bytes greater than effective mtu number, dest_addr=dest_address, src_addr=source_address, prot=protocol","%FTD-6-602101: PMTU-D packet number bytes greater than effective mtu number, dest_addr=dest_address, src_addr=source_address, prot=protocol",The Secure Firewall Threat Defense device sent an ICMP destination unreachable message and fragmentation is needed.,Make sure that the data is sent correctly.,6,Informational,15,vpn,ipsec
+%FTD-6-602103,602103,"IPSEC: Received an ICMP Destination Unreachable from src_addr with suggested PMTU of rcvd_mtu; PMTU updated for SA with peer peer_addr, SPI spi, tunnel name username, old PMTU old_mtu, new PMTU new_mtu","%FTD-6-602103: IPSEC: Received an ICMP Destination Unreachable from src_addr with suggested PMTU of rcvd_mtu; PMTU updated for SA with peer peer_addr, SPI spi, tunnel name username, old PMTU old_mtu, new PMTU new_mtu","The MTU of an SA was changed. When a packet is received for an IPsec tunnel, the corresponding SA is located and the MTU is updated based on the MTU suggested in the ICMP packet. If the suggested MTU is greater than 0 but less than 256, then the new MTU is set to 256. If the suggested MTU is 0, the old MTU is reduced by 256 or it is set to 256—whichever value is greater. If the suggested MTU is greater than 256, then the new MTU is set to the suggested value.",None required.,6,Informational,5,vpn,ipsec
+%FTD-6-602104,602104,"IPSEC: Received an ICMP Destination Unreachable from src_addr, PMTU is unchanged because suggested PMTU of rcvd_mtu is equal to or greater than the current PMTU of curr_mtu, for SA with peer peer_addr, SPI spi, tunnel name username","%FTD-6-602104: IPSEC: Received an ICMP Destination Unreachable from src_addr, PMTU is unchanged because suggested PMTU of rcvd_mtu is equal to or greater than the current PMTU of curr_mtu, for SA with peer peer_addr, SPI spi, tunnel name username","An ICMP message was received indicating that a packet sent over an IPsec tunnel exceeded the path MTU, and the suggested MTU was greater than or equal to the current MTU. Because the MTU value is already correct, no MTU adjustment is made. This may happen when multiple PMTU messages are received from different intermediate stations, and the MTU is adjusted before the current PMTU message is processed.",None required.,6,Informational,5,vpn,ipsec
+%FTD-6-602303,602303,IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been created.,%FTD-6-602303: IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been created.,A new SA was created.,None required.,6,Informational,5,vpn,ipsec
+%FTD-6-602304,602304,IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been deleted.,%FTD-6-602304: IPSEC: An direction tunnel_type SA (SPI= spi) between local_IP and remote_IP (user= username) has been deleted.,An SA was deleted.,None provided.,6,Informational,15,vpn,ipsec
+%FTD-3-602305,602305,"IPSEC: SA creation error, source source_address, destination destination_address, reason error_string.","%FTD-3-602305: IPSEC: SA creation error, source source_address, destination destination_address, reason error_string.",An error has occurred while creating an IPsec security association.,"This is typically a transient error condition. If this message occurs consistently, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-3-602306,602306,"IPSEC: SA change peer IP error, SPI: IPsec_SPI, (src original_src_IP_address/original_src_port, dest original_dest_IP_address/original_dest_port => src new_src_IP_address/new_src_port, dest: new_dest_IP_address/new_dest_port), reason failure_reason.","%FTD-3-602306: IPSEC: SA change peer IP error, SPI: IPsec_SPI, (src original_src_IP_address/original_src_port, dest original_dest_IP_address/original_dest_port => src new_src_IP_address/new_src_port, dest: new_dest_IP_address/new_dest_port), reason failure_reason.",An error has occurred while updating an IPsec tunnel’s peer address for Mobile IKE and the peer address could not be changed.,"This is typically a transient error condition. If this message occurs consistently, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-6-604101,604101,"DHCP client interface interface_name: Allocated ip = IP_address, mask = netmask, gw = gateway_address","%FTD-6-604101: DHCP client interface interface_name: Allocated ip = IP_address, mask = netmask, gw = gateway_address","The Secure Firewall Threat Defense DHCP client successfully obtained an IP address from a DHCP server. The dhcpc command statement allows the Secure Firewall Threat Defense device to obtain an IP address and network mask for a network interface from a DHCP server, as well as a default route. The default route statement uses the gateway address as the address of the default router.",None required.,6,Informational,5,system,general
+%FTD-6-604102,604102,DHCP client interface interface_name: address released,%FTD-6-604102: DHCP client interface interface_name: address released,The Secure Firewall Threat Defense DHCP client released an allocated IP address back to the DHCP server.,None required.,6,Informational,5,system,general
+%FTD-6-604103,604103,DHCP daemon interface interface_name: address granted MAC_address (IP_address),%FTD-6-604103: DHCP daemon interface interface_name: address granted MAC_address (IP_address),None provided.,None provided.,6,Informational,15,system,general
+%FTD-6-604104,604104,DHCP daemon interface interface_name: address released build_number (IP_address),%FTD-6-604104: DHCP daemon interface interface_name: address released build_number (IP_address),An external client released an IP address back to the Secure Firewall Threat Defense DHCP server.,None required.,6,Informational,5,system,general
+%FTD-4-604105,604105,Unable to send DHCP reply to client hardware_address on interface interface_name. Reply exceeds options field size (options_field_size) by number_of_octets octets.,%FTD-4-604105: Unable to send DHCP reply to client hardware_address on interface interface_name. Reply exceeds options field size (options_field_size) by number_of_octets octets.,"An administrator can configure the DHCP options to return to the DHCP client. Depending on the options that the DHCP client requests, the DHCP options for the offer could exceed the message length limits. A DHCP offer cannot be sent, because it will not fit within the message limits. octets to terminate.",Reduce the size or number of configured DHCP options.,4,Warning,55,system,general
+%FTD-6-604201,604201,DHCPv6 PD client on interface pd-client-iface received delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,%FTD-6-604201: DHCPv6 PD client on interface pd-client-iface received delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,"This syslog is displayed whenever DHCPv6 PD client is received with delegated prefix from PD server as part of initial 4-way exchange. In the case of multiple prefixes, the syslog is displayed for each prefix.",None.,6,Informational,15,system,general
+%FTD-6-604202,604202,DHCPv6 PD client on interface pd-client-iface releasing delegated prefix prefix/prefix received from DHCPv6 PD server server-address,%FTD-6-604202: DHCPv6 PD client on interface pd-client-iface releasing delegated prefix prefix/prefix received from DHCPv6 PD server server-address,None provided.,None provided.,6,Informational,15,system,general
+%FTD-6-604203,604203,DHCPv6 PD client on interface pd-client-iface renewed delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,%FTD-6-604203: DHCPv6 PD client on interface pd-client-iface renewed delegated prefix prefix/prefix from DHCPv6 PD server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,"This syslog is displayed whenever DHCPv6 PD Client initiate renewal of previously allocated delegated prefix from PD Server and upon successful. In the case of multiple prefixes, the syslog is displayed for each prefix.",None.,6,Informational,15,system,general
+%FTD-6-604204,604204,"DHCPv6 delegated prefix delegated_prefix/prefix got expired on interface pd-client-iface, received from DHCPv6 PD server server-address","%FTD-6-604204: DHCPv6 delegated prefix delegated_prefix/prefix got expired on interface pd-client-iface, received from DHCPv6 PD server server-address",This syslog is displayed whenever DHCPv6 PD Client received delegated prefix is getting expired.,None.,6,Informational,15,system,general
+%FTD-6-604205,604205,DHCPv6 client on interface client-iface allocated address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,%FTD-6-604205: DHCPv6 client on interface client-iface allocated address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,"This syslog is displayed whenever DHCPv6 Client address is received from DHCPv6 Server as part of initial 4-way exchange and is valid. In the case of multiple addresses, the syslog is displayed for each received address.",None provided.,6,Informational,15,system,general
+%FTD-6-604206,604206,DHCPv6 client on interface client-iface releasing address ipv6-address received from DHCPv6 server server-address,%FTD-6-604206: DHCPv6 client on interface client-iface releasing address ipv6-address received from DHCPv6 server server-address,"DHCPv6 Client is releasing received client address whenever no configuration of DHCPv6 client address is performed. In the case of multiple addresses release, the syslog is displayed for each address.",None.,6,Informational,15,system,general
+%FTD-6-604207,604207,DHCPv6 client on interface client-iface renewed address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,%FTD-6-604207: DHCPv6 client on interface client-iface renewed address ipv6-address from DHCPv6 server server-address with preferred lifetime in-seconds seconds and valid lifetime in-seconds seconds,"This syslog is displayed whenever DHCPv6 client initiates renewal of previously allocated address from DHCPv6 server. In the case of multiple addresses, the syslog is displayed for each renewed address.",None.,6,Informational,15,system,general
+%FTD-6-604208,604208,"DHCPv6 client address ipv6-address got expired on interface client-iface, received from DHCPv6 server server-address","%FTD-6-604208: DHCPv6 client address ipv6-address got expired on interface client-iface, received from DHCPv6 server server-address",This syslog is displayed whenever DHCPv6 client received address is getting expired.,None.,6,Informational,15,system,general
+%FTD-4-607002,607002,action_class SIP action req_resp from req_resp_info:src_ifc/sip to sport:dest_ifc/dip; dport,%FTD-4-607002: action_class SIP action req_resp from req_resp_info:src_ifc/sip to sport:dest_ifc/dip; dport,"A SIP classification was performed on a SIP message, and the specified criteria were satisfied. As a result, the configured action occurs. for parameter commands flags for code if the type is Response: 100, 183, 200. For SIP match commands: matched Class id: class-name For example: matched Class 1234: my_class For SIP parameter commands: parameter-command: descriptive-message For example:",None provided.,4,Warning,45,network,session
+%FTD-6-607003,607003,action_class SIP req_resp req_resp_info from src_ifc:sip/sport to dest_ifc:dip/dport; further_info,%FTD-6-607003: action_class SIP req_resp req_resp_info from src_ifc:sip/sport to dest_ifc:dip/dport; further_info,"A SIP classification was performed on a SIP message, and the specified criteria were satisfied. As a result, the standalone log action occurs. code if the type is Response: 100, 183, 200. For SIP match commands: matched Class id: class-name For example: matched Class 1234: my_class For SIP parameter commands: parameter-command: descriptive-message For example: strict-header-validation: Mandatory header field Via is missing state-checking: Message CANCEL is not permitted to create a Dialog.",None required.,6,Informational,5,network,session
+%FTD-4-607004,607004,Phone Proxy: Dropping SIP message from src_if:src_ip/src_port to dest_if:dest_ip/dest_port with source MAC mac_address due to secure phone database mismatch,%FTD-4-607004: Phone Proxy: Dropping SIP message from src_if:src_ip/src_port to dest_if:dest_ip/dest_port with source MAC mac_address due to secure phone database mismatch,"The MAC address in the SIP message is compared with the secure database entries in addition to the IP address and interface. If they do not match, then the particular message is dropped.",None required.,4,Warning,75,network,session
+%FTD-6-608001,608001,Pre-allocate Skinny connection_type secondary channel for interface_name:IP_address to interface_name:IP_address from string message,%FTD-6-608001: Pre-allocate Skinny connection_type secondary channel for interface_name:IP_address to interface_name:IP_address from string message,The inspect skinny command preallocated a Skinny connection after inspecting a Skinny message . The connection_type is one of the following strings:,None required.,6,Informational,5,network,session
+%FTD-4-608002,608002,"Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too small","%FTD-4-608002: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too small",A Skinny (SSCP) message was received with an SCCP prefix length less than the minimum length configured.,"If the SCCP message is valid, then customize the Skinny policy map to increase the minimum length value of the SSCP prefix.",4,Warning,65,network,session
+%FTD-4-608003,608003,"Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too large","%FTD-4-608003: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too large",A Skinny (SSCP) message was received with an SCCP prefix length greater than the maximum length configured.,None provided.,4,Warning,65,network,session
+%FTD-7-609001,609001,Built local_host zone_name:ip_address,%FTD-7-609001: Built local_host zone_name:ip_address,A network state container was reserved for host ip_address connected to zone zone_name. The zone_name/* parameter is used if the interface on which the host is created is part of a zone. The asterisk symbolizes all interfaces because hosts do not belong to any one interface.,None required.,7,Debugging,5,network,session
+%FTD-7-609002,609002,Teardown local-host zone_name:ip_address duration time,%FTD-7-609002: Teardown local-host zone_name:ip_address duration time,A network state container for host ip_address connected to zone zone_name was removed. The zone_name/* parameter is used if the interface on which the host is created is part of a zone. The asterisk symbolizes all interfaces because hosts do not belong to any one interface.,None required.,7,Debugging,5,network,session
+%FTD-6-611101,611101,"User authentication succeeded: IP address: IP_address, Uname: user","%FTD-6-611101: User authentication succeeded: IP address: IP_address, Uname: user","User authentication succeeded when accessing the Secure Firewall Threat Defense device. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.",None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611102,611102,"User authentication failed: IP address: IP_address,, Uname: user","%FTD-6-611102: User authentication failed: IP address: IP_address,, Uname: user","User authentication failed when attempting to access the Secure Firewall Threat Defense device. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.",None provided.,6,Informational,45,vpn,vpn_client
+%FTD-5-611103,611103,User logged out: Uname: user,%FTD-5-611103: User logged out: Uname: user,The specified user logged out.,None required.,5,Notification,5,vpn,vpn_client
+%FTD-5-611104,611104,Serial console idle timeout exceeded,%FTD-5-611104: Serial console idle timeout exceeded,The configured idle timeout for the Secure Firewall Threat Defense serial console was exceeded because of no user activity.,None required.,5,Notification,5,vpn,vpn_client
+%FTD-6-611301,611301,VPNClient: NAT configured for Client Mode with no split tunneling: NAT addr: mapped_address,%FTD-6-611301: VPNClient: NAT configured for Client Mode with no split tunneling: NAT addr: mapped_address,The VPN client policy for client mode with no split tunneling was installed.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611302,611302,VPNClient: NAT exemption configured for Network Extension Mode with no split tunneling,%FTD-6-611302: VPNClient: NAT exemption configured for Network Extension Mode with no split tunneling,The VPN client policy for network extension mode with no split tunneling was installed.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611303,611303,VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: mapped_address Split Tunnel Networks: IP_address,%FTD-6-611303: VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: mapped_address Split Tunnel Networks: IP_address,The VPN client policy for client mode with split tunneling was installed.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611304,611304,VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks: IP_address,%FTD-6-611304: VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks: IP_address,None provided.,None provided.,6,Informational,15,vpn,vpn_client
+%FTD-6-611305,611305,VPNClient: DHCP Policy installed: IP_address,%FTD-6-611305: VPNClient: DHCP Policy installed: IP_address,The VPN client policy for DHCP was installed.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611306,611306,VPNClient: Perfect Forward Secrecy Policy installed,%FTD-6-611306: VPNClient: Perfect Forward Secrecy Policy installed,Perfect forward secrecy was configured as part of the VPN client download policy.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611307,611307,VPNClient: Head end : IP_address,%FTD-6-611307: VPNClient: Head end : IP_address,The VPN client is connected to the specified headend.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611308,611308,VPNClient: Split DNS Policy installed: List of domains: string_string,%FTD-6-611308: VPNClient: Split DNS Policy installed: List of domains: string_string,A split DNS policy was installed as part of the VPN client downloaded policy.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611309,611309,VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End : IP_address,%FTD-6-611309: VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End : IP_address,A VPN client is disconnecting and uninstalling a previously installed policy.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611310,611310,VPNClient: XAUTH Succeeded: Peer: IP_address,%FTD-6-611310: VPNClient: XAUTH Succeeded: Peer: IP_address,The VPN client Xauth succeeded with the specified headend.,None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611311,611311,VPNClient: XAUTH Failed: Peer: IP_address,%FTD-6-611311: VPNClient: XAUTH Failed: Peer: IP_address,The VPN client Xauth failed with the specified headend.,None required.,6,Informational,45,vpn,vpn_client
+%FTD-6-611312,611312,VPNClient: Backup Server List: reason,%FTD-6-611312: VPNClient: Backup Server List: reason,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the Easy VPN server downloaded a list of backup servers to the Secure Firewall Threat Defense device. This list overrides any backup servers that you have configured locally. If the downloaded list is empty, then the Secure Firewall Threat Defense device uses no backup servers. The reason is one of the following messages:",None required.,6,Informational,5,vpn,vpn_client
+%FTD-3-611313,611313,VPNClient: Backup Server List Error: reason,%FTD-3-611313: VPNClient: Backup Server List Error: reason,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, and the Easy VPN server downloads a backup server list to the Secure Firewall Threat Defense device, the list includes an invalid IP address or a hostname. The Secure Firewall Threat Defense device does not support DNS, and therefore does not support hostnames for servers, unless you manually map a name to an IP address using the name command.","On the Easy VPN server, make sure that the server IP addresses are correct, and configure the servers as IP addresses instead of hostnames. If you must use hostnames on the server, use the name command on the Easy VPN remote device to map the IP addresses to names.",3,Error,75,vpn,vpn_client
+%FTD-6-611314,611314,VPNClient: Load Balancing Cluster with Virtual IP: IP_address has redirected firewall to server IP_address,%FTD-6-611314: VPNClient: Load Balancing Cluster with Virtual IP: IP_address has redirected firewall to server IP_address,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the director server of the load balancing group redirected the Secure Firewall Threat Defense device to connect to a particular server.",None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611315,611315,VPNClient: Disconnecting from Load Balancing Cluster member IP_address.,%FTD-6-611315: VPNClient: Disconnecting from Load Balancing Cluster member IP_address.,None provided.,None provided.,6,Informational,15,vpn,vpn_client
+%FTD-6-611316,611316,VPNClient: Secure Unit Authentication Enabled,%FTD-6-611316: VPNClient: Secure Unit Authentication Enabled,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the downloaded VPN policy enabled SUA.",None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611317,611317,VPNClient: Secure Unit Authentication Disabled,%FTD-6-611317: VPNClient: Secure Unit Authentication Disabled,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the downloaded VPN policy disabled SUA.",None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611318,611318,VPNClient: User Authentication Enabled: Auth Server IP: IP_address Auth Server Port: port Idle Timeout: time,%FTD-6-611318: VPNClient: User Authentication Enabled: Auth Server IP: IP_address Auth Server Port: port Idle Timeout: time,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the downloaded VPN policy enabled IUA for users on the Secure Firewall Threat Defense device inside network. authentication requests.",None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611319,611319,VPNClient: User Authentication Disabled,%FTD-6-611319: VPNClient: User Authentication Disabled,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the downloaded VPN policy disabled IUA for users on the Secure Firewall Threat Defense inside network.",None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611320,611320,VPNClient: Device Pass Through Enabled,%FTD-6-611320: VPNClient: Device Pass Through Enabled,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the downloaded VPN policy enabled device pass-through. The device pass-through feature allows devices that cannot perform",None provided.,6,Informational,15,vpn,vpn_client
+%FTD-6-611321,611321,VPNClient: Device Pass Through Disabled,%FTD-6-611321: VPNClient: Device Pass Through Disabled,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the downloaded VPN policy disabled device pass-through.",None required.,6,Informational,5,vpn,vpn_client
+%FTD-6-611322,611322,VPNClient: Extended XAUTH conversation initiated when SUA disabled,%FTD-6-611322: VPNClient: Extended XAUTH conversation initiated when SUA disabled,"When the Secure Firewall Threat Defense device is an Easy VPN remote device and the downloaded VPN policy disabled SUA, the Easy VPN server uses two-factor/SecurID/cryptocard-based authentication mechansims to authenticate the Secure Firewall Threat Defense device using XAUTH.","If you want the Easy VPN remote device to be authenticated using two-factor/SecureID/cryptocard-based authentication mechanisms, enable SUA on the server.",6,Informational,15,vpn,vpn_client
+%FTD-6-611323,611323,VPNClient: Ignoring duplicate split network entry network_address/network_mask,%FTD-6-611323: VPNClient: Ignoring duplicate split network entry network_address/network_mask,"When the Secure Firewall Threat Defense device is an Easy VPN remote device, the downloaded VPN policy included duplicate split network entries. An entry is considered a duplicate if it matches both the network address and the network mask.",Remove duplicate split network entries from the VPN policy on the Easy VPN server.,6,Informational,15,vpn,vpn_client
+%FTD-5-612001,612001,"Auto Update succeeded: filename, version: number","%FTD-5-612001: Auto Update succeeded: filename, version: number","An update from an Auto Update server was successful. The filename variable is image, ASDM file, or configuration. The version number variable is the version number of the update.",None required.,5,Notification,5,system,general
+%FTD-4-612002,612002,"Auto Update failed: filename, version: number, reason: reason","%FTD-4-612002: Auto Update failed: filename, version: number, reason: reason",An update from an Auto Update server failed.,None provided.,4,Warning,55,system,general
+%FTD-4-612003,612003,"Auto Update failed to contact: url, reason: reason","%FTD-4-612003: Auto Update failed to contact: url, reason: reason","The Auto Update daemon was unable to contact the specified URL url, which can be the URL of the Auto Update server or one of the file server URLs returned by the Auto Update server. The reason field describes why the contact failed. Possible reasons for the failure include no response from the server, authentication failed, or a file was not found.",Check the configuration of the Auto Update server.,4,Warning,75,system,general
+%FTD-6-613001,613001,Bad checksum string from IP_address on number,%FTD-6-613001: Bad checksum string from IP_address on number,OSPF has detected a checksum error in the database because of memory corruption.,Restart the OSPF process.,6,Informational,35,network,routing_ospf
+%FTD-6-613002,613002,Interface interface_name has zero bandwidth configuration,%FTD-6-613002: Interface interface_name has zero bandwidth configuration,The interface reported its bandwidth as zero.,None provided.,6,Informational,15,network,routing_ospf
+%FTD-6-613003,613003,Network range IP_address netmask changed from area string to string,%FTD-6-613003: Network range IP_address netmask changed from area string to string,An OSPF configuration change has caused a network range to change areas.,Reconfigure OSPF with the correct network range.,6,Informational,25,network,routing_ospf
+%FTD-3-613004,613004,Internal error: memory allocation failure,%FTD-3-613004: Internal error: memory allocation failure,An internal software error occurred.,"Copy the error message exactly as it appears, and report it to Cisco TAC.",3,Error,75,network,routing_ospf
+%FTD-3-613005,613005,Flagged as being an ABR without a backbone area,%FTD-3-613005: Flagged as being an ABR without a backbone area,The router was flagged as an Area Border Router (ABR) without a backbone area in the router.,Restart the OSPF process.,3,Error,65,network,routing_ospf
+%FTD-3-613006,613006,Reached unknown state in neighbor state machine,%FTD-3-613006: Reached unknown state in neighbor state machine,An internal software error in this router has resulted in an invalid neighbor state during database exchange.,"Copy the error message, the configuration and any details about the events leading up to this error and submit them to Cisco TAC.",3,Error,75,network,routing_ospf
+%FTD-3-613007,613007,area string lsid IP_address mask netmask type number,%FTD-3-613007: area string lsid IP_address mask netmask type number,OSPF is trying to add an existing LSA to the database.,"Copy the error message, the configuration and any details about the events leading up to this error and submit them to Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-3-613008,613008,if inside if_state number,%FTD-3-613008: if inside if_state number,An internal error occurred.,"Copy the error message, the configuration and any details about the events leading up to this error and submit them to Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-3-613011,613011,OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id,%FTD-3-613011: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id,"An OSPF process is being reset, and it is going to select a new router ID. This action brings down all virtual links. To make them work again, the virtual link configuration needs to be changed on all virtual link neighbors.",Change the virtual link configuration on all the virtual link neighbors to reflect the new router ID.,3,Error,75,network,routing_ospf
+%FTD-3-613013,613013,OSPF LSID IP_address adv IP_address type number gateway IP_address metric number forwarding addr route IP_address/mask type number has no corresponding LSA,%FTD-3-613013: OSPF LSID IP_address adv IP_address type number gateway IP_address metric number forwarding addr route IP_address/mask type number has no corresponding LSA,OSPF found inconsistency between its database and the IP routing table.,"Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-6-613014,613014,Base topology enabled on interface string attached to MTR compatible mode area string,%FTD-6-613014: Base topology enabled on interface string attached to MTR compatible mode area string,OSPF interfaces attached to MTR-compatible OSPF areas require the base topology to be enabled.,None.,6,Informational,15,network,routing_ospf
+%FTD-4-613015,613015,Process 1 flushes LSA ID IP_address type-number adv-rtr IP_address in area mask,%FTD-4-613015: Process 1 flushes LSA ID IP_address type-number adv-rtr IP_address in area mask,A router is extensively re-originating or flushing the LSA reported by this error message.,"If this router is flushing the network LSA, it means the router received a network LSA whose LSA ID conflicts with the IP address of one of the router's interfaces and flushed the LSA out of the network. For OSPF to function correctly, the IP addresses of transit networks must be unique. Conflicting routers are the router reporting this error message and the router with the OSPF router ID reported as adv-rtr in this message. If this router is re-originating an LSA, it is highly probable that some other router is flushing this LSA out of the network. Find that router and avoid the conflict. The conflict for a Type-2 LSA may be due to a duplicate LSA ID. For a Type-5 LSA, it may be a duplicate router ID on the router reporting this",4,Warning,45,network,routing_ospf
+%FTD-3-613016,613016,Area string router-LSA of length number bytes plus update overhead bytes is too large to flood.,%FTD-3-613016: Area string router-LSA of length number bytes plus update overhead bytes is too large to flood.,The router tried to build a router-LSA that is larger than the huge system buffer size or the OSPF protocol imposed maximum.,"If the reported total length (LSA size plus overhead) is larger than the huge system buffer size but less than 65535 bytes (the OSPF protocol imposed maximum), you may increase the huge system buffer size. If the reported total length is greater than 65535, you need to decrease the number of OSPF interfaces in the reported area.",3,Error,65,network,routing_ospf
+%FTD-4-613017,613017,"Bad LSA mask: Type number, LSID IP_address Mask mask from IP_address","%FTD-4-613017: Bad LSA mask: Type number, LSID IP_address Mask mask from IP_address","The router received an LSA with an invalid LSA mask because of an incorrect configuration from the LSA originator. As a result, this route is not installed in the routing table.","Find the originating router of the LSA with the bad mask, then correct any misconfiguration of this LSA's network. For further debugging, call Cisco TAC for assistance.",4,Warning,55,network,routing_ospf
+%FTD-4-613018,613018,Maximum number of non self-generated LSA has been exceeded “OSPF number” - number LSAs,%FTD-4-613018: Maximum number of non self-generated LSA has been exceeded “OSPF number” - number LSAs,The maximum number of non self-generated LSAs has been exceeded.,Check whether or not a router in the network is generating a large number of LSAs as a result of a misconfiguration.,4,Warning,55,network,routing_ospf
+%FTD-4-613019,613019,"Threshold for maximum number of non self-generated LSA has been reached ""OSPF number"" - number LSAs","%FTD-4-613019: Threshold for maximum number of non self-generated LSA has been reached ""OSPF number"" - number LSAs",The threshold for the maximum number of non self-generated LSAs has been reached.,Check whether or not a router in the network is generating a large number of LSAs as a result of a misconfiguration.,4,Warning,45,network,routing_ospf
+%FTD-4-613021,613021,Packet not written to the output queue,%FTD-4-613021: Packet not written to the output queue,An internal error occurred.,"Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.",4,Warning,45,network,routing_ospf
+%FTD-4-613022,613022,Doubly linked list linkage is NULL,%FTD-4-613022: Doubly linked list linkage is NULL,An internal error occurred.,"Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.",4,Warning,45,network,routing_ospf
+%FTD-4-613023,613023,Doubly linked list prev linkage is NULL number,%FTD-4-613023: Doubly linked list prev linkage is NULL number,An internal error occurred.,"Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.",4,Warning,45,network,routing_ospf
+%FTD-4-613024,613024,Unrecognized timer number in OSPF string,%FTD-4-613024: Unrecognized timer number in OSPF string,An internal error occurred.,"Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.",4,Warning,45,network,routing_ospf
+%FTD-4-613025,613025,"Invalid build flag number for LSA IP_address, type number","%FTD-4-613025: Invalid build flag number for LSA IP_address, type number",An internal error occurred.,"Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.",4,Warning,55,network,routing_ospf
+%FTD-4-613026,613026,Can not allocate memory for area structure,%FTD-4-613026: Can not allocate memory for area structure,An internal error occurred.,"Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC.",4,Warning,45,network,routing_ospf
+%FTD-6-613027,613027,OSPF process number removed from interface interface_name,%FTD-6-613027: OSPF process number removed from interface interface_name,The OSPF process was removed from the interface because of an IP VRF.,None.,6,Informational,15,network,routing_ospf
+%FTD-6-613028,613028,Unrecognized virtual interface intetface_name. Treat it as loopback stub route,%FTD-6-613028: Unrecognized virtual interface intetface_name. Treat it as loopback stub route,"The virtual interface type was not recognized by OSPF, so it is treated as a loopback interface stub route.",None.,6,Informational,15,network,routing_ospf
+%FTD-3-613029,613029,Router-ID IP_address is in use by ospf process number,%FTD-3-613029: Router-ID IP_address is in use by ospf process number,The Secure Firewall Threat Defense device attempted to assign a router ID that is in use by another process.,Configure another router ID for one of the processes.,3,Error,65,network,routing_ospf
+%FTD-4-613030,613030,Router is currently an ASBR while having only one area which is a stub area,%FTD-4-613030: Router is currently an ASBR while having only one area which is a stub area,An ASBR must be attached to an area that can carry AS external or NSSA LSAs.,Make the area to which the router is attached into an NSSA or regular area.,4,Warning,45,network,routing_ospf
+%FTD-4-613031,613031,No IP address for interface inside,%FTD-4-613031: No IP address for interface inside,The interface is not point-to-point and is unnumbered.,Change the interface type or give the interface an IP address.,4,Warning,45,network,routing_ospf
+%FTD-3-613032,613032,"Init failed for interface inside, area is being deleted. Try again.","%FTD-3-613032: Init failed for interface inside, area is being deleted. Try again.",The interface initialization failed. The possible reasons include the following:,Remove the configuration command that covers the interface and then try it again.,3,Error,75,network,routing_ospf
+%FTD-3-613033,613033,Interface inside is attached to more than one area,%FTD-3-613033: Interface inside is attached to more than one area,The interface is on the interface list for an area other than the one to which the interface links.,None provided.,3,Error,65,network,routing_ospf
+%FTD-3-613034,613034,Neighbor IP_address not configured,%FTD-3-613034: Neighbor IP_address not configured,The configured neighbor options are not valid.,Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.,3,Error,65,network,routing_ospf
+%FTD-3-613035,613035,Could not allocate or find neighbor IP_address,%FTD-3-613035: Could not allocate or find neighbor IP_address,An internal error occurred.,"Copy the error message exactly as it appears, and report it to Cisco TAC.",3,Error,65,network,routing_ospf
+%FTD-4-613036,613036,Can not use configured neighbor: cost and database-filter options are allowed only for a point-to-multipoint network,%FTD-4-613036: Can not use configured neighbor: cost and database-filter options are allowed only for a point-to-multipoint network,The configured neighbor was found on an NBMA network and either the cost or database-filter option was configured. These options are only allowed on point-to-multipoint type networks.,Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.,4,Warning,45,network,routing_ospf
+%FTD-4-613037,613037,Can not use configured neighbor: poll and priority options are allowed only for a NBMA network,%FTD-4-613037: Can not use configured neighbor: poll and priority options are allowed only for a NBMA network,The configured neighbor was found on a point-to-multipoint network and either the poll or priority option was configured. These options are only allowed on NBMA-type networks.,Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.,4,Warning,45,network,routing_ospf
+%FTD-4-613038,613038,Can not use configured neighbor: cost or database-filter option is required for point-to-multipoint broadcast network,%FTD-4-613038: Can not use configured neighbor: cost or database-filter option is required for point-to-multipoint broadcast network,The configured neighbor was found on a point-to-multipoint broadcast network. Either the cost or database-filter option needs to be configured.,Check the configuration options for the neighbor command and correct the options or the network type for the neighbor's interface.,4,Warning,45,network,routing_ospf
+%FTD-4-613039,613039,Can not use configured neighbor: neighbor command is allowed only on NBMA and point-to-multipoint networks,%FTD-4-613039: Can not use configured neighbor: neighbor command is allowed only on NBMA and point-to-multipoint networks,The configured neighbor was found on a network for which the network type was neither NBMA nor point-to-multipoint.,None.,4,Warning,45,network,routing_ospf
+%FTD-4-613040,613040,"OSPF-1 Area string: Router IP_address originating invalid type number LSA, ID IP_address, Metric number on Link ID IP_address Link Type number","%FTD-4-613040: OSPF-1 Area string: Router IP_address originating invalid type number LSA, ID IP_address, Metric number on Link ID IP_address Link Type number","The router indicated in this message has originated an LSA with an invalid metric. If this is a router LSA and the link metric is zero, a risk of routing loops and traffic loss in the network exists.",Configure a valid metric for the given LSA type and link type on the router originating on the reported LSA.,4,Warning,55,network,routing_ospf
+%FTD-6-613041,613041,"OSPF-100 Areav string: LSA ID IP_address, Type number, Adv-rtr IP_address, LSA counter DoNotAge","%FTD-6-613041: OSPF-100 Areav string: LSA ID IP_address, Type number, Adv-rtr IP_address, LSA counter DoNotAge",An internal error has corrected itself. There is no operational effect related to this error message.,"Check the system memory. If memory is low, then the timer wheel functionality did not initialize. Try to reenter the commands when memory is available. If there is sufficient memory, then contact the Cisco TAC and provide output from the show memory, show processes, and show tech-support ospf commands.",6,Informational,15,network,routing_ospf
+%FTD-4-613042,613042,OSPF process number lacks forwarding address for type 7 LSA IP_address in NSSA string - P-bit cleared,%FTD-4-613042: OSPF process number lacks forwarding address for type 7 LSA IP_address in NSSA string - P-bit cleared,"There is no viable forwarding address in the NSSA area. As a result, the P-bit must be cleared and the Type 7 LSA is not translated into a Type 5 LSA by the NSSA translator. See RFC 3101.",Configure at least one interface in the NSSA with an advertised IP address. A loopback is preferable because an advertisement does not depend on the underlying layer 2 state.,4,Warning,45,network,routing_ospf
+%FTD-6-613043,613043,,%FTD-6-613043:,A negative database reference count occurred.,"Check the system memory. If memory is low, then the timer wheel functionality did not initialize. Try to reenter the commands when memory is available. If there is sufficient memory, then contact the Cisco TAC and provide output from the show memory, show processes, and show tech-support ospf commands.",6,Informational,15,network,routing_ospf
+%FTD-6-613104,613104,Unrecognized virtual interface IF_NAME .,%FTD-6-613104: Unrecognized virtual interface IF_NAME .,"The virtual interface type was not recognized by OSPFv3, so it is treated as a loopback interface stub route.",None required.,6,Informational,5,network,routing_ospf
+%FTD-6-614001,614001,Split DNS: request patched from server: IP_address to server: IP_address,%FTD-6-614001: Split DNS: request patched from server: IP_address to server: IP_address,Split DNS is redirecting DNS queries from the original destination server to the primary enterprise DNS server.,None required.,6,Informational,5,system,general
+%FTD-6-614002,614002,Split DNS: reply from server: IP_address reverse patched back to original server: IP_address,%FTD-6-614002: Split DNS: reply from server: IP_address reverse patched back to original server: IP_address,Split DNS is redirecting DNS queries from the enterprise DNS server to the original destination server.,None required.,6,Informational,5,system,general
+%FTD-6-615001,615001,vlan number not available for firewall interface,%FTD-6-615001: vlan number not available for firewall interface,The switch removed the VLAN from the Secure Firewall Threat Defense device.,None required.,6,Informational,5,system,general
+%FTD-6-615002,615002,vlan number available for firewall interface,%FTD-6-615002: vlan number available for firewall interface,The switch added the VLAN to the Secure Firewall Threat Defense device.,None required.,6,Informational,5,system,general
+%FTD-6-621001,621001,"Interface interface_name does not support multicast, not enabled","%FTD-6-621001: Interface interface_name does not support multicast, not enabled",An attempt was made to enable PIM on an interface that does not support multicast.,"If the problem persists, contact the Cisco TAC.",6,Informational,15,network,routing
+%FTD-6-621002,621002,"Interface interface_name does not support multicast, not enabled","%FTD-6-621002: Interface interface_name does not support multicast, not enabled",An attempt was made to enable IGMP on an interface that does not support multicast.,"If the problem persists, contact the Cisco TAC.",6,Informational,15,network,routing
+%FTD-6-621003,621003,The event queue size has exceeded number,%FTD-6-621003: The event queue size has exceeded number,The number of event managers created has exceeded the expected amount.,"If the problem persists, contact the Cisco TAC.",6,Informational,25,network,routing
+%FTD-6-621006,621006,"Mrib disconnected, (IP_address ,IP_address ) event cancelled","%FTD-6-621006: Mrib disconnected, (IP_address ,IP_address ) event cancelled","A packet triggering a data-driven event was received, but the connection to the MRIB was down. The notification was canceled.","If the problem persists, contact the Cisco TAC.",6,Informational,15,network,routing
+%FTD-6-621007,621007,"Bad register from interface_name :IP_address to IP_address for (IP_address , IP_address )","%FTD-6-621007: Bad register from interface_name :IP_address to IP_address for (IP_address , IP_address )",A PIM router configured as a rendezvous point or with NAT has received a PIM register packet from another PIM router. The data encapsulated in this packet is invalid.,The sending router is erroneously sending non-RFC registers. Upgrade the sending router.,6,Informational,35,network,routing
+%FTD-6-622001,622001,"action tracked route destination_network netmask nexthop_address, distance admin_distance, table routing_table_name, on interface interface_namestring tracked route network mask address , distance number , table string , on interface interface-name","%FTD-6-622001: action tracked route destination_network netmask nexthop_address, distance admin_distance, table routing_table_name, on interface interface_namestring tracked route network mask address , distance number , table string , on interface interface-name","A tracked route has been added to or removed from a routing table, which means that the state of the tracked object has changed from up or down.",None provided.,6,Informational,15,network,interfaces
+%FTD-6-622101,622101,"Starting regex table compilation for match_command, table entries = regex_num entries","%FTD-6-622101: Starting regex table compilation for match_command, table entries = regex_num entries",Information on the background activities of regex compilation appear.,None required.,6,Informational,5,network,general
+%FTD-6-622102,622102,"Completed regex table compilation for match_command, table size = num bytes","%FTD-6-622102: Completed regex table compilation for match_command, table size = num bytes",Information on the background activities of the regex compilation appear.,None required.,6,Informational,5,network,general
+%FTD-7-701001,701001,alloc_user() out of Tcp_user objects alloc_user() out of Tcp_user objects,%FTD-7-701001: alloc_user() out of Tcp_user objects alloc_user() out of Tcp_user objects,A AAA message that appears if the user authentication rate is too high for the module to handle new AAA requests.,Enable Flood Defender with the floodguard enable command.,7,Debugging,5,system,general
+%FTD-7-701002,701002,alloc_proxy() out of Tcp_proxy objects,%FTD-7-701002: alloc_proxy() out of Tcp_proxy objects,A AAA message that appears if the user authentication rate is too high for the module to handle new AAA requests.,Enable Flood Defender with the floodguard enable command.,7,Debugging,5,system,general
+%FTD-7-703001,703001,H.225 message received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number,%FTD-7-703001: H.225 message received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number,The Secure Firewall Threat Defense device received an H.323 packet with an unsupported version number. The Secure Firewall Threat Defense device might reencode the protocol version field of the packet to the highest supported version.,Use the version of H.323 that the Secure Firewall Threat Defense device supports in the VoIP network.,7,Debugging,5,network,session
+%FTD-7-703002,703002,Received H.225 Release Complete with newConnectionNeeded for interface_name:IP_address to interface_name:IP_address/port,%FTD-7-703002: Received H.225 Release Complete with newConnectionNeeded for interface_name:IP_address to interface_name:IP_address/port,"The Secure Firewall Threat Defense device received the specified H.225 message, and the Secure Firewall Threat Defense device opened a new signaling connection object for the two specified H.323 endpoints.",None required.,7,Debugging,5,network,session
+%FTD-7-703008,703008,Allowing early-message: msg_str before SETUP from src_int_name:src_ip/src_port to dest_int_name:dest_ip/dest_port,%FTD-7-703008: Allowing early-message: msg_str before SETUP from src_int_name:src_ip/src_port to dest_int_name:dest_ip/dest_port,This message indicates that an outside endpoint requested an incoming call to an inside host and wants the inside host to send FACILITY message before SETUP message towards Gatekeeper and wants to follow H.460.18.,Ensure that the setup indeed intends to allow early FACILITY message before SETUP message for incoming H323 calls as described in H.640.18.,7,Debugging,5,network,session
+%FTD-7-709001,709001,FO replication failed: cmd=command returned=code,%FTD-7-709001: FO replication failed: cmd=command returned=code,Failover messages that only appear during the development debugging and testing phases.,None required.,7,Debugging,5,system,failover
+%FTD-7-709002,709002,FO unreplicable: cmd=command,%FTD-7-709002: FO unreplicable: cmd=command,Failover messages that only appear during the development debugging and testing phases.,None required.,7,Debugging,5,system,failover
+%FTD-1-709003,709003,(Primary) Beginning configuration replication: Send to mate.,%FTD-1-709003: (Primary) Beginning configuration replication: Send to mate.,A failover message that appears when the active unit starts replicating its configuration to the standby unit. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-1-709004,709004,(Primary) End Configuration Replication (ACT),%FTD-1-709004: (Primary) End Configuration Replication (ACT),A failover message that appears when the active unit completes replication of its configuration on the standby unit. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-1-709005,709005,(Primary) Beginning configuration replication: Receiving from mate.,%FTD-1-709005: (Primary) Beginning configuration replication: Receiving from mate.,The standby Secure Firewall Threat Defense device received the first part of the configuration replication from the active Secure Firewall Threat Defense device. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-1-709006,709006,(Primary) End Configuration Replication (STB),%FTD-1-709006: (Primary) End Configuration Replication (STB),A failover message that appears when the standby unit completes replication of a configuration sent by the active unit. Primary can also be listed as Secondary for the secondary unit.,None required.,1,Alert,5,system,failover
+%FTD-2-709007,709007,Configuration replication failed for command command_name,%FTD-2-709007: Configuration replication failed for command command_name,A failover message that appears when the standby unit is unable to complete replication of a configuration sent by the active unit. The command that caused the failure appears at the end of the message.,"If the problem persists, contact the Cisco TAC.",2,Critical,95,system,failover
+%FTD-4-709008,709008,(Primary | Secondary) Configuration sync in progress. Command: ‘command ’ executed from (terminal/http) will not be replicated to or executed by the standby unit.,%FTD-4-709008: (Primary | Secondary) Configuration sync in progress. Command: ‘command ’ executed from (terminal/http) will not be replicated to or executed by the standby unit.,"A command was issued during the configuration sync, which triggered an interactive prompt to indicate that this command would not be issued on the standby unit. To continue, note that the command will be issued on the active unit only and will not be replicated on the standby unit.",None.,4,Warning,45,system,failover
+%FTD-6-709009,709009,(unit-role) Configuration on Active and Standby is matching. No config sync. Time elapsed time-elapsed ms,%FTD-6-709009: (unit-role) Configuration on Active and Standby is matching. No config sync. Time elapsed time-elapsed ms,None provided.,None provided.,6,Informational,15,system,failover
+%FTD-6-709010,709010,Configuration between units doesn't match. Going for config sync (sync-string). Time elapsed time-elapsed ms,%FTD-6-709010: Configuration between units doesn't match. Going for config sync (sync-string). Time elapsed time-elapsed ms,"This syslog message is generated when the hash that is computed on both the active and joining unit does not match. It also displays the time elapsed, from the time of sending the hash request to the time of getting and comparing the hash response.",None.,6,Informational,15,system,failover
+%FTD-6-709011,709011,Failover configuration replication completed in time ms,%FTD-6-709011: Failover configuration replication completed in time ms,"This message displays the time taken to synchronize the config, in the case of hash not matching, and therefore going for a full configuration sync process.",None.,6,Informational,15,system,failover
+%FTD-6-709012,709012,Skip configuration replication from mate as configuration on Active and Standby is matching,%FTD-6-709012: Skip configuration replication from mate as configuration on Active and Standby is matching,"This message is generated when the configuration replication is skipped because, the configuration between active and joining unit matches.",None.,6,Informational,15,system,failover
+%FTD-4-709013,709013,Failover configuration replication hash comparison timeout expired failover_state.,%FTD-4-709013: Failover configuration replication hash comparison timeout expired failover_state.,"This syslog message is generated when the hash computation, transfer, and comparison has timed out. Due to the timeout, the full configuration sync operation is trigerred. The timeout value is 60 secs and you cannot modify this value.",None.,4,Warning,55,system,failover
+%FTD-3-709015,709015,Command sync Error: Sync failed for command no nameif with error code = code,%FTD-3-709015: Command sync Error: Sync failed for command no nameif with error code = code,None provided.,None provided.,3,Error,75,system,failover
+%FTD-3-710003,710003,{TCP|UDP} access denied by ACL from source_IP/source_port to interface_name:dest_IP/service,%FTD-3-710003: {TCP|UDP} access denied by ACL from source_IP/source_port to interface_name:dest_IP/service,"The Secure Firewall Threat Defense device denied an attempt to connect to the interface service. For example, the Secure Firewall Threat Defense device received an SNMP request from an unauthorized SNMP management station. If this message appears frequently, it can indicate an attack. For example: %Firewall Threat Defense-3-710003: UDP access denied by ACL from 95.1.1.14/5000 to outside:95.1.1.13/1005","Use the show run http, show run ssh, or show run telnet commands to verify that the Secure Firewall Threat Defense device is configured to permit the service access from the host or network.",3,Error,95,network,session
+%FTD-7-710004,710004,TCP connection limit exceeded from Src_ip/Src_port to In_name:Dest_ip/Dest_port (current connections/connection limit = Curr_conn/Conn_lmt),%FTD-7-710004: TCP connection limit exceeded from Src_ip/Src_port to In_name:Dest_ip/Dest_port (current connections/connection limit = Curr_conn/Conn_lmt),"The maximum number of Secure Firewall Threat Defense management connections for the service was exceeded. The Secure Firewall Threat Defense device permits at most five concurrent management connections per management service. Alternatively, an error may have occurred in the to-the-box connection counter.","From the console, use the kill command to release the unwanted session. If the message was generated because of an error in the to-the-box counter, run the show conn all command to display connection details.",7,Debugging,15,network,session
+%FTD-7-710005,710005,{TCP|UDP|SCTP} request discarded from source_address/source_port to interface_name:dest_address/service,%FTD-7-710005: {TCP|UDP|SCTP} request discarded from source_address/source_port to interface_name:dest_address/service,"The Secure Firewall Threat Defense device does not have a UDP server that services the UDP request. Also, a TCP packet that does not belong to any session on the Secure Firewall Threat Defense device may have been discarded. In addition, this message appears (with the SNMP service) when the Secure Firewall Threat Defense device receives an SNMP request with an empty payload, even if it is from an authorized",None provided.,7,Debugging,5,network,session
+%FTD-7-710006,710006,protocol request discarded from source_address to interface_name:dest_address,%FTD-7-710006: protocol request discarded from source_address to interface_name:dest_address,"The Secure Firewall Threat Defense device does not have an IP server that services the IP protocol request; for example, the Secure Firewall Threat Defense device receives IP packets that are not TCP or UDP, and the Secure Firewall Threat Defense device cannot service the request.","In networks that use broadcasting services such as DHCP, RIP, or NetBIOS extensively, the frequency of this message can be high. If this message appears in excessive numbers, it may indicate an attack.",7,Debugging,25,network,session
+%FTD-7-710007,710007,NAT-T keepalive received from inside:ip-Addr/port to outside:ip-Addr/port,%FTD-7-710007: NAT-T keepalive received from inside:ip-Addr/port to outside:ip-Addr/port,The Secure Firewall Threat Defense device received NAT-T keepalive messages.,None required.,7,Debugging,5,network,session
+%FTD-7-711001,711001,debug_trace_msg,%FTD-7-711001: debug_trace_msg,"You have entered the logging debug-trace command for the logging feature. When the logging debug-trace command is enabled, all debugging messages will be redirected to the message for processing. For security reasons, the message output must be encrypted or sent over a secure out-of-band network.",None required.,7,Debugging,5,system,general
+%FTD-4-711002,711002,"Task ran for elapsed_time msec, Process = process_name, PC = PC, Traceback = traceback","%FTD-4-711002: Task ran for elapsed_time msec, Process = process_name, PC = PC, Traceback = traceback","A process used the CPU for more than 100 milliseconds. This message is used for debugging CPU purposes, and can appear once every five seconds for each offending process.",None required.,4,Warning,5,system,general
+%FTD-7-711003,711003,Unknown/Invalid interface identifier(vpifnum ) detected.,%FTD-7-711003: Unknown/Invalid interface identifier(vpifnum ) detected.,"An internal inconsistency that should not occur during normal operation has occurred. However, this message is not harmful if it rarely occurs. If it occurs frequently, it might be worthwhile debugging.","If the problem persists, contact the Cisco TAC.",7,Debugging,15,system,general
+%FTD-4-711004,711004,"Task ran for msec msec, Process = process_name, PC = pc, Call stack = call_stack","%FTD-4-711004: Task ran for msec msec, Process = process_name, PC = pc, Call stack = call_stack","A process used the CPU for more than 100 milliseconds. This message is used for debugging CPU purposes, and can appear once every five seconds for each offending process.",None required.,4,Warning,5,system,general
+%FTD-5-711005,711005,call_stack,%FTD-5-711005: call_stack,"An internal software error that should not occur has occurred. The device can usually recover from this error, and no harmful effect to the device results.",Contact the Cisco TAC.,5,Notification,25,system,general
+%FTD-7-711006,711006,CPU profiling has started for n-samples samples. Reason: reason-string.,%FTD-7-711006: CPU profiling has started for n-samples samples. Reason: reason-string.,CPU profiling has started. “CPU utilization passed cpu-utilization %” “Process process-name CPU utilization passed cpu-utilization %”,“None specified” Collect CPU profiling results and provide them to Cisco TAC.,7,Debugging,5,system,general
+%FTD-3-713004,713004,"device scheduled for reboot, IKE key acquire message on interface interface num, for peer IP_address ignored","%FTD-3-713004: device scheduled for reboot, IKE key acquire message on interface interface num, for peer IP_address ignored","The Secure Firewall Threat Defense device has received an IKE packet from a remote entity trying to initiate a tunnel. Because the Secure Firewall Threat Defense device is scheduled for a reboot or shutdown, it does not allow any more tunnels to be established. The IKE packet is ignored and dropped.",None required.,3,Error,85,vpn,ipsec
+%FTD-5-713006,713006,"Group = groupname, Username = username, IP = peerIP Failed to obtain state for message Id message_number, Peer Address: IP_address","%FTD-5-713006: Group = groupname, Username = username, IP = peerIP Failed to obtain state for message Id message_number, Peer Address: IP_address","The Secure Firewall Threat Defense device does not know about the received message ID. The message ID is used to identify a specific IKE Phase 2 negotiation. An error condition on the Secure Firewall Threat Defense device may have occurred, and may indicate that the two IKE peers are out-of-sync.",None required.,5,Notification,5,vpn,ipsec
+%FTD-3-713008,713008,IP = peerIP Key ID in ID payload too big for pre-shared IKE tunnel,%FTD-3-713008: IP = peerIP Key ID in ID payload too big for pre-shared IKE tunnel,None provided.,None provided.,3,Error,65,vpn,ipsec
+%FTD-3-713009,713009,IP = peerIP OU in DN in ID payload too big for Certs IKE tunnel,%FTD-3-713009: IP = peerIP OU in DN in ID payload too big for Certs IKE tunnel,"An OU value in the DN was received in the ID payload, which was longer than the maximum allowed size of a group name for this IKE session using Certs authentication. This OU is skipped, and another OU or other criteria may find a matching group.","For the client to be able to use an OU to find a group in the Secure Firewall Threat Defense device, the group name must be a valid length. The current maximum length of a group name is 32 characters.",3,Error,65,vpn,ipsec
+%FTD-5-713010,713010,"Group = groupname, Username = username, IP = peerIP IKE area: failed to find centry for message Id message_numbermessage_number An attempt was made to locate a conn_entry (IKE phase 2 structure that corresponds to an IPsec SA) using the unique message ID, which failed. The internal structure was not found, which may occur if a session was terminated in a nonstandard way, but it is more likely that an internal error occurred. If this problem persists, investigate the peer.","%FTD-5-713010: Group = groupname, Username = username, IP = peerIP IKE area: failed to find centry for message Id message_numbermessage_number An attempt was made to locate a conn_entry (IKE phase 2 structure that corresponds to an IPsec SA) using the unique message ID, which failed. The internal structure was not found, which may occur if a session was terminated in a nonstandard way, but it is more likely that an internal error occurred. If this problem persists, investigate the peer.",None provided.,None provided.,5,Notification,45,vpn,ipsec
+%FTD-3-713012,713012,"Group = groupname, Username = username, IP = peerIP Unknown protocol (protocol ). Not adding SA w/spi= SPI value","%FTD-3-713012: Group = groupname, Username = username, IP = peerIP Unknown protocol (protocol ). Not adding SA w/spi= SPI value",An illegal or unsupported IPsec protocol has been received from the peer.,Check the ISAKMP Phase 2 configuration on the peer(s) to make sure it is compatible with the Secure Firewall Threat Defense device.,3,Error,65,vpn,ipsec
+%FTD-3-713014,713014,"Group = groupname, Username = username, IP = peerIP Unknown Domain of Interpretation (DOI): DOI value","%FTD-3-713014: Group = groupname, Username = username, IP = peerIP Unknown Domain of Interpretation (DOI): DOI value",The ISAKMP DOI received from the peer is unsupported.,Check the ISAKMP DOI configuration on the peer.,3,Error,65,vpn,ipsec
+%FTD-3-713016,713016,"Group = groupname, Username = username, IP = peerIP Unknown identification type, Phase 1 or 2, Type ID_Type","%FTD-3-713016: Group = groupname, Username = username, IP = peerIP Unknown identification type, Phase 1 or 2, Type ID_Type",The ID received from the peer is unknown. The ID can be an unfamiliar valid ID or an invalid or corrupted ID.,Check the configuration on the headend and peer.,3,Error,95,vpn,ipsec
+%FTD-3-713017,713017,"Group = groupname, Username = username, IP = peerIP Identification type not supported, Phase 1 or 2, Type ID_Type","%FTD-3-713017: Group = groupname, Username = username, IP = peerIP Identification type not supported, Phase 1 or 2, Type ID_Type","The Phase 1 or Phase 2 ID received from the peer is legal, but not supported.",Check the configuration on the headend and peer.,3,Error,65,vpn,ipsec
+%FTD-3-713018,713018,"IP = peerIP Unknown ID type during find of group name for certs, Type ID_Type","%FTD-3-713018: IP = peerIP Unknown ID type during find of group name for certs, Type ID_Type",Tn internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-3-713020,713020,IP = peerIP No Group found by matching OU(s) from ID payload: OU_value,%FTD-3-713020: IP = peerIP No Group found by matching OU(s) from ID payload: OU_value,Tn internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-3-713022,713022,IP = peerIP No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address,%FTD-3-713022: IP = peerIP No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address,group exists in the group database with the same name as the value (key ID or IP address) specified by the peer.,Verify the configuration on the peer.,3,Error,75,vpn,ipsec
+%FTD-7-713024,713024,"Group = groupname, Username = username, IP = peerIP Group group IP ip Received local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port","%FTD-7-713024: Group = groupname, Username = username, IP = peerIP Group group IP ip Received local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port",None provided.,None provided.,7,Debugging,5,vpn,ipsec
+%FTD-7-713025,713025,"Group = groupname, Username = username, IP = peerIP Received remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port","%FTD-7-713025: Group = groupname, Username = username, IP = peerIP Received remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port",The Secure Firewall Threat Defense device has received the Phase 2 local proxy ID payload from the remote peer.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713028,713028,"Group = groupname, Username = username, IP = peerIP Received local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","%FTD-7-713028: Group = groupname, Username = username, IP = peerIP Received local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","The Secure Firewall Threat Defense device has received the Phase 2 local proxy ID payload of the remote peer, which includes an IP address range.",None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713029,713029,"Group = groupname, Username = username, IP = peerIP Received remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","%FTD-7-713029: Group = groupname, Username = username, IP = peerIP Received remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port","The Secure Firewall Threat Defense device has received the Phase 2 local proxy ID payload of the remote peer, which includes an IP address range.",None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713032,713032,"Group = groupname, Username = username, IP = peerIP Received invalid local Proxy Range IP_address - IP_address","%FTD-3-713032: Group = groupname, Username = username, IP = peerIP Received invalid local Proxy Range IP_address - IP_address","The local ID payload included the range ID type, and the specified low address was not less than the high address. A configuration problem may exist.",Check the configuration of ISAKMP Phase 2 parameters.,3,Error,75,vpn,ipsec
+%FTD-3-713033,713033,"Group = groupname, Username = username, IP = peerIP Received invalid remote Proxy Range IP_address - IP_address Received invalid remote Proxy Range IP_address - IP_address","%FTD-3-713033: Group = groupname, Username = username, IP = peerIP Received invalid remote Proxy Range IP_address - IP_address Received invalid remote Proxy Range IP_address - IP_address",None provided.,None provided.,3,Error,75,vpn,ipsec
+%FTD-7-713034,713034,"Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port","%FTD-7-713034: Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port",The local IP proxy subnet data has been received in the Phase 2 ID payload.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713035,713035,"Group = groupname, Username = username, IP = peerIP Group group IP ip Received remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port","%FTD-7-713035: Group = groupname, Username = username, IP = peerIP Group group IP ip Received remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port",The remote IP proxy subnet data has been received in the Phase 2 ID payload.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713039,713039,"Group = groupname, Username = username, IP = peerIP Send failure: Bytes (number ), Peer: IP_address","%FTD-7-713039: Group = groupname, Username = username, IP = peerIP Send failure: Bytes (number ), Peer: IP_address","An internal software error has occurred, and the ISAKMP packet cannot be transmitted.","If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-7-713040,713040,"Group = groupname, Username = username, IP = peerIP Could not find connection entry and can not encrypt: msgid message_number","%FTD-7-713040: Group = groupname, Username = username, IP = peerIP Could not find connection entry and can not encrypt: msgid message_number","An internal software error has occurred, and a Phase 2 data structure cannot be found.","If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-5-713041,713041,"Group = groupname, Username = username, IP = peerIP IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address, remote Proxy Address IP_address, Crypto map (crypto map tag )","%FTD-5-713041: Group = groupname, Username = username, IP = peerIP IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address, remote Proxy Address IP_address, Crypto map (crypto map tag )",Secure Firewall Threat Defense device is negotiating a tunnel as the initiator.,None required.,5,Notification,5,vpn,ipsec
+%FTD-3-713042,713042,"IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address","%FTD-3-713042: IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address","The IPsec fast path processed a packet that triggered IKE, but the IKE policy lookup failed. This error may be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself.","If the condition persists, check the L2L configuration, paying special attention to the type of ACL associated with crypto maps.",3,Error,75,vpn,ipsec
+%FTD-3-713043,713043,Cookie/peer address IP_address session already in progress,%FTD-3-713043: Cookie/peer address IP_address session already in progress,IKE has been triggered again while the original tunnel is in progress.,None required.,3,Error,5,vpn,ipsec
+%FTD-3-713048,713048,"Group = groupname, Username = username, IP = peerIP Error processing payload: Payload ID: id","%FTD-3-713048: Group = groupname, Username = username, IP = peerIP Error processing payload: Payload ID: id",A packet has been received with a payload that cannot be processed.,"If this problem persists, a misconfiguration may exist on the peer.",3,Error,65,vpn,ipsec
+%FTD-5-713049,713049,"Group = groupname, Username = username, IP = peerIP Security negotiation complete for tunnel_type type (group_name ) Initiator /Responder, Inbound SPI = SPI, Outbound SPI = SPI","%FTD-5-713049: Group = groupname, Username = username, IP = peerIP Security negotiation complete for tunnel_type type (group_name ) Initiator /Responder, Inbound SPI = SPI, Outbound SPI = SPI",An IPsec tunnel has been started.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713050,713050,"Group = groupname, Username = username, IP = peerIP Connection terminated for peer IP_address . Reason: termination reason Remote Proxy IP_address, Local Proxy IP_address","%FTD-5-713050: Group = groupname, Username = username, IP = peerIP Connection terminated for peer IP_address . Reason: termination reason Remote Proxy IP_address, Local Proxy IP_address",An IPsec tunnel has been terminated. Possible termination reasons include:,None provided.,5,Notification,25,vpn,ipsec
+%FTD-7-713052,713052,"Group = groupname, Username = username, IP = peerIP User (user ) authenticated.","%FTD-7-713052: Group = groupname, Username = username, IP = peerIP User (user ) authenticated.",remote access user was authenticated.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713056,713056,"Group = groupname, Username = username, IP = peerIP Tunnel rejected: SA (SA_name ) not found for group (group_name )!","%FTD-3-713056: Group = groupname, Username = username, IP = peerIP Tunnel rejected: SA (SA_name ) not found for group (group_name )!",The IPsec SA was not found.,"If this is a remote access tunnel, check the group and user configuration, and verify that a tunnel group and group policy have been configured for the specific user group. For externally authenticated users and groups, check the returned authentication attributes.",3,Error,75,vpn,ipsec
+%FTD-3-713060,713060,"Group = groupname, Username = username, IP = peerIP Tunnel Rejected: User (user ) not member of group (group_name ), group-lock check failed.","%FTD-3-713060: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: User (user ) not member of group (group_name ), group-lock check failed.",The user is configured for a different group than what was sent in the IPsec negotiation.,"If you are using the Cisco VPN client and preshared keys, make sure that the group configured on the client is the same as the group associated with the user on the Secure Firewall Threat Defense device. If you are using digital certificates, the group is dictated either by the OU field of the certificate, or the user automatically defaults to the remote access default group.",3,Error,75,vpn,ipsec
+%FTD-3-713061,713061,"Group = groupname, Username = username, IP = peerIP Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address !","%FTD-3-713061: Group = groupname, Username = username, IP = peerIP Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address !",The Secure Firewall Threat Defense device was not able to find security policy information for the private networks or hosts indicated in the message. These networks or hosts were sent by the initiator and do not match any crypto ACLs at the Secure Firewall Threat Defense device. This is most likely a misconfiguration.,"Check the protected network configuration in the crypto ACLs on both sides and make sure that the local net on the initiator is the remote net on the responder and vice-versa. Pay special attention to wildcard masks, and host addresses versus network addresses. Non-Cisco implementations may have the private addresses labeled as proxy addresses or red networks.",3,Error,65,vpn,ipsec
+%FTD-3-713062,713062,IKE Peer address same as our interface address IP_address,%FTD-3-713062: IKE Peer address same as our interface address IP_address,The IP address configured as the IKE peer is the same as the IP address configured on one of the Secure Firewall Threat Defense IP interfaces.,Check the L2L and IP interface configurations.,3,Error,65,vpn,ipsec
+%FTD-3-713063,713063,IKE Peer address not configured for destination IP_address,%FTD-3-713063: IKE Peer address not configured for destination IP_address,The IKE peer address is not configured for an L2L tunnel.,Check the L2L configuration.,3,Error,65,vpn,ipsec
+%FTD-3-713065,713065,IKE Remote Peer did not negotiate the following: proposal attribute,%FTD-3-713065: IKE Remote Peer did not negotiate the following: proposal attribute,An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-7-713066,713066,"Group = groupname, Username = username, IP = peerIP IKE Remote Peer configured for SA: SA_name","%FTD-7-713066: Group = groupname, Username = username, IP = peerIP IKE Remote Peer configured for SA: SA_name",The crypto policy settings of the peer have been configured.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-5-713068,713068,"Group = groupname, Username = username, IP = peerIP Received non-routine Notify message: notify_type (notify_value)","%FTD-5-713068: Group = groupname, Username = username, IP = peerIP Received non-routine Notify message: notify_type (notify_value)",Notification messages that caused this event are not explicitly handled in the notify processing code.,Examine the specific reason to determine the action to take. Many notification messages indicate a configuration mismatch between the IKE peers.,5,Notification,35,vpn,ipsec
+%FTD-3-713072,713072,"Group = groupname, Username = username, IP = peerIP Password for user (user ) too long, truncating to number characters","%FTD-3-713072: Group = groupname, Username = username, IP = peerIP Password for user (user ) too long, truncating to number characters",The password of the user is too long.,Correct password lengths on the authentication server.,3,Error,65,vpn,ipsec
+%FTD-5-713073,713073,"Group = groupname, Username = username, IP = peerIP Responder forcing change of Phase 1 /Phase 2 rekeying duration from larger_value to smaller_value seconds","%FTD-5-713073: Group = groupname, Username = username, IP = peerIP Responder forcing change of Phase 1 /Phase 2 rekeying duration from larger_value to smaller_value seconds",Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the initiator is the lower one.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713074,713074,"Group = groupname, Username = username, IP = peerIP Responder forcing change of IPsec rekeying duration from larger_value to smaller_value Kbs","%FTD-5-713074: Group = groupname, Username = username, IP = peerIP Responder forcing change of IPsec rekeying duration from larger_value to smaller_value Kbs",Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the initiator is the lower one.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713075,713075,"Group = groupname, Username = username, IP = peerIP Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value seconds","%FTD-5-713075: Group = groupname, Username = username, IP = peerIP Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value seconds",Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the responder is the lower one.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713076,713076,Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value Kbs,%FTD-5-713076: Overriding Initiator's IPsec rekeying duration from larger_value to smaller_value Kbs,Rekeying durations are always set to the lower of the values proposed by IKE peers. The value of the responder is the lower one.,None required.,5,Notification,5,vpn,ipsec
+%FTD-2-713078,713078,"Temp buffer for building mode config attributes exceeded: bufsize available_size , used value","%FTD-2-713078: Temp buffer for building mode config attributes exceeded: bufsize available_size , used value",An internal software error has occurred while processing modecfg attributes.,"Disable any unnecessary tunnel group attributes, or shorten any text messages that are excessively long. If the problem persists, contact the Cisco TAC.",2,Critical,95,vpn,ipsec
+%FTD-3-713081,713081,Unsupported certificate encoding type encoding_type,%FTD-3-713081: Unsupported certificate encoding type encoding_type,"One of the loaded certificates is unreadable, and may be an unsupported encoding scheme.",Check the configuration of digital certificates and trustpoints.,3,Error,65,vpn,ipsec
+%FTD-3-713082,713082,Failed to retrieve identity certificate,%FTD-3-713082: Failed to retrieve identity certificate,The identity certificate for this tunnel cannot be found.,Check the configuration of digital certificates and trustpoints.,3,Error,75,vpn,ipsec
+%FTD-3-713083,713083,Invalid certificate handle,%FTD-3-713083: Invalid certificate handle,The identity certificate for this tunnel cannot be found.,Check the configuration of digital certificates and trustpoints.,3,Error,75,vpn,ipsec
+%FTD-3-713084,713084,Received invalid phase 1 port value (port ) in ID payload,%FTD-3-713084: Received invalid phase 1 port value (port ) in ID payload,The port value received in the IKE phase 1 ID payload was incorrect. Acceptable values are 0 or 500 (ISAKMP is also known as IKE).,Make sure that a peer conforms to the IKE standards to avoid a network problem resulting in corrupted packets.,3,Error,95,vpn,ipsec
+%FTD-3-713085,713085,Received invalid phase 1 protocol (protocol ) in ID payload,%FTD-3-713085: Received invalid phase 1 protocol (protocol ) in ID payload,The protocol value received in the IKE phase 1 ID payload was incorrect. Acceptable values are 0 or 17 (UDP).,Make sure that a peer conforms to the IKE standards to avoid a network problem resulting in corrupted packets.,3,Error,95,vpn,ipsec
+%FTD-3-713086,713086,Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value)),%FTD-3-713086: Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value)),"A certificate payload was received, but our internal certificate handle indicates that we do not have an identity certificate. The certificate handle was not obtained through a normal enrollment method. One likely reason this can happen is that the authentication method is not made through RSA or DSS signatures, although the IKE SA negotiation should fail if each side is misconfigured.",None provided.,3,Error,75,vpn,ipsec
+%FTD-3-713088,713088,Set Cert filehandle failure: no IPsec SA in group group_name,%FTD-3-713088: Set Cert filehandle failure: no IPsec SA in group group_name,"The tunnel group cannot be found, based on the digital certificate information.",Verify that the tunnel group is set up correctly to handle the certificate information of the peer.,3,Error,85,vpn,ipsec
+%FTD-5-713092,713092,Failure during phase 1 rekeying attempt due to collision,%FTD-5-713092: Failure during phase 1 rekeying attempt due to collision,An internal software error has occurred. This is often a benign event.,"If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,ipsec
+%FTD-7-713094,713094,Cert validation failure: handle invalid for Main /Aggressive Mode Initiator /Responder !,%FTD-7-713094: Cert validation failure: handle invalid for Main /Aggressive Mode Initiator /Responder !,An internal software error has occurred.,"You may have to reenroll the trustpoint. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-3-713098,713098,Aborting: No identity cert specified in IPsec SA (SA_name )!,%FTD-3-713098: Aborting: No identity cert specified in IPsec SA (SA_name )!,"An attempt was made to establish a certificate-based IKE session, but no identity certificate has been specified in the crypto policy.",Specify the identity certificate or trustpoint that you want to transmit to peers.,3,Error,65,vpn,ipsec
+%FTD-7-713099,713099,Tunnel Rejected: Received NONCE length number is out of range!,%FTD-7-713099: Tunnel Rejected: Received NONCE length number is out of range!,An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-3-713102,713102,Phase 1 ID Data length number too long - reject tunnel!,%FTD-3-713102: Phase 1 ID Data length number too long - reject tunnel!,IKE has received an ID payload that includes an identification data field of 2 K or larger.,None required.,3,Error,5,vpn,ipsec
+%FTD-7-713103,713103,Invalid (NULL) secret key detected while computing hash,%FTD-7-713103: Invalid (NULL) secret key detected while computing hash,An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-7-713104,713104,Attempt to get Phase 1 ID data failed while hash computation,%FTD-7-713104: Attempt to get Phase 1 ID data failed while hash computation,An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-3-713105,713105,Zero length data in ID payload received during phase 1 or 2 processing,%FTD-3-713105: Zero length data in ID payload received during phase 1 or 2 processing,"A peer sent an ID payload without including any ID data, which is invalid.",Check the configuration of the peer.,3,Error,75,vpn,ipsec
+%FTD-3-713107,713107,IP_Address request attempt failed!,%FTD-3-713107: IP_Address request attempt failed!,An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-3-713109,713109,Unable to process the received peer certificate,%FTD-3-713109: Unable to process the received peer certificate,"The Secure Firewall Threat Defense device was unable to process the certificate received from the remote peer, which can occur if the certificate data was malformed (for example, if the public key size is larger than 4096 bits) or if the data in the certificate cannot be stored by the Secure Firewall Threat Defense device.",Try to reestablish the connection using a different certificate on the remote peer.,3,Error,75,vpn,ipsec
+%FTD-3-713112,713112,"Group = groupname, Username = username, IP = peerIP Failed to process CONNECTED notify (SPI SPI_value )!","%FTD-3-713112: Group = groupname, Username = username, IP = peerIP Failed to process CONNECTED notify (SPI SPI_value )!","The Secure Firewall Threat Defense device was unable to successfully process the notification payload that included the CONNECTED notify type. This may occur if the IKE phase 2 structure cannot be found using the SPI to locate it, or the commit bit had not been set in the received ISAKMP header. The latter case may indicate a nonconforming IKE peer.","If the problem persists, check the configuration of the peer and/or disable commit bit processing.",3,Error,75,vpn,ipsec
+%FTD-7-713113,713113,"Group = groupname, Username = username, IP = peerIP Deleting IKE SA with associated IPsec connection entries. IKE peer: IP_address, SA address: internal_SA_address, tunnel count: count","%FTD-7-713113: Group = groupname, Username = username, IP = peerIP Deleting IKE SA with associated IPsec connection entries. IKE peer: IP_address, SA address: internal_SA_address, tunnel count: count","An IKE SA is being deleted with a nonzero tunnel count, which means that either the IKE SA tunnel count has lost synchronization with the associated connection entries or the associated connection cookie fields for the entries have lost synchronization with the cookie fields of the IKE SA to which the connection entry points. If this occurs, the IKE SA and its associated data structures will not be freed, so that the entries that may point to it will not have a stale pointer.",None required. Error recovery is built-in.,7,Debugging,5,vpn,ipsec
+%FTD-7-713114,713114,"Group = groupname, Username = username, IP = peerIP Connection entry (conn entry internal address) points to IKE SA (SA_internal_address ) for peer IP_address, but cookies don't match","%FTD-7-713114: Group = groupname, Username = username, IP = peerIP Connection entry (conn entry internal address) points to IKE SA (SA_internal_address ) for peer IP_address, but cookies don't match",An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-5-713115,713115,"Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec request, falling back to standard IPsec","%FTD-5-713115: Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec request, falling back to standard IPsec","The client rejected an attempt by the Secure Firewall Threat Defense device to use IPsec over UDP. IPsec over UDP is used to allow multiple clients to establish simultaneous tunnels to the Secure Firewall Threat Defense device through a NAT device. The client may have rejected the request, either because it does not support this feature or because it is configured not to use it.",Verify the configuration on the headend and peer.,5,Notification,35,vpn,ipsec
+%FTD-7-713117,713117,"Group = groupname, Username = username, IP = peerIP Received Invalid SPI notify (SPI SPI_Value )!","%FTD-7-713117: Group = groupname, Username = username, IP = peerIP Received Invalid SPI notify (SPI SPI_Value )!",None provided.,None provided.,7,Debugging,15,vpn,ipsec
+%FTD-3-713118,713118,"Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area","%FTD-3-713118: Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area","The group_descriptor field included an unsupported value. Currently we support only groups 1, 2, 5, and 7. In the case of a centry, the group_descriptor field may also be set to 0 to indicate that perfect forward secrecy is disabled.",Check the peer Diffie-Hellman configuration.,3,Error,75,vpn,ipsec
+%FTD-5-713119,713119,"Group = groupname, Username = username, IP = peerIP Group group IP ip PHASE 1 COMPLETED","%FTD-5-713119: Group = groupname, Username = username, IP = peerIP Group group IP ip PHASE 1 COMPLETED",IKE Phase 1 has completed successfully.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713120,713120,"Group = groupname, Username = username, IP = peerIP PHASE 2 COMPLETED (msgid=msg_id )","%FTD-5-713120: Group = groupname, Username = username, IP = peerIP PHASE 2 COMPLETED (msgid=msg_id )",IKE Phase 2 has completed successfully.,None required.,5,Notification,5,vpn,ipsec
+%FTD-7-713121,713121,IP = peerIP Keep-alive type for this connection: keepalive_type,%FTD-7-713121: IP = peerIP Keep-alive type for this connection: keepalive_type,The type of keepalive mechanism that is being used for this tunnel is specified.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713122,713122,IP = peerIP Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type ),%FTD-3-713122: IP = peerIP Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type ),"Keepalives were configured on or off for this device, but the IKE peer does or does not support keepalives.","No action is required if this configuration is intentional. If it is not intentional, change the keepalive configuration on both devices.",3,Error,65,vpn,ipsec
+%FTD-3-713123,713123,"Group = groupname, Username = username, IP = peerIP IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type )","%FTD-3-713123: Group = groupname, Username = username, IP = peerIP IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type )","The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was terminated. The message includes the keepalive mechanism used.",None required.,3,Error,5,vpn,ipsec
+%FTD-6-713124,713124,"Group = groupname, Username = username, IP = peerIP Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #","%FTD-6-713124: Group = groupname, Username = username, IP = peerIP Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #",The remote IKE peer sent a DPD with a sequence number that did not match the expected sequence number. The packet is discarded. This might indicate a packet loss problem with the network.,None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713127,713127,"Group = groupname, Username = username, IP = peerIP Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal list","%FTD-3-713127: Group = groupname, Username = username, IP = peerIP Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal list","The peer wanted to perform a XAUTH, but the Secure Firewall Threat Defense device did not choose the XAUTH IKE proposal.",Check the priorities of the IKE xauth proposals in the IKE proposal list.,3,Error,65,vpn,ipsec
+%FTD-6-713128,713128,IP = peerIP Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing,%FTD-6-713128: IP = peerIP Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing,A connection attempt has been made to the VCPIP and has been redirected to a less loaded peer using load balancing.,None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713129,713129,"Group = groupname, Username = username, IP = peerIP Received unexpected Transaction Exchange payload type: payload_id","%FTD-3-713129: Group = groupname, Username = username, IP = peerIP Received unexpected Transaction Exchange payload type: payload_id","An unexpected payload has been received during XAUTH or Mode Cfg, which may indicate that the two peers are out-of-sync, that the XAUTH or Mode Cfg versions do not match, or that the remote peer is not complying with the appropriate RFCs.",Verify the configuration between peers.,3,Error,75,vpn,ipsec
+%FTD-5-713130,713130,"Group = groupname, Username = username, IP = peerIP Received unsupported transaction mode attribute: attribute id","%FTD-5-713130: Group = groupname, Username = username, IP = peerIP Received unsupported transaction mode attribute: attribute id",The device received a request for a valid transaction mode attribute (XAUTH or Mode Cfg) that is currently not supported. This is generally a benign condition.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713131,713131,"Group = groupname, Username = username, IP = peerIP Received unknown transaction mode attribute: attribute_id","%FTD-5-713131: Group = groupname, Username = username, IP = peerIP Received unknown transaction mode attribute: attribute_id","The Secure Firewall Threat Defense device has received a request for a transaction mode attribute (XAUTH or Mode Cfg) that is outside the range of known attributes. The attribute may be valid but only supported in later versions of configuration mode, or the peer may be sending an illegal or proprietary value. This should not cause connectivity problems, but may affect the functionality of the peer.",None required.,5,Notification,5,vpn,ipsec
+%FTD-3-713132,713132,"Group = groupname, Username = username, IP = peerIP Cannot obtain an IP_address for remote peer","%FTD-3-713132: Group = groupname, Username = username, IP = peerIP Cannot obtain an IP_address for remote peer",A request for an IP address for a remote access client from the internal utility that provides these addresses cannot be satisfied.,Check the configuration of IP address assignment methods.,3,Error,65,vpn,ipsec
+%FTD-3-713133,713133,"Group = groupname, Username = username, IP = peerIP Mismatch: Overriding phase 2 DH Group(DH group DH group_id ) with phase 1 group(DH group DH group_number","%FTD-3-713133: Group = groupname, Username = username, IP = peerIP Mismatch: Overriding phase 2 DH Group(DH group DH group_id ) with phase 1 group(DH group DH group_number",The configured Phase 2 PFS Group differed from the DH group that was negotiated for Phase 1.,None required.,3,Error,5,vpn,ipsec
+%FTD-3-713134,713134,"Group = groupname, Username = username, IP = peerIP Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection","%FTD-3-713134: Group = groupname, Username = username, IP = peerIP Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection","The configured LAN-to-LAN proposal is different from the one accepted for the LAN-to-LAN connection. Depending on which side is the initiator, different proposals will be used.",None required.,3,Error,5,vpn,ipsec
+%FTD-5-713135,713135,"Group = groupname, Username = username, IP = peerIP message received, redirecting tunnel to IP_address .","%FTD-5-713135: Group = groupname, Username = username, IP = peerIP message received, redirecting tunnel to IP_address .",The tunnel is being redirected because of load balancing on the remote Secure Firewall Threat Defense device. A REDIRECT_CONNECTION notify packet was received.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713136,713136,"Group = groupname, Username = username, IP = peerIP IKE session establishment timed out [IKE_state_name ], aborting!","%FTD-5-713136: Group = groupname, Username = username, IP = peerIP IKE session establishment timed out [IKE_state_name ], aborting!",The Reaper has detected an Secure Firewall Threat Defense device stuck in an inactive state. The Reaper will try to remove the inactive Secure Firewall Threat Defense device.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713137,713137,"Group = groupname, Username = username, IP = peerIP Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count] -- deleting SA!","%FTD-5-713137: Group = groupname, Username = username, IP = peerIP Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count] -- deleting SA!",An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",5,Notification,25,vpn,ipsec
+%FTD-3-713138,713138,IP = peerIP Group group_name not found and BASE GROUP default preshared key not configured,%FTD-3-713138: IP = peerIP Group group_name not found and BASE GROUP default preshared key not configured,"No group exists in the group database with the same name as the IP address of the peer. In Main Mode, the Secure Firewall Threat Defense device will fall back and try to use the default preshared key configured in one of the default groups. The default preshared key is not configured.",Verify the configuration of the preshared keys.,3,Error,75,vpn,ipsec
+%FTD-5-713139,713139,"IP = peerIP group_name not found, using BASE GROUP default preshared key","%FTD-5-713139: IP = peerIP group_name not found, using BASE GROUP default preshared key","No tunnel group exists in the group database with the same name as the IP address of the peer. In Main Mode, the Secure Firewall Threat Defense device will fall back and use the default preshared key configured in the default group.",None required.,5,Notification,5,vpn,ipsec
+%FTD-3-713140,713140,"Group = groupname, Username = username, IP = peerIP Split Tunneling Policy requires network list but none configured","%FTD-3-713140: Group = groupname, Username = username, IP = peerIP Split Tunneling Policy requires network list but none configured",The split tunneling policy is set to either split tunneling or to allow local LAN access. A split tunneling ACL must be defined to represent the information required by the VPN client.,Check the configuration of the ACLs.,3,Error,65,vpn,ipsec
+%FTD-3-713141,713141,"IP = peerIP Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id), Product product(id), Caps: capability_value . Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value","%FTD-3-713141: IP = peerIP Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id), Product product(id), Caps: capability_value . Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value","The Secure Firewall Threat Defense device installed on the client does not match the configured required Secure Firewall Threat Defense device. This message lists the actual and expected values, and whether the tunnel is terminated or allowed.",You may need to install a different personal Secure Firewall Threat Defense device on the client or change the configuration on the Secure Firewall Threat Defense device.,3,Error,65,vpn,ipsec
+%FTD-3-713142,713142,"IP = peerIP Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor: vendor(id), Product product(id), Caps: capability_value","%FTD-3-713142: IP = peerIP Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor: vendor(id), Product product(id), Caps: capability_value","The client did not report an Secure Firewall Threat Defense device in use using ModeCfg, but one is required. The event lists the expected values and whether the tunnel is terminated or allowed. Note that the number following the product string is a bitmask of all of the allowed products.",You may need to install a different personal Secure Firewall Threat Defense device on the client or change the configuration on the Secure Firewall Threat Defense device.,3,Error,65,vpn,ipsec
+%FTD-7-713143,713143,"IP = peerIP Processing firewall record. Vendor: vendor(id), Product: product(id), Caps: capability_value, Version Number: version_number, Version String: version_text","%FTD-7-713143: IP = peerIP Processing firewall record. Vendor: vendor(id), Product: product(id), Caps: capability_value, Version Number: version_number, Version String: version_text",Debugging information about the Secure Firewall Threat Defense device installed on the client appears.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-5-713144,713144,IP = peerIP Ignoring received malformed firewall record; reason - error_reason TLV type attribute_value correction,%FTD-5-713144: IP = peerIP Ignoring received malformed firewall record; reason - error_reason TLV type attribute_value correction,None provided.,None provided.,5,Notification,25,vpn,ipsec
+%FTD-6-713145,713145,"Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: netmask","%FTD-6-713145: Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: netmask","A tunnel with a hardware client in network extension mode has been negotiated, and a static route is being added for the private network behind the hardware client. This configuration enables the Secure Firewall Threat Defense device to make the remote network known to all the routers on the private side of the headend.",None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713146,713146,"Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask","%FTD-3-713146: Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask","An internal software error has occurred. A tunnel with a hardware client in network extension mode has been negotiated, and an attempt to add the static route for the private network behind the hardware client failed. The routing table may be full, or a possible addressing error has occurred.","If the problem persists, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-6-713147,713147,"Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask: netmask","%FTD-6-713147: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask: netmask","A tunnel to a hardware client in network extension mode is being removed, and the static route for the private network is being deleted behind the hardware client.",None required.,6,Informational,5,vpn,ipsec
+%FTD-5-713148,713148,"Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: netmask","%FTD-5-713148: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: netmask","While a tunnel to a hardware client in network extension mode was being removed, a route to the private network behind the hardware client cannot be deleted. This might indicate an addressing or software problem.","Check the routing table to ensure that the route is not there. If it is, it may have to be removed manually, but only if the tunnel to the hardware client has been completely removed.",5,Notification,35,vpn,ipsec
+%FTD-3-713149,713149,"Group = groupname, Username = username, IP = peerIP Hardware client security attribute attribute_name was enabled but not requested.","%FTD-3-713149: Group = groupname, Username = username, IP = peerIP Hardware client security attribute attribute_name was enabled but not requested.","The headend Secure Firewall Threat Defense device has the specified hardware client security attribute enabled, but the attribute was not requested by the VPN 3002 hardware client.",Check the configuration on the hardware client.,3,Error,65,vpn,ipsec
+%FTD-3-713152,713152,"IP = peerIP Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.","%FTD-3-713152: IP = peerIP Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.","The client is required to use CPP to provision its Secure Firewall Threat Defense device, but the headend device was unable to obtain any ACLs to send to the client. This is probably due to a misconfiguration.",Check the ACLs specified for CPP in the group policy for the client.,3,Error,75,vpn,ipsec
+%FTD-4-713154,713154,DNS lookup for peer_description Server [server_name ] failed!,%FTD-4-713154: DNS lookup for peer_description Server [server_name ] failed!,This message appears when a DNS lookup for the specified server has not been resolved.,Check the DNS server configuration on the Secure Firewall Threat Defense device. Also check the DNS server to ensure that it is operational and has hostname to IP address mapping.,4,Warning,55,vpn,ipsec
+%FTD-5-713155,713155,DNS lookup for Primary VPN Server [server_name ] successfully resolved after a previous failure. Resetting any Backup Server init.,%FTD-5-713155: DNS lookup for Primary VPN Server [server_name ] successfully resolved after a previous failure. Resetting any Backup Server init.,A previous DNS lookup failure for the primary server might have caused the Secure Firewall Threat Defense device to initialize a backup peer. This message indicates that a later DNS lookup on the primary server finally succeeded and is resetting any backup server initializations. A tunnel initiated after this point will be aimed at the primary server.,None required.,5,Notification,5,vpn,ipsec
+%FTD-5-713156,713156,Initializing Backup Server [server_name or IP_address ],%FTD-5-713156: Initializing Backup Server [server_name or IP_address ],"The client is failing over to a backup server, or a failed DNS lookup for the primary server caused the Secure Firewall Threat Defense device to initialize a backup server. A tunnel initiated after this point will be aimed at the specified backup server.",None required.,5,Notification,5,vpn,ipsec
+%FTD-4-713157,713157,IP = peerIP Timed out on initial contact to server [server_name or IP_address ] Tunnel could not be established.,%FTD-4-713157: IP = peerIP Timed out on initial contact to server [server_name or IP_address ] Tunnel could not be established.,"The client tried to initiate a tunnel by sending out IKE MSG1, but did not receive a response from the Secure Firewall Threat Defense device on the other end. If backup servers are available, the client will attempt to connect to one of them.",Verify connectivity to the headend Secure Firewall Threat Defense device.,4,Warning,55,vpn,ipsec
+%FTD-5-713158,713158,"Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec Over UDP request, falling back to IPsec Over TCP","%FTD-5-713158: Group = groupname, Username = username, IP = peerIP Client rejected NAT enabled IPsec Over UDP request, falling back to IPsec Over TCP",The client is configured to use IPsec over TCP. The client rejected the attempt by the Secure Firewall Threat Defense device to use IPsec over UDP.,"If TCP is desired, no action is required. Otherwise, check the client configuration.",5,Notification,25,vpn,ipsec
+%FTD-3-713159,713159,"TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access","%FTD-3-713159: TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access","The TCP connection to the Secure Firewall Threat Defense server was lost for a certain reason, such as the server has rebooted, a network problem has occurred, or an SSL mismatch has occurred.","If the server connection was lost after the initial connection was made, then the server and network connections must be checked. If the initial connection is lost immediately, this might indicate an SSL authentication problem.",3,Error,75,vpn,ipsec
+%FTD-7-713160,713160,"Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been granted access by the Firewall Server","%FTD-7-713160: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been granted access by the Firewall Server",Normal authentication of the remote user to the Secure Firewall Threat Defense server has occurred.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713161,713161,"Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) network access has been restricted by the Firewall Server","%FTD-3-713161: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) network access has been restricted by the Firewall Server","The Secure Firewall Threat Defense server has sent the Secure Firewall Threat Defense device a message indicating that this user must be restricted. There are several reasons for this, including Secure Firewall Threat Defense software upgrades or changes in permissions. The Secure Firewall Threat Defense server will transition the user back into full access mode as soon as the operation has been completed.",None provided.,3,Error,75,vpn,ipsec
+%FTD-3-713162,713162,"Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been rejected by the Firewall Server","%FTD-3-713162: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been rejected by the Firewall Server",The Secure Firewall Threat Defense server has rejected this user.,Check the policy information on the Secure Firewall Threat Defense server to make sure that the user is configured correctly.,3,Error,65,vpn,ipsec
+%FTD-3-713163,713163,"Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been terminated by the Firewall Server","%FTD-3-713163: Group = groupname, Username = username, IP = peerIP Remote user (session Id - id ) has been terminated by the Firewall Server","The Secure Firewall Threat Defense server has terminated this user session, which can occur if the integrity agent stops running on the client machine or if the security policy is modified by the remote user in any way.",Verify that the Secure Firewall Threat Defense software on the client machine is still running and that the policy is correct.,3,Error,75,vpn,ipsec
+%FTD-7-713164,713164,The Firewall Server has requested a list of active user sessions,%FTD-7-713164: The Firewall Server has requested a list of active user sessions,The Secure Firewall Threat Defense server will request the session information if it detects that it has stale data or if it loses the session data (because of a reboot).,None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713165,713165,"Group = groupname, Username = username, IP = peerIP Client IKE Auth mode differs from the group's configured Auth mode","%FTD-3-713165: Group = groupname, Username = username, IP = peerIP Client IKE Auth mode differs from the group's configured Auth mode",The client negotiated with preshared keys while its tunnel group points to a policy that is configured to use digital certificates.,Check the client configuration.,3,Error,65,vpn,ipsec
+%FTD-3-713166,713166,"Group = groupname, Username = username, IP = peerIP Headend security gateway has failed our user authentication attempt - check configured username and password","%FTD-3-713166: Group = groupname, Username = username, IP = peerIP Headend security gateway has failed our user authentication attempt - check configured username and password",None provided.,None provided.,3,Error,75,vpn,ipsec
+%FTD-3-713167,713167,"Group = groupname, Username = username, IP = peerIP Remote peer has failed user authentication - check configured username and password","%FTD-3-713167: Group = groupname, Username = username, IP = peerIP Remote peer has failed user authentication - check configured username and password","The remote user has failed to extend authentication. This is most likely a username or password problem, or an authentication server issue.",Verify that the configured username and password values on each side match. Also verify that the authentication server being used to authenticate the remote user is operational.,3,Error,85,vpn,ipsec
+%FTD-3-713168,713168,"Re-auth enabled, but tunnel must be authenticated interactively!","%FTD-3-713168: Re-auth enabled, but tunnel must be authenticated interactively!","Reauthentication on rekeying has been enabled, but the tunnel authentication requires manual intervention.","If manual intervention is desired, no action is required. Otherwise, check the interactive authentication configuration.",3,Error,65,vpn,ipsec
+%FTD-7-713169,713169,"Group = groupname, Username = username, IP = peerIP IKE Received delete for rekeyed SA IKE peer: IP_address, SA address: internal_SA_address, tunnelCnt: tunnel_count","%FTD-7-713169: Group = groupname, Username = username, IP = peerIP IKE Received delete for rekeyed SA IKE peer: IP_address, SA address: internal_SA_address, tunnelCnt: tunnel_count",IKE has received a delete message from the remote peer to delete its old IKE SA after a rekey has completed.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713170,713170,"Group group IP ip IKE Received delete for rekeyed centry IKE peer: IP_address , centry address: internal_address , msgid: id","%FTD-7-713170: Group group IP ip IKE Received delete for rekeyed centry IKE peer: IP_address , centry address: internal_address , msgid: id",IKE has received a delete message from the remote peer to delete its old centry after Phase 2 rekeying is completed.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713171,713171,"Group = groupname, Username = username, IP = peerIP NAT-Traversal sending NAT-Original-Address payload","%FTD-7-713171: Group = groupname, Username = username, IP = peerIP NAT-Traversal sending NAT-Original-Address payload",None provided.,None provided.,7,Debugging,5,vpn,ipsec
+%FTD-6-713172,713172,"Group = groupname, Username = username, IP = peerIP Automatic NAT Detection Status: Remote end is |is not behind a NAT device This end is |is not behind a NAT device","%FTD-6-713172: Group = groupname, Username = username, IP = peerIP Automatic NAT Detection Status: Remote end is |is not behind a NAT device This end is |is not behind a NAT device",NAT-Traversal auto-detected NAT.,None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713174,713174,"Group = groupname, Username = username, IP = peerIP Hardware Client connection rejected! Network Extension Mode is not allowed for this group!","%FTD-3-713174: Group = groupname, Username = username, IP = peerIP Hardware Client connection rejected! Network Extension Mode is not allowed for this group!","A hardware client is attempting to tunnel in using network extension mode, but network extension mode is not allowed.",Verify the configuration of the network extension mode versus PAT mode.,3,Error,75,vpn,ipsec
+%FTD-2-713176,713176,"Device_type memory resources are critical, IKE key acquire message on interface interface_number , for Peer IP_address ignored","%FTD-2-713176: Device_type memory resources are critical, IKE key acquire message on interface interface_number , for Peer IP_address ignored","The Secure Firewall Threat Defense device is processing data intended to trigger an IPsec tunnel to the indicated peer. Because memory resources are at a critical state, it is not initiating any more tunnels. The data packet has been ignored and dropped.","If condition persists, verify that the Secure Firewall Threat Defense device is efficiently configured. An Secure Firewall Threat Defense device with increased memory may be required for this application.",2,Critical,100,vpn,ipsec
+%FTD-6-713177,713177,"Group = groupname, Username = username, IP = peerIP Received remote Proxy Host FQDN in ID Payload: Host Name: host_name Address IP_address, Protocol protocol, Port port","%FTD-6-713177: Group = groupname, Username = username, IP = peerIP Received remote Proxy Host FQDN in ID Payload: Host Name: host_name Address IP_address, Protocol protocol, Port port",A Phase 2 ID payload containing an FQDN has been received from the peer.,None required.,6,Informational,5,vpn,ipsec
+%FTD-5-713178,713178,"Group = groupname, Username = username, IP = peerIP IKE Initiator received a packet from its peer without a Responder cookie","%FTD-5-713178: Group = groupname, Username = username, IP = peerIP IKE Initiator received a packet from its peer without a Responder cookie",None provided.,None provided.,5,Notification,25,vpn,ipsec
+%FTD-5-713179,713179,"Group = groupname, Username = username, IP = peerIP IKE AM Initiator received a packet from its peer without a payload_type payload","%FTD-5-713179: Group = groupname, Username = username, IP = peerIP IKE AM Initiator received a packet from its peer without a payload_type payload",An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",5,Notification,25,vpn,ipsec
+%FTD-3-713182,713182,"Group = groupname, Username = username, IP = peerIP IKE could not recognize the version of the client! IPsec Fragmentation Policy will be ignored for this connection!","%FTD-3-713182: Group = groupname, Username = username, IP = peerIP IKE could not recognize the version of the client! IPsec Fragmentation Policy will be ignored for this connection!",An internal software error has occurred.,"If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-6-713184,713184,"Group = groupname, Username = username, IP = peerIP Client Type: Client_type Client Application Version: Application_version_string","%FTD-6-713184: Group = groupname, Username = username, IP = peerIP Client Type: Client_type Client Application Version: Application_version_string","The client operating system and application version appear. If the information is not available, then N/A will be indicated.",None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713185,713185,IP = peerIP Error: Username too long - connection aborted,%FTD-3-713185: IP = peerIP Error: Username too long - connection aborted,"The client returned an invalid length username, and the tunnel was torn down.","Check the username and make changes, if necessary.",3,Error,75,vpn,ipsec
+%FTD-3-713186,713186,Invalid secondary domain name list received from the authentication server. List Received: list_text Character index (value ) is illegal,%FTD-3-713186: Invalid secondary domain name list received from the authentication server. List Received: list_text Character index (value ) is illegal,"An invalid secondary domain name list was received from an external RADIUS authentication server. When split tunnelling is used, this list identifies the domains that the client should resolve through the tunnel.","Correct the specification of the Secondary-Domain-Name-List attribute (vendor-specific attribute 29) on the RADIUS server. The list must be specified as a comma-delimited list of domain names. Domain names may include only alphanumeric characters, a hyphen, an underscore, and a period.",3,Error,75,vpn,ipsec
+%FTD-7-713187,713187,"Group = groupname, Username = username, IP = peerIP Tunnel Rejected: IKE peer does not match remote peer as defined in L2L policy IKE peer address: IP_address, Remote peer address: IP_address","%FTD-7-713187: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: IKE peer does not match remote peer as defined in L2L policy IKE peer address: IP_address, Remote peer address: IP_address",The IKE peer that is attempting to bring up this tunnel is not the one that is configured in the ISAKMP configuration that is bound to the received remote subnet.,Verify that L2L settings are correct on the headend and peer.,7,Debugging,15,vpn,ipsec
+%FTD-3-713189,713189,"Group = groupname, Username = username, IP = peerIP Attempted to assign network or broadcast IP_address, removing ( IP_address ) from pool.","%FTD-3-713189: Group = groupname, Username = username, IP = peerIP Attempted to assign network or broadcast IP_address, removing ( IP_address ) from pool.",The IP address from the pool is either the network or broadcast address for this subnet. This address will be marked as unavailable.,"This error is generally benign, but the IP address pool configuration should be checked.",3,Error,65,vpn,ipsec
+%FTD-7-713190,713190,"Group = groupname, Username = username, IP = peerIP Got bad refCnt ( ref_count_value ) assigning IP_address ( IP_address )","%FTD-7-713190: Group = groupname, Username = username, IP = peerIP Got bad refCnt ( ref_count_value ) assigning IP_address ( IP_address )",The reference counter for this SA is invalid.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713191,713191,IP = IP_address Maximum concurrent IKE negotiations exceeded!,%FTD-3-713191: IP = IP_address Maximum concurrent IKE negotiations exceeded!,"To minimize CPU-intensive cryptographic calculations, the Secure Firewall Threat Defense device limits the number of connection negotiations in progress. When a new negotiation is requested and the Secure Firewall Threat Defense device is already at its limit, the new negotiation is rejected. When an existing connection negotiation completes, new connection negotiation will again be permitted.",See the crypto ikev1 limit max-in-negotiation-sa command. Increasing the limit can degrade performance..,3,Error,75,vpn,ipsec
+%FTD-3-713193,713193,"Received packet with missing payload, Expected payload: payload_id","%FTD-3-713193: Received packet with missing payload, Expected payload: payload_id",The Secure Firewall Threat Defense device received an encrypted or unencrypted packet of the specified exchange type that had one or more missing payloads. This usually indicates a problem on the peer.,Verify that the peer is sending valid IKE messages.,3,Error,75,vpn,ipsec
+%FTD-3-713194,713194,"Group = groupname, Username = username, IP = peerIP Sending IKE |IPsec Delete With Reason message: termination_reason","%FTD-3-713194: Group = groupname, Username = username, IP = peerIP Sending IKE |IPsec Delete With Reason message: termination_reason",A delete message with a termination reason code was received.,None required.,3,Error,5,vpn,ipsec
+%FTD-3-713195,713195,"Group = groupname, Username = username, IP = peerIP Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!","%FTD-3-713195: Group = groupname, Username = username, IP = peerIP Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!","The originate-only peer can accept incoming connections only after it brings up the first P2 tunnel. At that point, data from either direction can initiate additional Phase 2 tunnels.","If a different behavior is desired, the originate-only configuration needs to be revised.",3,Error,65,vpn,ipsec
+%FTD-5-713196,713196,"Group = groupname, Username = username, IP = peerIP Remote L2L Peer IP_address initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!","%FTD-5-713196: Group = groupname, Username = username, IP = peerIP Remote L2L Peer IP_address initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!","The remote L2L peer has initiated a public-public tunnel. The remote L2L peer expects a response from the peer at the other end, but does not receive one, because of a possible misconfiguration.",Check the L2L configuration on both sides.,5,Notification,25,vpn,ipsec
+%FTD-5-713197,713197,"Group = groupname, Username = username, IP = peerIP The configured Confidence Interval of number seconds is invalid for this tunnel_type connection. Enforcing the second default.","%FTD-5-713197: Group = groupname, Username = username, IP = peerIP The configured Confidence Interval of number seconds is invalid for this tunnel_type connection. Enforcing the second default.",The configured confidence interval in the group is outside of the valid range.,Check the confidence setting in the group to make sure it is within the valid range.,5,Notification,35,vpn,ipsec
+%FTD-3-713198,713198,"Group = groupname, Username = username, IP = peerIP User Authorization failed: user User authorization failed. Username could not be found in the certificate","%FTD-3-713198: Group = groupname, Username = username, IP = peerIP User Authorization failed: user User authorization failed. Username could not be found in the certificate",A reason string that states that a username cannot be found in the certificate appears.,Check the group configuration and client authorization.,3,Error,75,vpn,ipsec
+%FTD-5-713199,713199,"Group = groupname, Username = username, IP = peerIP Reaper corrected an SA that has not decremented the concurrent IKE negotiations counter ( counter_value )!","%FTD-5-713199: Group = groupname, Username = username, IP = peerIP Reaper corrected an SA that has not decremented the concurrent IKE negotiations counter ( counter_value )!",The Reaper corrected an internal software error.,"If the problem persists, contact the Cisco TAC.",5,Notification,25,vpn,ipsec
+%FTD-5-713201,713201,"Group = groupname, Username = username, IP = peerIP Duplicate Phase Phase packet detected. Action","%FTD-5-713201: Group = groupname, Username = username, IP = peerIP Duplicate Phase Phase packet detected. Action","The Secure Firewall Threat Defense device has received a duplicate of a previous Phase 1 or Phase 2 packet, and will transmit the last message. A network performance or connectivity issue may have occurred, in which the peer is not receiving sent packets in a timely manner.",Verify network performance or connectivity.,5,Notification,35,vpn,ipsec
+%FTD-5-713202,713202,IP = IP_address Duplicate IP_addr packet detected.,%FTD-5-713202: IP = IP_address Duplicate IP_addr packet detected.,"The Secure Firewall Threat Defense device has received a duplicate first packet for a tunnel that the Secure Firewall Threat Defense device is already aware of and negotiating, which indicates that the Secure Firewall Threat Defense device probably received a retransmission of a packet from the peer.","None required, unless the connection attempt is failing. If this is the case, debug further and diagnose the problem.",5,Notification,5,vpn,ipsec
+%FTD-3-713203,713203,IKE Receiver: Error reading from socket.,%FTD-3-713203: IKE Receiver: Error reading from socket.,An error occurred while reading a received IKE packet. This is generally an internal error and might indicate a software problem.,"This problem is usually benign, and the system will correct itself. If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-7-713204,713204,"Group = groupname, Username = username, IP = peerIP Adding static route for client address: IP_address","%FTD-7-713204: Group = groupname, Username = username, IP = peerIP Adding static route for client address: IP_address",This message indicates that a route to the peer-assigned address or to the networks protected by a hardware client was added to the routing table.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713205,713205,"Group = groupname, Username = username, IP = peerIP Could not add static route for client address: IP_address","%FTD-3-713205: Group = groupname, Username = username, IP = peerIP Could not add static route for client address: IP_address",An attempt to add a route to the client-assigned address or to the networks protected by a hardware client failed. This might indicate duplicate routes in the routing table or a corrupted network address. The duplicate routes might be caused by routes that were not cleaned up correctly or by having multiple clients sharing networks or addresses.,"Check the IP local pool configuration as well as any other IP address-assigning mechanism being used (for example, DHCP or RADIUS). Make sure that routes are being cleared from the routing table. Also check the configuration of networks and/or addresses on the peer.",3,Error,95,vpn,ipsec
+%FTD-3-713206,713206,"Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy","%FTD-3-713206: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy",A tunnel was dropped because the allowed tunnel specified in the group policy was different from the allowed tunnel in the tunnel group configuration.,Check the tunnel group and group policy configuration.,3,Error,85,vpn,ipsec
+%FTD-4-713207,713207,"Group = groupname, Username = username, IP = peerIP Terminating connection: IKE Initiator and tunnel group specifies L2TP Over IPSec","%FTD-4-713207: Group = groupname, Username = username, IP = peerIP Terminating connection: IKE Initiator and tunnel group specifies L2TP Over IPSec",This syslog is displayed for ikev1 while terminating the connection if GW is an initiator and tunnel group type is L2TP over IPSEC.,None required.,4,Warning,5,vpn,ipsec
+%FTD-3-713208,713208,Cannot create dynamic rule for Backup L2L entry rule rule_id,%FTD-3-713208: Cannot create dynamic rule for Backup L2L entry rule rule_id,"A failure occurred in creating the ACLs that trigger IKE and allow IPsec data to be processed properly. The failure was specific to the backup L2L configuration, which may indicate a configuration error, a capacity error, or an internal software error.","If the Secure Firewall Threat Defense device is running the maximum number of connections and VPN tunnels, there may be a memory issue. If not, check the backup L2L and crypto map configurations, specifically the ACLs associated with the crypto maps.",3,Error,75,vpn,ipsec
+%FTD-3-713209,713209,Cannot delete dynamic rule for Backup L2L entry rule id,%FTD-3-713209: Cannot delete dynamic rule for Backup L2L entry rule id,A failure occurred in deleting the ACLs that trigger IKE and allow IPsec data to be processed correctly. The failure was specific to the backup L2L configuration. This may indicate an internal software error.,"If the problem persists, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-3-713210,713210,Cannot create dynamic map for Backup L2L entry rule_id,%FTD-3-713210: Cannot create dynamic map for Backup L2L entry rule_id,"A failure occurred in creating a run-time instance of the dynamic crypto map associated with backup L2L configuration. This may indicate a configuration error, a capacity error, or an internal software error.","If the Secure Firewall Threat Defense device is running the maximum number of connections and VPN tunnels, there may be a memory issue. If not, check the backup L2L and crypto map configurations, and specifically the ACLs associated with the crypto maps.",3,Error,75,vpn,ipsec
+%FTD-3-713212,713212,"Group = groupname, Username = username, IP = peerIP Could not add route for L2L peer coming in on a dynamic map. address: IP_address , mask: netmask","%FTD-3-713212: Group = groupname, Username = username, IP = peerIP Could not add route for L2L peer coming in on a dynamic map. address: IP_address , mask: netmask","The Secure Firewall Threat Defense device failed while attempting to add a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. This might indicate duplicate routes, a full routing table, or a failure of the Secure Firewall Threat Defense device to remove previously used routes.",None provided.,3,Error,75,vpn,ipsec
+%FTD-6-713213,713213,"Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","%FTD-6-713213: Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","The Secure Firewall Threat Defense device is deleting a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel.",None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713214,713214,"Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","%FTD-3-713214: Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask","The Secure Firewall Threat Defense device experienced a failure while deleting a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. The route may have already been deleted,or an internal software error has occurred.","If the route has already been deleted, the condition is benign and the device will function normally. If the problem persists or can be linked to routing issues over VPN tunnels, then check the routing and addressing portions of the VPN L2L configuration. Check the reverse route injection and the ACLs associated with the appropriate crypto map. If the problem persists, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-6-713215,713215,"Group = groupname, Username = username, IP = peerIP No match against Client Type and Version rules. Client: type version is /is not allowed by default","%FTD-6-713215: Group = groupname, Username = username, IP = peerIP No match against Client Type and Version rules. Client: type version is /is not allowed by default",The client type and the version of a client did not match any of the rules configured on the Secure Firewall Threat Defense device. The default action appears.,"Determine what the default action and deployment requirements are, and make the applicable changes.",6,Informational,15,vpn,ipsec
+%FTD-5-713216,713216,"Group = groupname, Username = username, IP = peerIP Rule: action [Client type]: version Client: type version allowed/not allowed","%FTD-5-713216: Group = groupname, Username = username, IP = peerIP Rule: action [Client type]: version Client: type version allowed/not allowed",The client type and the version of a client have matched one of the rules. The results of the match and the rule are displayed.,"Determine what the deployment requirements are, and make the appropriate changes.",5,Notification,25,vpn,ipsec
+%FTD-3-713217,713217,"Group = groupname, Username = username, IP = peerIP Skipping unrecognized rule: action: action client type: client_type client version: client_version","%FTD-3-713217: Group = groupname, Username = username, IP = peerIP Skipping unrecognized rule: action: action client type: client_type client version: client_version",A malformed client type and version rule exist. The required format is action client type | client version action. Either permit or deny client type and client version are displayed under Session Management. Only one wildcard per parameter (*) is supported.,Correct the rule.,3,Error,85,vpn,ipsec
+%FTD-3-713218,713218,"Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Client Type or Version not allowed. The client was denied access according to the configured rules. None required.","%FTD-3-713218: Group = groupname, Username = username, IP = peerIP Tunnel Rejected: Client Type or Version not allowed. The client was denied access according to the configured rules. None required.",None provided.,None provided.,3,Error,85,vpn,ipsec
+%FTD-6-713219,713219,"Group = groupname, Username = username, IP = peerIP Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.","%FTD-6-713219: Group = groupname, Username = username, IP = peerIP Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.",Phase 2 messages are being enqueued after Phase 1 completes.,None required.,6,Informational,5,vpn,ipsec
+%FTD-6-713220,713220,"Group = groupname, Username = username, IP = peerIP De-queuing KEY-ACQUIRE messages that were left pending.","%FTD-6-713220: Group = groupname, Username = username, IP = peerIP De-queuing KEY-ACQUIRE messages that were left pending.",Queued Phase 2 messages are being processed.,None required.,6,Informational,5,vpn,ipsec
+%FTD-7-713221,713221,"Group = groupname, Username = username, IP = peerIP Static Crypto Map check, checking map = crypto_map_tag, seq = seq_number...","%FTD-7-713221: Group = groupname, Username = username, IP = peerIP Static Crypto Map check, checking map = crypto_map_tag, seq = seq_number...",The Secure Firewall Threat Defense device is iterating through the crypto maps looking for configuration information.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713222,713222,"Group = groupname, Username = username, IP = peerIP Group group Username username IP ip Static Crypto Map check, map = crypto_map_tag, seq = seq_number, ACL does not match proxy IDs src:source_address dst:dest_address","%FTD-7-713222: Group = groupname, Username = username, IP = peerIP Group group Username username IP ip Static Crypto Map check, map = crypto_map_tag, seq = seq_number, ACL does not match proxy IDs src:source_address dst:dest_address",None provided.,None provided.,7,Debugging,5,vpn,ipsec
+%FTD-7-713223,713223,"Group = groupname, Username = username, IP = peerIP Static Crypto Map check, map = crypto_map_tag, seq = seq_number, no ACL configured","%FTD-7-713223: Group = groupname, Username = username, IP = peerIP Static Crypto Map check, map = crypto_map_tag, seq = seq_number, no ACL configured",The crypto map associated with this peer is not linked to an ACL.,"Make sure an ACL associated with this crypto map exists, and that the ACL includes the appropriate private addresses or network from both sides of the VPN tunnel.",7,Debugging,5,vpn,ipsec
+%FTD-7-713224,713224,"Group = groupname, Username = username, IP = peerIP Static Crypto Map Check by-passed: Crypto map entry incomplete!","%FTD-7-713224: Group = groupname, Username = username, IP = peerIP Static Crypto Map Check by-passed: Crypto map entry incomplete!",The crypto map associated with this VPN tunnel is missing critical information.,"Verify that the crypto map is configured correctly with both the VPN peer, a transform set, and an associated ACL.",7,Debugging,15,vpn,ipsec
+%FTD-7-713225,713225,"Group = groupname, Username = username, IP = peerIP [IKEv1], Static Crypto Map check, map map_name, seq = sequence_number is a successful match","%FTD-7-713225: Group = groupname, Username = username, IP = peerIP [IKEv1], Static Crypto Map check, map map_name, seq = sequence_number is a successful match",The Secure Firewall Threat Defense device found a valid matching crypto map for this VPN tunnel.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-3-713226,713226,"Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group","%FTD-3-713226: Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group","When the device is configured to use digital certificates, a trustpoint must be specified in the configuration. When the trustpoint is missing from the configuration, this message is generated to flag an error.",The administrator of the device has to specify a trustpoint in the configuration.,3,Error,75,vpn,ipsec
+%FTD-3-713227,713227,"IP = IP_address Rejecting new IPsec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_netmask, remote Proxy Remote_address /Remote_netmask","%FTD-3-713227: IP = IP_address Rejecting new IPsec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_netmask, remote Proxy Remote_address /Remote_netmask","When establishing a Phase SA, the Secure Firewall Threat Defense device will reject a new Phase 2 matching this proxy.",None required.,3,Error,5,vpn,ipsec
+%FTD-5-713229,713229,"Group = groupname, Username = username, IP = peerIP Auto Update - Notification to client client_ip of update string: message_string .","%FTD-5-713229: Group = groupname, Username = username, IP = peerIP Auto Update - Notification to client client_ip of update string: message_string .",A VPN remote access client is notified that updated software is available for download. The remote client user is responsible for choosing to update the client access software.,None required.,5,Notification,5,vpn,ipsec
+%FTD-3-713230,713230,"Internal Error, ike_lock trying to lock bit that is already locked for type type","%FTD-3-713230: Internal Error, ike_lock trying to lock bit that is already locked for type type","An internal error occurred, which is reporting that the IKE subsystem is attempting to lock memory that has already been locked. This indicates errors on semaphores that are used to protect memory violations for IKE SAs. This message does not indicate that anything is seriously wrong. However, an unexpected event has occurred, and steps are automatically being taken for recovery.","If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-3-713231,713231,"Internal Error, ike_lock trying to unlock bit that is not locked for type type","%FTD-3-713231: Internal Error, ike_lock trying to unlock bit that is not locked for type type","An internal error has occurred, which is reporting that the IKE subsystem is attempting to unlock memory that is not currently locked. This indicates errors on semaphores that are used to protect memory violations for IKE SAs. This message does not indicate that anything is seriously wrong. However, an unexpected event has occurred, and steps are automatically being taken for recovery.","If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-3-713232,713232,"SA lock refCnt = value , bitmask = hexvalue , p1_decrypt_cb = value , qm_decrypt_cb = value , qm_hash_cb = value , qm_spi_ok_cb = value , qm_dh_cb = value , qm_secret_key_cb = value , qm_encrypt_cb = value","%FTD-3-713232: SA lock refCnt = value , bitmask = hexvalue , p1_decrypt_cb = value , qm_decrypt_cb = value , qm_hash_cb = value , qm_spi_ok_cb = value , qm_dh_cb = value , qm_secret_key_cb = value , qm_encrypt_cb = value","All the IKE SA are locked, and a possible error has been detected. This message reports errors on semaphores that are used to protect memory violations for IKE SAs.","If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-7-713233,713233,(VPN-unit ) Remote network (remote network ) validated for network extension mode.,%FTD-7-713233: (VPN-unit ) Remote network (remote network ) validated for network extension mode.,"The remote network received during the Phase 2 negotiation was validated. The message indicates the results of the remote network check during Phase 2 negotiations for Network Extension Mode clients. This is part of an existing feature that prevents users from misconfiguring their hardware client network (for example, configuring overlapping networks or the same network on multiple clients).",None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-713234,713234,(VPN-unit) Remote network (remote network ) from network extension mode client mismatches AAA configuration (aaa network ).,%FTD-7-713234: (VPN-unit) Remote network (remote network ) from network extension mode client mismatches AAA configuration (aaa network ).,The remote network received during the Phase 2 negotiation does not match the framed-ip-address and framed-subnet-mask that were returned from the AAA server for this session.,"Do one of the following: client, and correct any inconsistencies.",7,Debugging,15,vpn,ipsec
+%FTD-6-713235,713235,"Group = groupname, Username = username, IP = peerIP Attempt to send an IKE packet from standby unit. Dropping the packet!","%FTD-6-713235: Group = groupname, Username = username, IP = peerIP Attempt to send an IKE packet from standby unit. Dropping the packet!","Normally, IKE packets should never be sent from the standby unit to the remote peer. If such an attempt is made, an internal logic error may have occurred. The packet never leaves the standby unit because of protective code. This message facilitates debugging.",None required.,6,Informational,35,vpn,ipsec
+%FTD-7-713236,713236,"Group = groupname, Username = username, IP = peerIP IKE_DECODE tx/rx Message (msgid=msgid) with payloads:payload1 (payload1_len) + payload2 (payload2_len)...total length: tlen","%FTD-7-713236: Group = groupname, Username = username, IP = peerIP IKE_DECODE tx/rx Message (msgid=msgid) with payloads:payload1 (payload1_len) + payload2 (payload2_len)...total length: tlen","IKE sent or received various messages. The following example shows the output when IKE receives a message with an 8-byte hash payload, an 11-byte notify payload, and two 13-byte vendor-specific payloads: %Firewall Threat Defense-7-713236: IKE_DECODE RECEIVED Message msgid=0) with payloads: HDR + HASH (8) + NOTIFY (11) + VENDOR (13) + VENDOR (13) + NONE (0)",None required.,7,Debugging,5,vpn,ipsec
+%FTD-5-713237,713237,"Group = groupname, Username = username, IP = peerIP ACL update (access_list ) received during re-key re-authentication will not be applied to the tunnel.","%FTD-5-713237: Group = groupname, Username = username, IP = peerIP ACL update (access_list ) received during re-key re-authentication will not be applied to the tunnel.",The Phase 1 rekey of a remote access IPsec tunnel appears under the following conditions: from the one that was returned when the tunnel was first established.,"Under these conditions, the Secure Firewall Threat Defense device ignores the new access list and this message is generated. show access-list command IPsec users must reconnect for new user-specific access lists to take effect.",5,Notification,25,vpn,ipsec
+%FTD-3-713238,713238,"Group = groupname, Username = username, IP = peerIP Invalid source proxy address: 0.0.0.0! Check private address on remote client","%FTD-3-713238: Group = groupname, Username = username, IP = peerIP Invalid source proxy address: 0.0.0.0! Check private address on remote client",The private side address of a network extension mode client came across as 0.0.0.0. This usually indicates that no IP address was set on the private interface of the hardware client.,Verify the configuration of the remote client.,3,Error,85,vpn,ipsec
+%FTD-5-713239,713239,"Group = groupname, Username = username, IP = peerIP IP_Address : Tunnel Rejected: The maximum tunnel count allowed has been reached","%FTD-5-713239: Group = groupname, Username = username, IP = peerIP IP_Address : Tunnel Rejected: The maximum tunnel count allowed has been reached",An attempt to create a tunnel has occurred after the maximum number of tunnels allowed has been reached.,None required.,5,Notification,5,vpn,ipsec
+%FTD-4-713241,713241,IE Browser Proxy Method setting_number is Invalid,%FTD-4-713241: IE Browser Proxy Method setting_number is Invalid,An invalid proxy setting was found during ModeCfg processing. P1 negotiation will fail.,"Check the msie-proxy method command settings (a subcommand of the group-policy command), which should conform to one of the following: [auto-detect | no-modify | no-proxy | use-server] . Any other value or no value is incorrect. Try resetting the msie-proxy method command settings. If the problem persists, contact the Cisco TAC.",4,Warning,55,vpn,ipsec
+%FTD-4-713242,713242,"Group = groupname, Username = username, IP = peerIP Remote user is authenticated using Hybrid Authentication. Not starting IKE rekey.","%FTD-4-713242: Group = groupname, Username = username, IP = peerIP Remote user is authenticated using Hybrid Authentication. Not starting IKE rekey.","The Secure Firewall Threat Defense device has detected a request to start an IKE rekey for a tunnel configured to use Hybrid Xauth, but the rekey was not started. The Secure Firewall Threat Defense device will wait for the client to detect and initiate an IKE rekey.",None required.,4,Warning,5,vpn,ipsec
+%FTD-4-713243,713243,META-DATA Unable to find the requested certificate,%FTD-4-713243: META-DATA Unable to find the requested certificate,"The IKE peer requested a certificate from the cert-req payload. However, no valid identity certificate issued by the requested DN was found.",Perform the following steps: 1. Check the identity certificates. 2. Enroll or import the desired certificate. 3. Enable certificate debugging for more details.,4,Warning,55,vpn,ipsec
+%FTD-4-713244,713244,"Group = groupname, Username = username, IP = peerIP META-DATA Received Legacy Authentication Method(LAM) type type is different from the last type received type .","%FTD-4-713244: Group = groupname, Username = username, IP = peerIP META-DATA Received Legacy Authentication Method(LAM) type type is different from the last type received type .","The LAM attribute type received differs from the last type received. The type must be consistent throughout the user authentication process. The user authentication process cannot proceed, and the VPN connection will not be established.","If the problem persists, contact the Cisco TAC.",4,Warning,45,vpn,ipsec
+%FTD-4-713245,713245,"Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) type type received.","%FTD-4-713245: Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) type type received.",None provided.,None provided.,4,Warning,45,vpn,ipsec
+%FTD-4-713246,713246,"Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) attribute type type received.","%FTD-4-713246: Group = groupname, Username = username, IP = peerIP META-DATA Unknown Legacy Authentication Method(LAM) attribute type type received.","The Secure Firewall Threat Defense device received an unknown LAM attribute type, which should not cause connectivity problems, but might affect the functionality of the peer.",None required.,4,Warning,5,vpn,ipsec
+%FTD-4-713247,713247,"Group = groupname, Username = username, IP = peerIP META-DATA Unexpected error: in Next Card Code mode while not doing SDI.","%FTD-4-713247: Group = groupname, Username = username, IP = peerIP META-DATA Unexpected error: in Next Card Code mode while not doing SDI.",An unexpected error occurred during state processing.,"If the problem persists, contact the Cisco TAC.",4,Warning,45,vpn,ipsec
+%FTD-5-713248,713248,"Group = groupname, Username = username, IP = peerIP META-DATA Rekey initiation is being disabled during CRACK authentication.","%FTD-5-713248: Group = groupname, Username = username, IP = peerIP META-DATA Rekey initiation is being disabled during CRACK authentication.","When an IKE SA is negotiated using the CRACK authentication method, the Phase 1 SA rekey timer at the headend expired before a successful rekey. Because the remote client is always the initiator of the exchange when using the CRACK authentication method, the headend will not initiate the rekey. Unless the remote peer initiates a successful rekey before the IKE SA expires, the connection will come down upon IKE SA expiration.",None required.,5,Notification,5,vpn,ipsec
+%FTD-4-713249,713249,"Group = groupname, Username = username, IP = peerIP META-DATA Received unsupported authentication results: result","%FTD-4-713249: Group = groupname, Username = username, IP = peerIP META-DATA Received unsupported authentication results: result","While negotiating an IKE SA using the CRACK authentication method, the IKE subsystem received a result that is not supported during CRACK authentication from the authentication subsystem. The user authentication fails, and the VPN connection is torn down.","If the problem persists, contact the Cisco TAC.",4,Warning,45,vpn,ipsec
+%FTD-5-713250,713250,"Group = groupname, Username = username, IP = peerIP META-DATA Received unknown Internal Address attribute: attribute","%FTD-5-713250: Group = groupname, Username = username, IP = peerIP META-DATA Received unknown Internal Address attribute: attribute","The Secure Firewall Threat Defense device received a request for an internal address attribute that is not recognizable. The attribute might be valid, but not currently supported, or the peer might be sending an illegal value. This should not cause connectivity problems, but might affect the functionality of the peer.",None required.,5,Notification,5,vpn,ipsec
+%FTD-4-713251,713251,"Group = groupname, Username = username, IP = peerIP META-DATA Received authentication failure message","%FTD-4-713251: Group = groupname, Username = username, IP = peerIP META-DATA Received authentication failure message",The Secure Firewall Threat Defense device received a notification message that indicated an authentication failure while an IKE SA is negotiated using the CRACK authentication method. The connection is torn down.,None required.,4,Warning,5,vpn,ipsec
+%FTD-5-713252,713252,"Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. VPN Tunnel creation rejected for client.","%FTD-5-713252: Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. VPN Tunnel creation rejected for client.","When the group policy is configured to require the client to authenticate with a Zonelab Integrity Server, the server might need to be connected to the concentrator depending on the failure policy configured. If the fail policy is to reject the client connection, this message is generated when a Zonelab Integrity Server is not connected to the Secure Firewall Threat Defense device at the time the client is connecting.",Check that the configurations on the concentrator and the Zonelab Integrity Server match. Then verify that communication exists between the concentrator and the Zonelab Integrity Server.,5,Notification,45,vpn,ipsec
+%FTD-5-713253,713253,"Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. Entering ALLOW mode. VPN Tunnel created for client.","%FTD-5-713253: Group = group, Username = user, IP = ip Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. Entering ALLOW mode. VPN Tunnel created for client.","When the group policy is configured to require a client to authenticate with a Zonelab Integrity Server, the server might need to be connected to the concentrator, depending on the failure policy configured. If the failure policy is to accept the client connection, and provide unrestricted network access, this message is generated when a Zonelab Integrity Server is not connected to the Secure Firewall Threat Defense device at the time the client is connecting.",None provided.,5,Notification,35,vpn,ipsec
+%FTD-3-713254,713254,"Group = groupname, Username = username, IP = peerip Group = groupname, Username = username, IP = peerip, Invalid IPsec/UDP port = portnum, valid range is minport - maxport, except port 4500, which is reserved for IPsec/NAT-T","%FTD-3-713254: Group = groupname, Username = username, IP = peerip Group = groupname, Username = username, IP = peerip, Invalid IPsec/UDP port = portnum, valid range is minport - maxport, except port 4500, which is reserved for IPsec/NAT-T","You cannot use UDP port 4500 for IPsec/UDP connections, because it is reserved for IPsec or NAT-T connections. The CLI does not allow this configuration for local groups. This message should only occur for externally defined groups.",Change the IPsec or UDP port number on the external server to another port number. Valid port numbers are 4001 to 49151.,3,Error,75,vpn,ipsec
+%FTD-4-713255,713255,"IP = peer-IP IP = peer-IP, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name group-name","%FTD-4-713255: IP = peer-IP IP = peer-IP, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name group-name",An unknown tunnel group was specified in ISAKMP Aggressive Mode message 1.,Check the tunnel group and client configurations to make sure that they are valid.,4,Warning,45,vpn,ipsec
+%FTD-6-713256,713256,"IP = peer-IP , Sending spoofed ISAKMP Aggressive Mode message 2 due to receipt of unknown tunnel group. Aborting connection.","%FTD-6-713256: IP = peer-IP , Sending spoofed ISAKMP Aggressive Mode message 2 due to receipt of unknown tunnel group. Aborting connection.","When the peer specifies an invalid tunnel group, the Secure Firewall Threat Defense device will still send message 2 to prevent the peer from gleaning tunnel group information.",None required.,6,Informational,5,vpn,ipsec
+%FTD-5-713257,713257,Phase var1 failure: Mismatched attribute types for class var2 : Rcv'd: var3 Cfg'd: var4,%FTD-5-713257: Phase var1 failure: Mismatched attribute types for class var2 : Rcv'd: var3 Cfg'd: var4,"An Secure Firewall Threat Defense device has acted as the responder in a LAN-to-LAN connection. It indicates that the Secure Firewall Threat Defense crypto configuration does not match the configuration of the initiator. The message specifies during which phase the mismatch occurred, and which attributes both the responder and the initiator had that were different.","Check the crypto configuration on both of the LAN-to-LAN devices for inconsistencies. In particular, if a mismatch between UDP-Tunnel (NAT-T) and something else is reported, check the crypto maps. If one configuration has NAT-T disabled on the matched crypto map and the other does not, this will cause a failure.",5,Notification,35,vpn,ipsec
+%FTD-3-713258,713258,"IP = var1 IP = var1, Attempting to establish a phase2 tunnel on var2 interface but phase1 tunnel is on var3 interface. Tearing down old phase1 tunnel due to a potential routing change.","%FTD-3-713258: IP = var1 IP = var1, Attempting to establish a phase2 tunnel on var2 interface but phase1 tunnel is on var3 interface. Tearing down old phase1 tunnel due to a potential routing change.","The Secure Firewall Threat Defense device tries to establish a Phase 2 tunnel on an interface, and a Phase 1 tunnel already exists on a different interface. The existing Phase 1 tunnel is torn down to allow the establishment of a new tunnel on the new interface. 2 tunnel","Check whether or not the route of the peer has changed. If the route has not changed, a possible misconfiguration may exist.",3,Error,65,vpn,ipsec
+%FTD-5-713259,713259,"Group = groupname, Username = username, IP = peerIP Group = groupname, Username = username, IP = peerIP, Session is being torn down. Reason: reason","%FTD-5-713259: Group = groupname, Username = username, IP = peerIP Group = groupname, Username = username, IP = peerIP, Session is being torn down. Reason: reason","The termination reason for the ISAKMP session appears, which occurs when the session is torn down through session management. - Port Preempted (simultaneous logins) - Idle Timeout",None provided.,5,Notification,35,vpn,ipsec
+%FTD-3-713260,713260,Output interface %d to peer was not found,%FTD-3-713260: Output interface %d to peer was not found,"When trying to create a Phase 1 SA, the interface database could not be found for the interface ID.","If the problem persists, contact the Cisco TAC.",3,Error,65,vpn,ipsec
+%FTD-4-713261,713261,IPV6 address on output interface interface_number was not found,%FTD-4-713261: IPV6 address on output interface interface_number was not found,"When trying to create a Phase 1 SA, no IPv6 address is specified on the local interface.","For information about how to set up an IPv6 address on a desired interface, see the “Configuring IPv6 Addressing” section in the CLI configuration guide.",4,Warning,45,vpn,ipsec
+%FTD-3-713262,713262,"IP = IP_address Rejecting new IPSec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_prefix_len, remote Proxy Remote_address /Remote_prefix_len","%FTD-3-713262: IP = IP_address Rejecting new IPSec SA negotiation for peer Peer_address . A negotiation was already in progress for local Proxy Local_address /Local_prefix_len, remote Proxy Remote_address /Remote_prefix_len","When establishing a Phase SA, the Secure Firewall Threat Defense device will reject a new Phase 2 SA matching this proxy. negotiation",None required.,3,Error,5,vpn,ipsec
+%FTD-7-713263,713263,"Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask /prefix_len, Protocol protocol, Port port","%FTD-7-713263: Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask /prefix_len, Protocol protocol, Port port","The Secure Firewall Threat Defense device is adding a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel.",None provided.,7,Debugging,5,vpn,ipsec
+%FTD-7-713264,713264,"Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask/prefix_len, Protocol protocol, Port port {“Received remote IP Proxy Subnet data in ID Payload: Address IP address, Mask/mask, Protocol protocol_name, Port port_number ”}","%FTD-7-713264: Group = groupname, Username = username, IP = peerIP Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask/prefix_len, Protocol protocol, Port port {“Received remote IP Proxy Subnet data in ID Payload: Address IP address, Mask/mask, Protocol protocol_name, Port port_number ”}","The Secure Firewall Threat Defense device is adding a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel.",None required.,7,Debugging,5,vpn,ipsec
+%FTD-6-713265,713265,"Group = groupname, Username = username, IP = peerIP Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","%FTD-6-713265: Group = groupname, Username = username, IP = peerIP Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall Threat Defense device is adding a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel.",None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713266,713266,"Group = groupname, Username = username, IP = peerIP Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","%FTD-3-713266: Group = groupname, Username = username, IP = peerIP Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall Threat Defense device failed while attempting to add a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. This might indicate duplicate routes, a full IPv6 routing table, or a failure of the Secure Firewall Threat Defense device to remove previously used routes.","Check the IPv6 routing table to make sure there is room for additional routes, and that obsolete routes are not present. If the table is full or includes obsolete routes, remove the routes and try again. If the problem persists, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-6-713267,713267,"Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","%FTD-6-713267: Group = groupname, Username = username, IP = peerIP Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall Threat Defense device failed while attempting to add a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel.",None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713268,713268,"Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","%FTD-3-713268: Group = groupname, Username = username, IP = peerIP Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len","The Secure Firewall Threat Defense device experienced a failure while deleting a route for the private address or networks of the peer. In this case, the peer is either a client or a L2L peer with an unknown address. Both of these cases use dynamic crypto maps to allow the tunnel. The route may have already been deleted, or an internal software error has occurred.","If the route has already been deleted, the condition is benign and the device will function normally. If the problem persists or can be linked to routing issues over VPN tunnels, then check the routing and addressing portions of the VPN L2L configuration. Also check the reverse route injection and the ACLs associated with the appropriate crypto map. If the problem persists, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-6-713269,713269,"Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: /prefix_len","%FTD-6-713269: Group = groupname, Username = username, IP = peerIP Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: /prefix_len","A tunnel with a hardware client in network extension mode has been negotiated, and a static route is being added for the private network behind the hardware client. This configuration enables the Secure Firewall Threat Defense device to make the remote network known to all the routers on the private side of the headend.",None required.,6,Informational,5,vpn,ipsec
+%FTD-3-713270,713270,"Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: /prefix_len","%FTD-3-713270: Group = groupname, Username = username, IP = peerIP Could not add route for Hardware Client in network extension mode, address: IP_address, mask: /prefix_len","An internal software error has occurred. A tunnel with a hardware client in network extension mode has been negotiated, and an attempt to add the static route for the private network behind the hardware client failed. The IPv6 routing table may be full, or a possible addressing error has occurred.","If the problem persists, contact the Cisco TAC.",3,Error,75,vpn,ipsec
+%FTD-6-713271,713271,"Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask:/prefix_len","%FTD-6-713271: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask:/prefix_len","A tunnel to a hardware client in network extension mode is being removed, and the static route for the private network is being deleted behind the hardware client.",None required.,6,Informational,5,vpn,ipsec
+%FTD-5-713272,713272,"Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: /prefix_len","%FTD-5-713272: Group = groupname, Username = username, IP = peerIP Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: /prefix_len","While a tunnel to a hardware client in network extension mode was being removed, a route to the private network behind the hardware client cannot be deleted. This might indicate an addressing or software problem.","Check the IPv6 routing table to ensure that the route is not there. If it is, it may have to be removed manually, but only if the tunnel to the hardware client has been completely removed.",5,Notification,35,vpn,ipsec
+%FTD-6-713273,713273,"Group = groupname, Username = username, IP = peerIP Deleting static route for client address: IP_Address IP_Address address of client whose route is being removed","%FTD-6-713273: Group = groupname, Username = username, IP = peerIP Deleting static route for client address: IP_Address IP_Address address of client whose route is being removed",A route to the peer-assigned address or the networks protected by a hardware client were removed from the routing table.,None provided.,6,Informational,15,vpn,ipsec
+%FTD-3-713274,713274,"Group = groupname, Username = username, IP = peerIP Could not delete static route for client address: IP_Address IP_Address address of client whose route is being removed","%FTD-3-713274: Group = groupname, Username = username, IP = peerIP Could not delete static route for client address: IP_Address IP_Address address of client whose route is being removed","While a tunnel to an IPsec client was being removed, its entry in the routing table could not be removed. This condition may indicate a networking or software problem.","Check the routing table to make sure that the route does not exist. If it does, it may need to be removed manually, but only if the tunnel has been closed successfully.",3,Error,65,vpn,ipsec
+%FTD-3-713275,713275,IKEv1 Unsupported certificate keytype %s found at trustpoint %s,%FTD-3-713275: IKEv1 Unsupported certificate keytype %s found at trustpoint %s,This syslog is displayed for ikev1 when certificate key type is not of type ECDSA. Ensure that certificates of valid KEY type is installed on the GW.,None required.,3,Error,5,vpn,ipsec
+%FTD-3-713276,713276,IP = IP_address Dropping new negotiation - IKEv1 in-negotiation context limit of %u reached,%FTD-3-713276: IP = IP_address Dropping new negotiation - IKEv1 in-negotiation context limit of %u reached,This syslog message is displayed for ikev1 in multi context when maximum in negotiation limit is reached.,None required.,3,Error,85,vpn,ipsec
+%FTD-7-714001,714001,description_of_event_or_packet,%FTD-7-714001: description_of_event_or_packet,A description of an IKE protocol event or packet was provided.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-714002,714002,"Group = groupname, Username = username, IP = IP_address IKE Initiator starting QM: msg id = message_number","%FTD-7-714002: Group = groupname, Username = username, IP = IP_address IKE Initiator starting QM: msg id = message_number",The Secure Firewall Threat Defense device has sent the first packet of the Quick mode exchange as the Phase 2 initiator.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-714003,714003,IP = IP_address IKE Responder starting QM: msg id = message_number,%FTD-7-714003: IP = IP_address IKE Responder starting QM: msg id = message_number,The Secure Firewall Threat Defense device has received the first packet of the Quick mode exchange as the Phase 2 responder.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-714004,714004,"Group = groupname, Username = username, IP = IP_address IKE Initiator sending 1st QM pkt: msg id = message_number","%FTD-7-714004: Group = groupname, Username = username, IP = IP_address IKE Initiator sending 1st QM pkt: msg id = message_number",The protocol of the first Quick Mode packet was decoded.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-714005,714005,"Group = groupname, Username = username, IP = IP_address IKE Responder sending 2nd QM pkt: msg id = message_number","%FTD-7-714005: Group = groupname, Username = username, IP = IP_address IKE Responder sending 2nd QM pkt: msg id = message_number",The protocol of the second Quick Mode packet was decoded.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-714006,714006,"Group = groupname, Username = username, IP = IP_address IKE Initiator sending 3rd QM pkt: msg id = message_number","%FTD-7-714006: Group = groupname, Username = username, IP = IP_address IKE Initiator sending 3rd QM pkt: msg id = message_number",The protocol of the third Quick Mode packet was decoded.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-714007,714007,IKE Initiator sending Initial Contact,%FTD-7-714007: IKE Initiator sending Initial Contact,The Secure Firewall Threat Defense device is building and sending the initial contact payload.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-714011,714011,"Group = groupname, Username = username, IP = IP_address Description of received ID values","%FTD-7-714011: Group = groupname, Username = username, IP = IP_address Description of received ID values",The Secure Firewall Threat Defense device received the displayed ID information during the negotiation.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715001,715001,Descriptive statement,%FTD-7-715001: Descriptive statement,A description of an event or problem encountered by the Secure Firewall Threat Defense device appears.,The action depends on the description.,7,Debugging,5,vpn,ipsec
+%FTD-7-715004,715004,subroutine name () Q Send failure: RetCode (return_code ),%FTD-7-715004: subroutine name () Q Send failure: RetCode (return_code ),An internal error occurred when attempting to put messages in a queue.,"This is often a benign condition. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-7-715005,715005,subroutine name() Bad message code: Code (message_code ),%FTD-7-715005: subroutine name() Bad message code: Code (message_code ),An internal subroutine received a bad message code.,"This is often a benign condition. If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715006,715006,"Group = groupname, Username = username, IP = IP_address IKE got SPI from key engine: SPI = SPI_value","%FTD-7-715006: Group = groupname, Username = username, IP = IP_address IKE got SPI from key engine: SPI = SPI_value",The IKE subsystem received an SPI value from IPsec.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715007,715007,"Group = groupname, Username = username, IP = IP_address IKE got a KEY_ADD msg for SA: SPI = SPI_value","%FTD-7-715007: Group = groupname, Username = username, IP = IP_address IKE got a KEY_ADD msg for SA: SPI = SPI_value",IKE has completed tunnel negotiation and has successfully loaded the appropriate encryption and hashing keys for IPsec use.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715008,715008,"Could not delete SA SA_address, refCnt = number, caller = calling_subroutine_address","%FTD-7-715008: Could not delete SA SA_address, refCnt = number, caller = calling_subroutine_address",The calling subroutine cannot delete the IPsec SA. This might indicate a reference count problem.,"If the number of stale SAs grows as a result of this event, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715009,715009,"Group = groupname, Username = username, IP = IP_address IKE Deleting SA: Remote Proxy IP_address, Local Proxy IP_address","%FTD-7-715009: Group = groupname, Username = username, IP = IP_address IKE Deleting SA: Remote Proxy IP_address, Local Proxy IP_address",SA is being deleted with the listed proxy addresses.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715013,715013,"Group = groupname, Username = username, IP = IP_address Tunnel negotiation in progress for destination IP_address, discarding data","%FTD-7-715013: Group = groupname, Username = username, IP = IP_address Tunnel negotiation in progress for destination IP_address, discarding data",IKE is in the process of establishing a tunnel for this data. All packets to be protected by this tunnel will be dropped until the tunnel is fully established.,None required.,7,Debugging,25,vpn,ipsec
+%FTD-7-715018,715018,"Group = groupname, Username = username, IP = IP_address IP Range type id was loaded: Direction %s, From: %a, Through: %a","%FTD-7-715018: Group = groupname, Username = username, IP = IP_address IP Range type id was loaded: Direction %s, From: %a, Through: %a",This syslog message is generated while updating IPSEC SA details.,None provided.,7,Debugging,5,vpn,ipsec
+%FTD-7-715019,715019,"Group = group, Username = username, IP = ip Group group Username username IP ip IKEGetUserAttributes: Attribute name = name","%FTD-7-715019: Group = group, Username = username, IP = ip Group group Username username IP ip IKEGetUserAttributes: Attribute name = name",The modecfg attribute name and value pair being processed by the Secure Firewall Threat Defense device appear.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715020,715020,"Group = group, Username = username, IP = ip construct_cfg_set: Attribute name = name","%FTD-7-715020: Group = group, Username = username, IP = ip construct_cfg_set: Attribute name = name",The modecfg attribute name and value pair being transmitted by the Secure Firewall Threat Defense device appear.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715021,715021,"Group = group, Username = username, IP = ip Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress","%FTD-7-715021: Group = group, Username = username, IP = ip Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress",Quick mode processing is being delayed until all Phase 1 processing has been completed (for transaction mode).,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715022,715022,"Group = group, Username = username, IP = ip Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed","%FTD-7-715022: Group = group, Username = username, IP = ip Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed","Phase 1 processing has completed, and quick mode is being resumed.",None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715027,715027,"Group = group, Username = username, IP = ip IPsec SA Proposal # chosen_proposal, Transform # chosen_transform acceptable Matches global IPsec SA entry # crypto_map_index","%FTD-7-715027: Group = group, Username = username, IP = ip IPsec SA Proposal # chosen_proposal, Transform # chosen_transform acceptable Matches global IPsec SA entry # crypto_map_index",The indicated IPsec SA proposal and transform were selected from the payloads that the responder received. This data can be useful when attempting to debug IKE negotiation issues.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715028,715028,"Group = group, Username = username, IP = ip IKE SA Proposal # 1, Transform # chosen_transform acceptable Matches global IKE entry # crypto_map_index","%FTD-7-715028: Group = group, Username = username, IP = ip IKE SA Proposal # 1, Transform # chosen_transform acceptable Matches global IKE entry # crypto_map_index",The indicated IKE SA transform was selected from the payloads that the responder received. This data can be useful when attempting to debug IKE negotiation issues.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715031,715031,Obtained IP addr (%s) prior to initiating Mode Cfg (XAuth %s),%FTD-7-715031: Obtained IP addr (%s) prior to initiating Mode Cfg (XAuth %s),This syslog is generated when the IP address is assigned by the IP util subsystem.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715032,715032,Sending subnet mask (%s) to remote client,%FTD-7-715032: Sending subnet mask (%s) to remote client,This syslog is generated when the IP address is assigned by the IP util subsystem.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715033,715033,"Group = group, Username = username, IP = ip Processing CONNECTED notify (MsgId message_number )","%FTD-7-715033: Group = group, Username = username, IP = ip Processing CONNECTED notify (MsgId message_number )","The Secure Firewall Threat Defense device is processing a message containing a notify payload with the notify type CONNECTED (16384). The CONNECTED notify type is used to complete the commit bit processing and should be included in the fourth overall quick mode packet, which is sent from the responder to the initiator.",None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715034,715034,IP = ip action IOS keep alive payload: proposal=time 1 /time 2 sec.,%FTD-7-715034: IP = ip action IOS keep alive payload: proposal=time 1 /time 2 sec.,Processing for sending or receiving a keepalive payload message is being performed.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715035,715035,IP = ip Starting IOS keepalive monitor: seconds sec.,%FTD-7-715035: IP = ip Starting IOS keepalive monitor: seconds sec.,The keepalive timer will monitor for a variable number of seconds for keepalive messages.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715036,715036,"Group = group, Username = username, IP = ip Sending keep-alive of type notify_type (seq number number )","%FTD-7-715036: Group = group, Username = username, IP = ip Sending keep-alive of type notify_type (seq number number )",Processing for sending a keepalive notify message is being performed.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715037,715037,"Group = group, Username = username, IP = ip Unknown IOS Vendor ID version: major.minor.variance","%FTD-7-715037: Group = group, Username = username, IP = ip Unknown IOS Vendor ID version: major.minor.variance",The capabilities of this version of the Cisco IOS are not known.,"There may be interoperability issues with features such as IKE keepalives. If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715038,715038,"Group = group, Username = username, IP = ip action Spoofing_information Vendor ID payload (version: major.minor.variance, capabilities: value )","%FTD-7-715038: Group = group, Username = username, IP = ip action Spoofing_information Vendor ID payload (version: major.minor.variance, capabilities: value )",Processing for the Cisco IOS vendor ID payload has been performed. The action being performed might be Altiga spoofing the Cisco IOS.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715039,715039,"Group = group, Username = username, IP = ip Unexpected cleanup of tunnel table entry during SA delete.","%FTD-7-715039: Group = group, Username = username, IP = ip Unexpected cleanup of tunnel table entry during SA delete.",An entry in the IKE tunnel table was never removed when the SA was freed. This indicates a defect in the state machine.,"If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715040,715040,Deleting active auth handle during SA deletion: handle = internal_authentication_handle,%FTD-7-715040: Deleting active auth handle during SA deletion: handle = internal_authentication_handle,None provided.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715041,715041,"Group = group, Username = username, IP = ip Received keep-alive of type keepalive_type, not the negotiated type","%FTD-7-715041: Group = group, Username = username, IP = ip Received keep-alive of type keepalive_type, not the negotiated type",A keepalive of the type indicated in the message was received unexpectedly.,Check the keepalive configuration on both peers.,7,Debugging,5,vpn,ipsec
+%FTD-7-715042,715042,"Group = group, Username = username, IP = ip IKE received response of type failure_type to a request from the IP_address utility","%FTD-7-715042: Group = group, Username = username, IP = ip IKE received response of type failure_type to a request from the IP_address utility",A request for an IP address for a remote access client from the internal utility that provides these addresses cannot be satisfied. Variable text in the message string indicates more specifically what went wrong.,Check the IP address assignment configuration and adjust accordingly.,7,Debugging,15,vpn,ipsec
+%FTD-7-715044,715044,IP = ip Ignoring Keepalive payload from vendor not support KeepAlive capability,%FTD-7-715044: IP = ip Ignoring Keepalive payload from vendor not support KeepAlive capability,A Cisco IOS keepalive payload from a vendor was received without keepalive capabilities being set. The payload is ignored.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715045,715045,ERROR: malformed Keepalive payload,%FTD-7-715045: ERROR: malformed Keepalive payload,A malformed keepalive payload has been received. The payload is ignored.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715046,715046,"Group = groupname, Username = username, IP = IP_address Group = groupname, Username = username, IP = IP_address, constructing payload_description payload","%FTD-7-715046: Group = groupname, Username = username, IP = IP_address Group = groupname, Username = username, IP = IP_address, constructing payload_description payload",An IP address from a remote client for a specific group and user shows details about the IKE payload being constructed.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715047,715047,"Group = groupname, Username = username, IP = IP_address processing payload_description payload","%FTD-7-715047: Group = groupname, Username = username, IP = IP_address processing payload_description payload",Details of the IKE payload received and being processed appear.,None provided.,7,Debugging,5,vpn,ipsec
+%FTD-7-715048,715048,"Group = groupname, Username = username, IP = IP_address Send VID_type VID","%FTD-7-715048: Group = groupname, Username = username, IP = IP_address Send VID_type VID",The type of vendor ID payload being sent appears.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715049,715049,"Group = groupname, Username = username, IP = IP_address Received VID_type VID","%FTD-7-715049: Group = groupname, Username = username, IP = IP_address Received VID_type VID",The type of vendor ID payload received appears.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715050,715050,"Group = groupname, Username = username, IP = IP_address Claims to be IOS but failed authentication","%FTD-7-715050: Group = groupname, Username = username, IP = IP_address Claims to be IOS but failed authentication","The vendor ID received looks like a Cisco IOS VID, but does not match hmac_sha.","Check the vendor ID configuration on both peers. If this issue affects interoperability and the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-7-715051,715051,IP = IP_address Received unexpected TLV type TLV_type while processing FWTYPE ModeCfg Reply,%FTD-7-715051: IP = IP_address Received unexpected TLV type TLV_type while processing FWTYPE ModeCfg Reply,An unknown TLV was received in an Secure Firewall Threat Defense record while an FWTYPE ModeCfg Reply was being processed. The TLV will be discarded. This might occur either because of packet corruption or because the connecting client supports a later version of the Secure Firewall Threat Defense protocol.,Check the personal FW installed on the Cisco VPN client and the personal firewall configuration on the Secure Firewall Threat Defense device. This may also indicate a version mismatch between the VPN client and the Secure Firewall Threat Defense device.,7,Debugging,35,vpn,ipsec
+%FTD-7-715052,715052,"Group = groupname, Username = username, IP = IP_address Old P1 SA is being deleted but new SA is DEAD, cannot transition centries","%FTD-7-715052: Group = groupname, Username = username, IP = IP_address Old P1 SA is being deleted but new SA is DEAD, cannot transition centries","The old P1 SA is being deleted, but has no new SA to transition to because it was marked for deletion as well. This generally indicates that the two IKE peers are out-of-sync with each other and may be using different rekey times. The problem should correct itself, but there may be some small amount of data loss until a fresh P1 SA is reestablished.",None provided.,7,Debugging,5,vpn,ipsec
+%FTD-7-715053,715053,"Group = groupname, Username = username, IP = IP_address MODE_CFG: Received request for attribute_info !","%FTD-7-715053: Group = groupname, Username = username, IP = IP_address MODE_CFG: Received request for attribute_info !",The Secure Firewall Threat Defense device received a mode configuration message requesting the specified attribute.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715054,715054,MODE_CFG: Received attribute_name reply: value,%FTD-7-715054: MODE_CFG: Received attribute_name reply: value,The Secure Firewall Threat Defense received a mode configuration reply message from the remote peer.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715055,715055,"Group = groupname, Username = username, IP = IP_address Send attribute_name","%FTD-7-715055: Group = groupname, Username = username, IP = IP_address Send attribute_name",The Secure Firewall Threat Defense device sent a mode configuration message to the remote peer.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715056,715056,"Group = groupname, Username = username, IP = IP_address Client is configured for TCP_transparency","%FTD-7-715056: Group = groupname, Username = username, IP = IP_address Client is configured for TCP_transparency","Because the remote end (client) is configured for IPsec over TCP, the headend Secure Firewall Threat Defense device must not negotiate IPsec over UDP or IPsec over NAT-T with the client.",The NAT transparency configuration may require adjustment of one of the peers if the tunnel does not come up.,7,Debugging,5,vpn,ipsec
+%FTD-7-715057,715057,"Group = groupname, Username = username, IP = IP_address Auto-detected a NAT device with NAT-Traversal. Ignoring IPsec-over-UDP configuration.","%FTD-7-715057: Group = groupname, Username = username, IP = IP_address Auto-detected a NAT device with NAT-Traversal. Ignoring IPsec-over-UDP configuration.",IPsec-over-UDP mode configuration information will not be exchanged because NAT-Traversal was detected.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715058,715058,"Group = groupname, Username = username, IP = IP_address NAT-Discovery payloads missing. Aborting NAT-Traversal.","%FTD-7-715058: Group = groupname, Username = username, IP = IP_address NAT-Discovery payloads missing. Aborting NAT-Traversal.",The remote end did not provide NAT-Discovery payloads required for NAT-Traversal after exchanging NAT-Traversal VIDs. At least two NAT-Discovery payloads must be received.,"This may indicate a nonconforming NAT-T implementation. If the offending peer is a Cisco product and the problem persists, contact the Cisco TAC. If the offending peer is not a Cisco product, then contact the manufacturer support team.",7,Debugging,5,vpn,ipsec
+%FTD-7-715059,715059,"Group = groupname, Username = username, IP = IP_address Proposing/Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal","%FTD-7-715059: Group = groupname, Username = username, IP = IP_address Proposing/Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal",You need to use these modes instead of the usual transport and tunnel modes defined in the SA to successfully negotiate NAT-Traversal.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715060,715060,"Group = groupname, Username = username, IP = IP_address Dropped received IKE fragment. Reason: reason","%FTD-7-715060: Group = groupname, Username = username, IP = IP_address Dropped received IKE fragment. Reason: reason",The reason for dropping the fragment appears.,"The recommended action depends on the drop reason, but might indicate a problem with an intervening NAT device or a nonconforming peer.",7,Debugging,25,vpn,ipsec
+%FTD-7-715061,715061,"Group = groupname, Username = username, IP = IP_address Rcv'd fragment from a new fragmentation set. Deleting any old fragments.","%FTD-7-715061: Group = groupname, Username = username, IP = IP_address Rcv'd fragment from a new fragmentation set. Deleting any old fragments.","A resend of the same packet occurred, but fragmented to a different MTU, or another packet altogether.",None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715062,715062,"Group = groupname, Username = username, IP = IP_address Error assembling fragments! Fragment numbers are non-continuous.","%FTD-7-715062: Group = groupname, Username = username, IP = IP_address Error assembling fragments! Fragment numbers are non-continuous.",There is a gap in fragment numbers.,"This might indicate a network problem. If the condition persists and results in dropped tunnels or prevents certain peers from negotiating with the Secure Firewall Threat Defense device, contact the Cisco TAC.",7,Debugging,25,vpn,ipsec
+%FTD-7-715063,715063,"Group = groupname, Username = username, IP = IP_address Successfully assembled an encrypted pkt from rcv'd fragments!","%FTD-7-715063: Group = groupname, Username = username, IP = IP_address Successfully assembled an encrypted pkt from rcv'd fragments!",Assembly for a fragmented packet that was received was successful.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715064,715064,IKE Peer included IKE fragmentation capability flags: Main Mode: true /false Aggressive Mode: true /false,%FTD-7-715064: IKE Peer included IKE fragmentation capability flags: Main Mode: true /false Aggressive Mode: true /false,The peer supports IKE fragmentation based on the information provided in the message.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715065,715065,"Group = groupname, Username = username, IP = IP_address IKE state_machine subtype FSM error history (struct data_structure_address ) state, event : state /event pairs","%FTD-7-715065: Group = groupname, Username = username, IP = IP_address IKE state_machine subtype FSM error history (struct data_structure_address ) state, event : state /event pairs","A Phase 1 error occurred and the state, event history pairs will be displayed in reverse chronological order.","Most of these errors are benign. If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715066,715066,"Group = groupname, Username = username, IP = IP_address Can't load an IPsec SA! The corresponding IKE SA contains an invalid logical ID.","%FTD-7-715066: Group = groupname, Username = username, IP = IP_address Can't load an IPsec SA! The corresponding IKE SA contains an invalid logical ID.",The logical ID in the IKE SA is NULL. The Phase II negotiation will be torn down.,"An internal error has occurred. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-7-715067,715067,"QM IsRekeyed: existing sa from different peer, rejecting new sa","%FTD-7-715067: QM IsRekeyed: existing sa from different peer, rejecting new sa","The LAN-TO-LAN SA that is being established already exists, that is, an SA with the same remote network, but is sourced from a different peer. This new SA will be deleted, because this is not a legal configuration.","Check the LAN-TO-LAN configuration on all associated peers. Specifically, multiple peers should not be sharing private networks.",7,Debugging,5,vpn,ipsec
+%FTD-7-715068,715068,"Group = groupname, Username = username, IP = IP_address QM IsRekeyed: duplicate sa found by address, deleting old sa","%FTD-7-715068: Group = groupname, Username = username, IP = IP_address QM IsRekeyed: duplicate sa found by address, deleting old sa","The remote access SA that is being established already exists, that is, an SA with the same remote network, but is sourced from a different peer. The old SA will be deleted, because the peer may have changed its IP address.","This may be a benign condition, especially if a client tunnel was terminated abruptly. If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715069,715069,"Group = groupname, Username = username, IP = IP_address Invalid ESP SPI size of SPI_size","%FTD-7-715069: Group = groupname, Username = username, IP = IP_address Invalid ESP SPI size of SPI_size",The Secure Firewall Threat Defense device received an IPsec SA proposal with an invalid ESP SPI size. This proposal will be skipped.,"Generally, this is a benign condition but might indicate that a peer may be nonconforming. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-7-715070,715070,"Group = groupname, Username = username, IP = IP_address Invalid IPComp SPI size of SPI_size","%FTD-7-715070: Group = groupname, Username = username, IP = IP_address Invalid IPComp SPI size of SPI_size",The Secure Firewall Threat Defense device received an IPsec SA proposal with an invalid IPComp SPI size. This proposal will be skipped.,"Generally, this is a benign condition but might indicate that a peer is nonconforming. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,ipsec
+%FTD-7-715071,715071,"Group = groupname, Username = username, IP = IP_address AH proposal not supported","%FTD-7-715071: Group = groupname, Username = username, IP = IP_address AH proposal not supported",The IPsec AH proposal is not supported. This proposal will be skipped.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715072,715072,"Group = groupname, Username = username, IP = IP_address Received proposal with unknown protocol ID protocol_ID","%FTD-7-715072: Group = groupname, Username = username, IP = IP_address Received proposal with unknown protocol ID protocol_ID",The Secure Firewall Threat Defense device received an IPsec SA proposal with an unknown protocol ID. This proposal will be skipped.,"Generally, this is a benign condition, but might indicate that a peer is nonconforming. If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715074,715074,"Group = groupname, Username = username, IP = IP_address Could not retrieve authentication attributes for peer IP_address","%FTD-7-715074: Group = groupname, Username = username, IP = IP_address Could not retrieve authentication attributes for peer IP_address",The Secure Firewall Threat Defense device cannot get authorization information for the remote user.,"Make sure that authentication and authorization settings have been configured correctly. If the problem persists, contact the Cisco TAC.",7,Debugging,5,vpn,ipsec
+%FTD-7-715075,715075,"Group = group_name, Username = username, IP = IP_address Group = group_name, IP = IP_address Received keep-alive of type message_type (seq number number )","%FTD-7-715075: Group = group_name, Username = username, IP = IP_address Group = group_name, IP = IP_address Received keep-alive of type message_type (seq number number )","This message is paired with DPD R-U-THERE message 715036, which logs the DPD sending messages. Two possible cases: Be aware of the following: messages. If the Secure Firewall Threat Defense device sends a DPD R-U-THERE-ACK message without first receiving a DPD R-U-THERE message from the peer, it is likely experiencing a security breech. messages. If the Secure Firewall Threat Defense device did not receive a DPD R-U-THERE-ACK message within a reasonable amount of time after sending a DPD R-U-THERE message to the peer, the tunnel is most likely down.",None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715076,715076,"Group = group_name, Username = username, IP = IP_address Computing hash for ISAKMP","%FTD-7-715076: Group = group_name, Username = username, IP = IP_address Computing hash for ISAKMP","IKE computed various hash values. This object will be prepended as follows: Group = >groupname , Username = >username , IP = >ip_address ...",None provided.,7,Debugging,5,vpn,ipsec
+%FTD-7-715077,715077,"Pitcher: msg string, spi spi","%FTD-7-715077: Pitcher: msg string, spi spi","Various messages have been sent to IKE. msg_string can be one of the following: This object will be prepended as follows: Group = >groupname , Username = >username , IP = >ip_address ,...",None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715078,715078,"Group = group_name, Username = username, IP = IP_address Received %s LAM attribute","%FTD-7-715078: Group = group_name, Username = username, IP = IP_address Received %s LAM attribute",This syslog is generated during parsing of challenge/response payload.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715079,715079,"Group = group_name, Username = username, IP = IP_address INTERNAL_ADDRESS: Received request for %s","%FTD-7-715079: Group = group_name, Username = username, IP = IP_address INTERNAL_ADDRESS: Received request for %s",This syslog is generated during processing of internal address payload.,None required.,7,Debugging,5,vpn,ipsec
+%FTD-7-715080,715080,"Group = group_name, Username = username, IP = IP_address VPN: Starting P2 rekey timer: 28800 seconds.","%FTD-7-715080: Group = group_name, Username = username, IP = IP_address VPN: Starting P2 rekey timer: 28800 seconds.",None provided.,None provided.,7,Debugging,5,vpn,ipsec
+%FTD-6-716001,716001,Group group User user IP ip WebVPN session started.,%FTD-6-716001: Group group User user IP ip WebVPN session started.,"The WebVPN session has started for the user in this group at the specified IP address. When the user logs in via the WebVPN login page, the WebVPN session starts.",None required.,6,Informational,5,vpn,webvpn
+%FTD-6-716002,716002,Group GroupPolicy User username IP ip WebVPN session terminated: User_Requested.,%FTD-6-716002: Group GroupPolicy User username IP ip WebVPN session terminated: User_Requested.,"The WebVPN session has been terminated by a user request. Possible reasons include: been exceeded. To resolve this problem, increase the number of simultaneous logins or have users only log in once with a given username and password.","Unless the reason indicates a problem, then no action is required.",6,Informational,25,vpn,webvpn
+%FTD-6-716003,716003,Group group User user IP ip WebVPN access GRANTED: url://string/string,%FTD-6-716003: Group group User user IP ip WebVPN access GRANTED: url://string/string,The WebVPN user in this group at the specified IP address has been granted access to this URL. The user access to various locations can be controlled using WebVPN-specific ACLs.,None required.,6,Informational,5,vpn,webvpn
+%FTD-6-716004,716004,Group group User user IP ip WebVPN access DENIED to specified location: url://string/string,%FTD-6-716004: Group group User user IP ip WebVPN access DENIED to specified location: url://string/string,"The WebVPN user in this group has been denied access to this URL. The WebVPN user access to various locations can be controlled using WebVPN-specific ACLs. In this case, a particular entry is denying access to this URL.",None required.,6,Informational,35,vpn,webvpn
+%FTD-6-716005,716005,Group group User user IP ip WebVPN ACL Parse Error: reason string,%FTD-6-716005: Group group User user IP ip WebVPN ACL Parse Error: reason string,The ACL for the WebVPN user in the specified group failed to parse correctly.,Correct the WebVPN ACL.,6,Informational,25,vpn,webvpn
+%FTD-6-716006,716006,Group name User user IP iP WebVPN session not allowed. WebVPN protocol is disabled for this user.,%FTD-6-716006: Group name User user IP iP WebVPN session not allowed. WebVPN protocol is disabled for this user.,The WebVPN session was not created for the user in the specified group because the VPN tunnel protocol is not set to WebVPN.,None required.,6,Informational,5,vpn,webvpn
+%FTD-4-716007,716007,Group group User user IP IP WebVPN Unable to create session.,%FTD-4-716007: Group group User user IP IP WebVPN Unable to create session.,"The WebVPN session was not created for the user in the specified group because of resource issues. For example, the user may have reached the maximum login limit.",None required.,4,Warning,5,vpn,webvpn
+%FTD-7-716008,716008,WebVPN ACL: action string,%FTD-7-716008: WebVPN ACL: action string,None provided.,None provided.,7,Debugging,5,vpn,webvpn
+%FTD-6-716009,716009,Group group User user IP IP WebVPN session not allowed. ACL parse error.,%FTD-6-716009: Group group User user IP IP WebVPN session not allowed. ACL parse error.,The WebVPN session for the specified user in this group is not allowed because the associated ACL did not parse. The user will not be allowed to log in via WebVPN until this error has been corrected.,Correct the WebVPN ACL.,6,Informational,15,vpn,webvpn
+%FTD-7-716010,716010,Group group User user IP ip Browse network.,%FTD-7-716010: Group group User user IP ip Browse network.,The WebVPN user in the specified group browsed the network.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716011,716011,Group group User user IP ip Browse domain domain.,%FTD-7-716011: Group group User user IP ip Browse domain domain.,The WebVPN specified user in this group browsed the specified domain.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716012,716012,Group group User user IP ip Browse directory directory.,%FTD-7-716012: Group group User user IP ip Browse directory directory.,The specified WebVPN user browsed the specified directory.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716013,716013,Group group User user IP ip Close file filename.,%FTD-7-716013: Group group User user IP ip Close file filename.,The specified WebVPN user closed the specified file.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716014,716014,Group group User user IP ip View file filename.,%FTD-7-716014: Group group User user IP ip View file filename.,The specified WebVPN user viewed the specified file.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716015,716015,Group group User user IP ip Remove file filename.,%FTD-7-716015: Group group User user IP ip Remove file filename.,The WebVPN user in the specified group removed the specified file.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716016,716016,Group group User user IP ip Rename file old_filename to new_filename.,%FTD-7-716016: Group group User user IP ip Rename file old_filename to new_filename.,The specified WebVPN user renamed the specified file.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716017,716017,Group group User user IP ip Modify file filename.,%FTD-7-716017: Group group User user IP ip Modify file filename.,The specified WebVPN user modified the specified file.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716018,716018,Group group User user IP ip Create file filename.,%FTD-7-716018: Group group User user IP ip Create file filename.,The specified WebVPN user created the specified file.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716019,716019,Group group User user IP ip Create directory directory.,%FTD-7-716019: Group group User user IP ip Create directory directory.,The specified WebVPN user created the specified directory.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716020,716020,Group group User user IP ip Remove directory directory.,%FTD-7-716020: Group group User user IP ip Remove directory directory.,The specified WebVPN user removed the specified directory.,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716021,716021,"File access DENIED, filename.","%FTD-7-716021: File access DENIED, filename.",The specified WebVPN user was denied access to the specified file.,None provided.,7,Debugging,25,vpn,webvpn
+%FTD-4-716022,716022,Unable to connect to proxy server reason.,%FTD-4-716022: Unable to connect to proxy server reason.,The WebVPN HTTP/HTTPS redirect failed for the specified reason.,Check the HTTP/HTTPS proxy configuration.,4,Warning,55,vpn,webvpn
+%FTD-4-716023,716023,Group name User user IP ip Session could not be established: session limit of maximum_sessions reached.,%FTD-4-716023: Group name User user IP ip Session could not be established: session limit of maximum_sessions reached.,The user session cannot be established because the current number of sessions exceeds the maximum session load.,"Increase the configured limit, if possible, to create a load-balanced cluster.",4,Warning,45,vpn,webvpn
+%FTD-7-716024,716024,Group name User user IP ip Unable to browse the network.Error: description,%FTD-7-716024: Group name User user IP ip Unable to browse the network.Error: description,"The user was unable to browse the Windows network using the CIFS protocol, as indicated by the description. For example, “Unable to contact necessary server” indicates that the remote server is unavailable or unreachable. This might be a transient condition or may require further troubleshooting.",Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device.,7,Debugging,15,vpn,webvpn
+%FTD-7-716025,716025,Group name User user IP ip Unable to browse domain domain.Error: description,%FTD-7-716025: Group name User user IP ip Unable to browse domain domain.Error: description,The user was unable to browse the remote domain using the CIFS protocol.,Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Check the NetBIOS name server configuration on the Secure Firewall Threat Defense device.,7,Debugging,15,vpn,webvpn
+%FTD-7-716026,716026,Group name User user IP ip Unable to browse directory directory.Error: description,%FTD-7-716026: Group name User user IP ip Unable to browse directory directory.Error: description,The user was unable to browse the remote directory using the CIFS protocol.,None provided.,7,Debugging,15,vpn,webvpn
+%FTD-7-716027,716027,Group name User user IP ip Unable to view file filename.Error: description.,%FTD-7-716027: Group name User user IP ip Unable to view file filename.Error: description.,The user was unable to view the remote file using the CIFS protocol.,Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device.,7,Debugging,15,vpn,webvpn
+%FTD-7-716028,716028,Group name User user IP ip Unable to remove file filename.Error: description,%FTD-7-716028: Group name User user IP ip Unable to remove file filename.Error: description,"The user was unable to remove the remote file using the CIFS protocol, probably caused by a lack of file permissions.",Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device and the file permissions.,7,Debugging,15,vpn,webvpn
+%FTD-7-716029,716029,Group name User user IP ip Unable to rename file filename.Error: description,%FTD-7-716029: Group name User user IP ip Unable to rename file filename.Error: description,"The user was unable to rename the remote file using the CIFS protocol, probably caused by lack of file permissions.",Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device and the file permissions.,7,Debugging,15,vpn,webvpn
+%FTD-7-716030,716030,Group name User user IP ip Unable to modify file filename.Error: description,%FTD-7-716030: Group name User user IP ip Unable to modify file filename.Error: description,"A problem occurred when a user attempted to modify an existing file using the CIFS protocol, probably caused by a lack of file permissions.",Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device and the file permissions.,7,Debugging,15,vpn,webvpn
+%FTD-7-716031,716031,Group name User user IP ip Unable to create file filename.Error: description,%FTD-7-716031: Group name User user IP ip Unable to create file filename.Error: description,"A problem occurred when a user attempted to create a file using the CIFS protocol, probably caused by a file permissions problem.",Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device and the file permissions.,7,Debugging,15,vpn,webvpn
+%FTD-7-716032,716032,Group name User user IP ip Unable to create folder folder.Error: description,%FTD-7-716032: Group name User user IP ip Unable to create folder folder.Error: description,"A problem occurred when a user attempted to create a folder using the CIFS protocol, probably caused by a file permissions problem.",Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device and the file permissions.,7,Debugging,15,vpn,webvpn
+%FTD-7-716033,716033,Group name User user IP ip Unable to remove folder folder.Error: description,%FTD-7-716033: Group name User user IP ip Unable to remove folder folder.Error: description,"A problem occurred when a user of the CIFS protocol attempted to remove a folder, which probably occurred because of a permissions problem or a problem communicating with the server on which the file resides.",Check the connectivity between the WebVPN device and the server being accessed by the CIFS protocol. Also check the NetBIOS name server configuration on the Secure Firewall Threat Defense device.,7,Debugging,15,vpn,webvpn
+%FTD-7-716034,716034,Group name User user IP ip Unable to write to file filename.,%FTD-7-716034: Group name User user IP ip Unable to write to file filename.,"A problem occurred when a user attempted to write to a file using the CIFS protocol, probably caused by a permissions problem or a problem communicating with the server on which the file resides.",None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716035,716035,Group name User user IP ip Unable to read file filename.,%FTD-7-716035: Group name User user IP ip Unable to read file filename.,"A problem occurred when a user of the CIFS protocol tried to read a file, probably caused by a file permissions problem.",Check the file permissions.,7,Debugging,15,vpn,webvpn
+%FTD-7-716036,716036,Group name User user IP ip File Access: User user logged into the server server.,%FTD-7-716036: Group name User user IP ip File Access: User user logged into the server server.,A user successfully logged into the server using the CIFS protocol,None required.,7,Debugging,5,vpn,webvpn
+%FTD-7-716037,716037,Group name User user IP ip File Access: User user failed to login into the server server.,%FTD-7-716037: Group name User user IP ip File Access: User user failed to login into the server server.,"A user attempted to log in to a server using the CIFS protocol, but was unsuccessful.",Verify that the user entered the correct username and password.,7,Debugging,25,vpn,webvpn
+%FTD-6-716038,716038,"Group group User user IP ip Authentication: successful, Session Type: WebVPN.","%FTD-6-716038: Group group User user IP ip Authentication: successful, Session Type: WebVPN.","Before a WebVPN session can start, the user must be authenticated successfully by a local or remote server (for example, RADIUS or TACACS+).",None required.,6,Informational,5,vpn,webvpn
+%FTD-6-716039,716039,"Group name User user IP ip Authentication: rejected, Session Type: session-type.","%FTD-6-716039: Group name User user IP ip Authentication: rejected, Session Type: session-type.","Before a WebVPN session starts, the user must be authenticated successfully by a local or remote server (for example, RADIUS or TACACS+). In this case, the user credentials (username and password) either did not match, or the user does not have permission to start a WebVPN session. The username is hidden when invalid or unknown, but appears when valid or the no logging hide username command has been configured.",Verify the user credentials on the local or remote server and that WebVPN is configured for the user.,6,Informational,35,vpn,webvpn
+%FTD-6-716040,716040,"Reboot pending, new sessions disabled. Denied user login.","%FTD-6-716040: Reboot pending, new sessions disabled. Denied user login.",A user was unable to log in to WebVPN because the Secure Firewall Threat Defense device is in the process of rebooting.,None required.,6,Informational,45,vpn,webvpn
+%FTD-6-716041,716041,access-list acl_ID action url url hit-cnt count,%FTD-6-716041: access-list acl_ID action url url hit-cnt count,"The WebVPN URL named acl_ID has been hit count times for location url, whose action is permitted or denied.",None required.,6,Informational,35,vpn,webvpn
+%FTD-6-716042,716042,access-list acl_ID action tcp source_interface/source_address(source_port) -> dest_interface/dest_address(dest_port) hit-cnt count,%FTD-6-716042: access-list acl_ID action tcp source_interface/source_address(source_port) -> dest_interface/dest_address(dest_port) hit-cnt count,"The WebVPN TCP named acl_ID has been hit count times for packet received on the source interface source_interface/source_address and source port source_port forwarded to dest_interface/dest_address destination dest_port, whose action is permitted or denied.",None required.,6,Informational,35,vpn,webvpn
+%FTD-6-716043,716043,Group <group-name> User <user-name> IP <IP_address> WebVPN Port Forwarding Java applet started. Created new hosts file mappings.,%FTD-6-716043: Group <group-name> User <user-name> IP <IP_address> WebVPN Port Forwarding Java applet started. Created new hosts file mappings.,The user has launched a TCP port-forwarding applet from a WebVPN session.,None required.,6,Informational,5,vpn,webvpn
+%FTD-4-716044,716044,Group group-name User user-name IP IP_address AAA parameter param-name value param-value out of range.,%FTD-4-716044: Group group-name User user-name IP IP_address AAA parameter param-name value param-value out of range.,The given parameter has a bad value.,None provided.,4,Warning,45,vpn,webvpn
+%FTD-4-716045,716045,Group group-name User user-name IP IP_address AAA parameter param-name value invalid.,%FTD-4-716045: Group group-name User user-name IP IP_address AAA parameter param-name value invalid.,The given parameter has a bad value. The value is not shown because it might be very long.,Modify the configuration to correct the indicated parameter.,4,Warning,55,vpn,webvpn
+%FTD-4-716046,716046,"Group group-name User user-name IP IP_address User ACL access-list-name from AAA doesn't exist on the device, terminating connection.","%FTD-4-716046: Group group-name User user-name IP IP_address User ACL access-list-name from AAA doesn't exist on the device, terminating connection.",The specified ACL was not found on the Secure Firewall Threat Defense device.,Modify the configuration to add the specified ACL or to correct the ACL name.,4,Warning,45,vpn,webvpn
+%FTD-4-716047,716047,"Group group-name User user-name IP IP_address User ACL access-list-name from AAA ignored, AV-PAIR ACL used instead.","%FTD-4-716047: Group group-name User user-name IP IP_address User ACL access-list-name from AAA ignored, AV-PAIR ACL used instead.",The specified ACL was not used because a Cisco AV-PAIR ACL was used.,Determine the correct ACL to use and correct the configuration.,4,Warning,45,vpn,webvpn
+%FTD-4-716048,716048,Group group-name User user-name IP IP_address No memory to parse ACL.,%FTD-4-716048: Group group-name User user-name IP IP_address No memory to parse ACL.,There was not enough memory to parse the ACL.,"Purchase more memory, upgrade the Secure Firewall Threat Defense device, or reduce the load on it.",4,Warning,55,vpn,webvpn
+%FTD-6-716049,716049,Group group-name User user-name IP IP_address Empty SVC ACL.,%FTD-6-716049: Group group-name User user-name IP IP_address Empty SVC ACL.,The ACL to be used by the client was empty.,Determine the correct ACL to use and modify the configuration.,6,Informational,15,vpn,webvpn
+%FTD-6-716050,716050,Error adding to ACL: ace_command_line,%FTD-6-716050: Error adding to ACL: ace_command_line,The ACL entry had a syntax error.,Correct the downloadable ACL configuration.,6,Informational,15,vpn,webvpn
+%FTD-6-716051,716051,Group group-name User user-name IP IP_address Error adding dynamic ACL for user.,%FTD-6-716051: Group group-name User user-name IP IP_address Error adding dynamic ACL for user.,There is not enough memory to perform the action.,"Purchase more memory, upgrade the Secure Firewall Threat Defense device, or reduce the load on it.",6,Informational,25,vpn,webvpn
+%FTD-4-716052,716052,Group group-name User user-name IP IP_address Pending session terminated.,%FTD-4-716052: Group group-name User user-name IP IP_address Pending session terminated.,None provided.,None provided.,4,Warning,45,vpn,webvpn
+%FTD-5-716053,716053,SAML Server added: Name: name Type: SP,%FTD-5-716053: SAML Server added: Name: name Type: SP,A SAML IDP server entry has been added to the webvpn configuration.,None required.,5,Notification,5,vpn,webvpn
+%FTD-5-716054,716054,SAML Server deleted: Name: name Type: SP,%FTD-5-716054: SAML Server deleted: Name: name Type: SP,A SAML IDP server entry has been removed from the webvpn configuration. .,None required.,5,Notification,5,vpn,webvpn
+%FTD-3-716057,716057,"Group group User user IP ip Session terminated, no type license available","%FTD-3-716057: Group group User user IP ip Session terminated, no type license available",A user has attempted to connect to the Secure Firewall Threat Defense device using a client that is not licensed. This message may also occur if a temporary license has expired. - AnyConnect Mobile - LinkSys Phone - The type of license requested by the client (if other than the AnyConnect Mobile or LinkSys Phone) - Unknown,A permanent license with the appropriate feature should be purchased and installed.,3,Error,65,vpn,webvpn
+%FTD-6-716058,716058,Group group User user IP ip AnyConnect session lost connection. Waiting to resume.,%FTD-6-716058: Group group User user IP ip AnyConnect session lost connection. Waiting to resume.,None provided.,None provided.,6,Informational,15,vpn,webvpn
+%FTD-6-716059,716059,Group group User user IP ip AnyConnect session resumed connection from IP ip2.,%FTD-6-716059: Group group User user IP ip AnyConnect session resumed connection from IP ip2.,An AnyConnect session resumed from the inactive state.,None required.,6,Informational,5,vpn,webvpn
+%FTD-6-716060,716060,Group group User user IP ip Terminated AnyConnect session in inactive state to accept a new connection: License limit reached.,%FTD-6-716060: Group group User user IP ip Terminated AnyConnect session in inactive state to accept a new connection: License limit reached.,An AnyConnect session in the inactive state was logged out to allow a new incoming SSL VPN (AnyConnect or clientless) connection.,None required.,6,Informational,5,vpn,webvpn
+%FTD-3-716061,716061,"Group DfltGrpPolicy User user IP ip_addr IPv6 User Filter tempipv6 configured for AnyConnect. This setting has been deprecated, terminating connection","%FTD-3-716061: Group DfltGrpPolicy User user IP ip_addr IPv6 User Filter tempipv6 configured for AnyConnect. This setting has been deprecated, terminating connection","The IPv6 VPN filter has been deprecated and if it is configured instead of a unified filter for IPv6 traffic access control, the connection will be terminated.",Configure a unified filter with IPv6 entries to control IPv6 traffic for the user.,3,Error,65,vpn,webvpn
+%FTD-3-716158,716158,"Failed to create SAML logout request, initiated by user. reason: reason.","%FTD-3-716158: Failed to create SAML logout request, initiated by user. reason: reason.",None provided.,None provided.,3,Error,75,vpn,webvpn
+%FTD-3-716159,716159,Failed to process SAML logout request. reason: reason.,%FTD-3-716159: Failed to process SAML logout request. reason: reason.,"The device encountered an error while processing a SAML logout request initiated by the IDP. The reasons could be NameID is invalid, could not create logout object, and so on.",,3,Error,75,vpn,webvpn
+%FTD-3-716160,716160,Failed to create SAML authentication request. reason: reason.,%FTD-3-716160: Failed to create SAML authentication request. reason: reason.,"The device was unable to authenticate a user with the SAML IDP because it encountered an error while creating the SAML authn request. The reasons could be NameIDPolicy is invalid, could not create new login instance, and so on.",,3,Error,75,vpn,webvpn
+%FTD-3-716162,716162,Failed to consume SAML assertion. reason: reason.,%FTD-3-716162: Failed to consume SAML assertion. reason: reason.,"The device encountered an error while processing an authentication response from a SAML IDP. The reasons could be response or assertion is empty, could not create new login instance, assertion is expired or not valid, assertion is empty, issuer is empty, subject is empty, issuer content is empty, name_id or content is empty, and so on.",,3,Error,75,vpn,webvpn
+%FTD-3-716163,716163,SAML response relay state failed data integrity check. Client IP: IP address. Local-base-url: Local-base URL.,%FTD-3-716163: SAML response relay state failed data integrity check. Client IP: IP address. Local-base-url: Local-base URL.,"This syslog is generated when the relay state failed the data integrity validation. The local-base-url from SAML response RelayState helps to differentiate between the device that originally generated the SAML request from the device that received the response. If the local-base-url is not specified in the response, the message displays 'not received'.",,3,Error,75,vpn,webvpn
+%FTD-3-716164,716164,SAML response relay state missing data integrity hash. Client IP: IP address. Local-base-url: Local-base URL.,%FTD-3-716164: SAML response relay state missing data integrity hash. Client IP: IP address. Local-base-url: Local-base URL.,None provided.,None provided.,3,Error,65,vpn,webvpn
+%FTD-6-716166,716166,"Denied SSL remote access session for reqType faddr client_ip laddr <device_ip> by (geo=country_name, id=country_code)","%FTD-6-716166: Denied SSL remote access session for reqType faddr client_ip laddr <device_ip> by (geo=country_name, id=country_code)",The messages appear when an SSL session is denied. This syslog is added under existing webvpn logging class.,None required.,6,Informational,35,vpn,webvpn
+%FTD-2-716500,716500,internal error in: function : Fiber library cannot locate AK47 instance,%FTD-2-716500: internal error in: function : Fiber library cannot locate AK47 instance,The fiber library cannot locate the application kernel layer 4 to 7 instance.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716501,716501,internal error in: function : Fiber library cannot attach AK47 instance,%FTD-2-716501: internal error in: function : Fiber library cannot attach AK47 instance,The fiber library cannot attach the application kernel layer 4 to 7 instance.,None provided.,2,Critical,85,vpn,webvpn
+%FTD-2-716502,716502,internal error in: function : Fiber library cannot allocate default arena,%FTD-2-716502: internal error in: function : Fiber library cannot allocate default arena,The fiber library cannot allocate the default arena.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716503,716503,internal error in: function : Fiber library cannot allocate fiber descriptors pool,%FTD-2-716503: internal error in: function : Fiber library cannot allocate fiber descriptors pool,The fiber library cannot allocate the fiber descriptors pool.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716504,716504,internal error in: function : Fiber library cannot allocate fiber stacks pool,%FTD-2-716504: internal error in: function : Fiber library cannot allocate fiber stacks pool,The fiber library cannot allocate the fiber stack pool.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716505,716505,internal error in: function : Fiber has joined fiber in unfinished state,%FTD-2-716505: internal error in: function : Fiber has joined fiber in unfinished state,The fiber has joined fiber in an unfinished state.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716506,716506,UNICORN_SYSLOGID_JOINED_UNEXPECTED_FIBER,%FTD-2-716506: UNICORN_SYSLOGID_JOINED_UNEXPECTED_FIBER,An internal fiber library was generated.,Contact the Cisco TAC.,2,Critical,85,vpn,webvpn
+%FTD-1-716507,716507,"Fiber scheduler has reached unreachable code. Cannot continue, terminating.","%FTD-1-716507: Fiber scheduler has reached unreachable code. Cannot continue, terminating.",The Secure Firewall Threat Defense device has experienced an unexpected error and has recovered.,None provided.,1,Alert,75,vpn,webvpn
+%FTD-1-716508,716508,internal error in: function : Fiber scheduler is scheduling rotten fiber. Cannot continuing terminating,%FTD-1-716508: internal error in: function : Fiber scheduler is scheduling rotten fiber. Cannot continuing terminating,"The fiber scheduler is scheduling rotten fiber, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.",1,Alert,75,vpn,webvpn
+%FTD-1-716509,716509,internal error in: function : Fiber scheduler is scheduling alien fiber. Cannot continue terminating,%FTD-1-716509:internal error in: function : Fiber scheduler is scheduling alien fiber. Cannot continue terminating,"The fiber scheduler is scheduling alien fiber, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.",1,Alert,75,vpn,webvpn
+%FTD-1-716510,716510,internal error in: function : Fiber scheduler is scheduling finished fiber. Cannot continue terminating,%FTD-1-716510:internal error in: function : Fiber scheduler is scheduling finished fiber. Cannot continue terminating,"The fiber scheduler is scheduling finished fiber, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.",1,Alert,75,vpn,webvpn
+%FTD-2-716512,716512,internal error in: function : Fiber has joined fiber waited upon by someone else,%FTD-2-716512:internal error in: function : Fiber has joined fiber waited upon by someone else,The fiber has joined fiber that is waited upon by someone else.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716513,716513,internal error in: function : Fiber in callback blocked on other channel,%FTD-2-716513: internal error in: function : Fiber in callback blocked on other channel,The fiber in the callback was blocked on the other channel.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,100,vpn,webvpn
+%FTD-2-716515,716515,internal error in: function : OCCAM failed to allocate memory for AK47 instance,%FTD-2-716515:internal error in: function : OCCAM failed to allocate memory for AK47 instance,None provided.,None provided.,2,Critical,95,vpn,webvpn
+%FTD-1-716516,716516,internal error in: function : OCCAM has corrupted ROL array. Cannot continue terminating,%FTD-1-716516: internal error in: function : OCCAM has corrupted ROL array. Cannot continue terminating,"The OCCAM has a corrupted ROL array, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.",1,Alert,95,vpn,webvpn
+%FTD-2-716517,716517,internal error in: function : OCCAM cached block has no associated arena,%FTD-2-716517: internal error in: function : OCCAM cached block has no associated arena,The OCCAM cached block has no associated arena.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716518,716518,internal error in: function : OCCAM pool has no associated arena,%FTD-2-716518: internal error in: function : OCCAM pool has no associated arena,The OCCAM pool has no associated arena.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-1-716519,716519,internal error in: function : OCCAM has corrupted pool list. Cannot continue terminating,%FTD-1-716519: internal error in: function : OCCAM has corrupted pool list. Cannot continue terminating,"The OCCAM has a corrupted pool list, so it cannot continue terminating.","To determine the cause of the problem, contact the Cisco TAC.",1,Alert,95,vpn,webvpn
+%FTD-2-716520,716520,internal error in: function : OCCAM pool has no block list,%FTD-2-716520:internal error in: function : OCCAM pool has no block list,The OCCAM pool has no block list.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,85,vpn,webvpn
+%FTD-2-716521,716521,internal error in: function : OCCAM no realloc allowed in named pool,%FTD-2-716521: internal error in: function : OCCAM no realloc allowed in named pool,The OCCAM did not allow reallocation in the named pool.,None provided.,2,Critical,85,vpn,webvpn
+%FTD-2-716522,716522,internal error in: function : OCCAM corrupted standalone block,%FTD-2-716522: internal error in: function : OCCAM corrupted standalone block,The OCCAM has a corrupted standalone block.,"To determine the cause of the problem, contact the Cisco TAC.",2,Critical,100,vpn,webvpn
+%FTD-2-716525,716525,UNICORN_SYSLOGID_SAL_CLOSE_PRIVDATA_CHANGED,%FTD-2-716525: UNICORN_SYSLOGID_SAL_CLOSE_PRIVDATA_CHANGED,An internal SAL error has occurred.,Contact the Cisco TAC.,2,Critical,85,vpn,webvpn
+%FTD-2-716526,716526,UNICORN_SYSLOGID_PERM_STORAGE_SERVER_LOAD_FAIL,%FTD-2-716526: UNICORN_SYSLOGID_PERM_STORAGE_SERVER_LOAD_FAIL,A failure in the mounting of the permanent storage server directory occurred.,Contact the Cisco TAC.,2,Critical,95,vpn,webvpn
+%FTD-2-716527,716527,UNICORN_SYSLOGID_PERM_STORAGE_SERVER_STORE_FAIL,%FTD-2-716527: UNICORN_SYSLOGID_PERM_STORAGE_SERVER_STORE_FAIL,A failure in the mounting of the permanent storage file occurred.,Contact the Cisco TAC.,2,Critical,95,vpn,webvpn
+%FTD-1-716528,716528,Unexpected fiber scheduler error; possible out-of-memory condition,%FTD-1-716528: Unexpected fiber scheduler error; possible out-of-memory condition,The Secure Firewall Threat Defense device has experienced an unexpected error and has recovered.,"Check for high CPU usage or CPU hogs, and potential memory leaks. If the problem persists, contact the Cisco TAC.",1,Alert,75,vpn,webvpn
+%FTD-3-716600,716600,Rejected size-recv Hostscan data from IP src-ip. Hostscan results exceed default limit of configured.,%FTD-3-716600: Rejected size-recv Hostscan data from IP src-ip. Hostscan results exceed default limit of configured.,"When the size of the received Hostscan data exceeds the limit configured on the Secure Firewall Threat Defense device, the data is discarded.",None provided.,3,Error,85,vpn,webvpn
+%FTD-3-716601,716601,Rejected size-recv Hostscan data from IP src-ip. System-wide limit on the amount of Hostscan data stored on default reached the limit of configured,%FTD-3-716601: Rejected size-recv Hostscan data from IP src-ip. System-wide limit on the amount of Hostscan data stored on default reached the limit of configured,"When the amount of Hostscan data stored on the Secure Firewall Threat Defense device exceeds the limit, new Hostscan results are rejected. device in kilobytes",Contact Cisco TAC to change the limit on stored Hostscan data.,3,Error,85,vpn,webvpn
+%FTD-3-716602,716602,Memory allocation error. Rejected size-recv Hostscan data from IP src-ip.,%FTD-3-716602: Memory allocation error. Rejected size-recv Hostscan data from IP src-ip.,An error occurred while memory was being allocated for Hostscan data.,"Set the Hostscan limit to the default value if it is configured. If the problem persists, contact Cisco TAC.",3,Error,85,vpn,webvpn
+%FTD-7-716603,716603,Received size-recv KB Hostscan data from IP src-ip.,%FTD-7-716603: Received size-recv KB Hostscan data from IP src-ip.,The Hostscan data of a specified size was successfully received.,None required.,7,Debugging,25,vpn,webvpn
+%FTD-3-717001,717001,Querying keypair failed.,%FTD-3-717001: Querying keypair failed.,A required keypair was not found during an enrollment request.,"Verify that a valid keypair exists in the trustpoint configuration, then resubmit the enrollment request.",3,Error,85,vpn,pki_ca
+%FTD-3-717002,717002,Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.,%FTD-3-717002: Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.,An enrollment request for this trustpoint has failed.,Check the CA server for the failure reason.,3,Error,75,vpn,pki_ca
+%FTD-6-717003,717003,Certificate received from Certificate Authority for trustpoint trustpoint_name.,%FTD-6-717003: Certificate received from Certificate Authority for trustpoint trustpoint_name.,A certificate was successfully received from the CA for this trustpoint.,None required,6,Informational,5,vpn,pki_ca
+%FTD-6-717004,717004,PKCS #12 export failed for trustpoint trustpoint_name.,%FTD-6-717004: PKCS #12 export failed for trustpoint trustpoint_name.,"The trustpoint failed to export, because of one of the following: only a CA certificate exists, and an identity certificate does not exist for the trustpoint, or a required keypair is missing.",Make sure that required certificates and keypairs are present for the given trustpoint.,6,Informational,25,vpn,pki_ca
+%FTD-6-717005,717005,PKCS #12 export succeeded for trustpoint trustpoint_name.,%FTD-6-717005: PKCS #12 export succeeded for trustpoint trustpoint_name.,The trustpoint was successfully exported.,None required,6,Informational,5,vpn,pki_ca
+%FTD-6-717006,717006,PKCS #12 import failed for trustpoint trustpoint_name.,%FTD-6-717006: PKCS #12 import failed for trustpoint trustpoint_name.,Import of the requested trustpoint failed to be processed.,"Verify the integrity of the imported data. Then make sure that the entire pkcs12 record is correctly pasted, and reimport the data.",6,Informational,35,vpn,pki_ca
+%FTD-6-717007,717007,PKCS #12 import succeeded for trustpoint trustpoint_name.,%FTD-6-717007: PKCS #12 import succeeded for trustpoint trustpoint_name.,Import of the requested trustpoint was successfully completed.,None required.,6,Informational,5,vpn,pki_ca
+%FTD-2-717008,717008,Insufficient memory to process_requiring_memory.,%FTD-2-717008: Insufficient memory to process_requiring_memory.,An internal error occurred while attempting to allocate memory for the process that reqires memory. Other processes may experience problems allocating memory and prevent further processing.,Collect memory statistics and logs for further debugging and reload the Secure Firewall Threat Defense device.,2,Critical,100,vpn,pki_ca
+%FTD-3-717009,717009,Certificate validation failed. reason_string.,%FTD-3-717009: Certificate validation failed. reason_string.,"A certificate validation failed, which might be caused by a validation attempt of a revoked certificate, invalid certificate attributes, or configuration issues.","Make sure the configuration has a valid trustpoint configured for validation if the reason indicates that no suitable trustpoints were found. Check the Secure Firewall Threat Defense device time to ensure that it is accurate relative to the certificate authority time. Check the reason for the failure and correct any issues that are indicated. If certificate validation fails due to the CA key size being too small or a weak crypto being used, you can use the enable weak crypto option for the device in the Firewall Management Center to override these restrictions.",3,Error,75,vpn,pki_ca
+%FTD-3-717010,717010,CRL polling failed for trustpoint trustpoint_name.,%FTD-3-717010: CRL polling failed for trustpoint trustpoint_name.,.CRL polling has failed and may cause connections to be denied if CRL checking is required.,None provided.,3,Error,95,vpn,pki_ca
+%FTD-2-717011,717011,Unexpected event: event event_ID,%FTD-2-717011: Unexpected event: event event_ID,An event that is not expected under normal conditions has occurred.,"If the problem persists, contact the Cisco TAC.",2,Critical,85,vpn,pki_ca
+%FTD-3-717012,717012,Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure,%FTD-3-717012: Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure,"An attempt to refresh a cached CRL entry has failed for the specified trustpoint at the indicated time of failure. This may result in obsolete CRLs on the Secure Firewall Threat Defense device, which may cause connections that require a valid CRL to be denied.","Check connectivity issues to the server, such as a downed network or server. Try to retrieve the CRL manually using the crypto ca crl retrieve command.",3,Error,95,vpn,pki_ca
+%FTD-5-717013,717013,Removing a cached CRL to accommodate an incoming CRL Issuer: issuer,%FTD-5-717013: Removing a cached CRL to accommodate an incoming CRL Issuer: issuer,"When the device is configured to authenticate IPsec tunnels using digital certificates, CRLs may be cached in memory to avoid requiring a CRL download during each connection. If the cache fills to the point where an incoming CRL cannot be accommodated, older CRLs will be removed until the required space is made available. This message is generated for each purged CRL.",None required.,5,Notification,5,vpn,pki_ca
+%FTD-5-717014,717014,"Unable to cache a CRL received from CDP due to size limitations(CRL size = size, available cache space = space)","%FTD-5-717014: Unable to cache a CRL received from CDP due to size limitations(CRL size = size, available cache space = space)","When the device is configured to authenticate IPsec tunnels using digital certificates, CRLs may be cached in memory to avoid requiring a CRL download during each connection. This message is generated if a received CRL is too large to fit in the cache. Large CRLs are still supported even though they are not cached. This means that the CRL will be downloaded with each IPsec connection, which may affect performance during IPsec connection bursts.",None required.,5,Notification,5,vpn,pki_ca
+%FTD-3-717015,717015,"CRL received from issuer is too large to process (CRL size = crl_size , maximum CRL size = max_crl_size )","%FTD-3-717015: CRL received from issuer is too large to process (CRL size = crl_size , maximum CRL size = max_crl_size )",An IPsec connection caused a CRL that is larger than the maximum permitted CRL size to be downloaded. This error condition causes the connection to fail. This message is rate limited to one message every 10 seconds.,"Scalability is perhaps the most significant drawback to the CRL method of revocation checking. To solve this problem, the only options are to investigate a CA-based solution to reduce the CRL size or configure the Secure Firewall Threat Defense device not to require CRL validation.",3,Error,75,vpn,pki_ca
+%FTD-6-717016,717016,Removing expired CRL from the CRL cache. Issuer: issuer,%FTD-6-717016: Removing expired CRL from the CRL cache. Issuer: issuer,"When the Secure Firewall Threat Defense device is configured to authenticate IPsec tunnels using digital certificates, CRLs may be cached in memory to avoid requiring a CRL download during each connection. This message is generated when either the CA specified expiration time or the configured cache time has lapsed and the CRL is removed from the cache.",None required.,6,Informational,5,vpn,pki_ca
+%FTD-3-717017,717017,Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url.,%FTD-3-717017: Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url.,An error occurred when an attempt was made to authenticate a trustpoint by requesting a CA certificate from a certificate authority.,"Make sure that an enrollment URL is configured with this trustpoint, ensure connectivity with the CA server, then retry the request.",3,Error,75,vpn,pki_ca
+%FTD-3-717018,717018,"CRL received from issuer has too many entries to process (number of entries = number_of_entries , maximum number allowed = max_allowed )","%FTD-3-717018: CRL received from issuer has too many entries to process (number of entries = number_of_entries , maximum number allowed = max_allowed )",An IPsec connection caused a CRL that includes more revocation entries than can be supported to be downloaded. This is an error condition that will cause the connection to fail. This message is rate limited to one message every 10 seconds. supports,Scalability is perhaps the most significant drawback to the CRL method of revocation checking. The only options to solve this problem are to investigate a CA-based solution to reduce the CRL size or configure the Secure Firewall Threat Defense device not to require CRL validation.,3,Error,75,vpn,pki_ca
+%FTD-3-717019,717019,Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.,%FTD-3-717019: Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.,"A CRL is retrieved, but found to be invalid and cannot be inserted into the cache because of the failure_reason.","Make sure that the current Secure Firewall Threat Defense device time is correct relative to the CA time. If the NextUpdate field is missing, configure the trustpoint to ignore the NextUpdate field.",3,Error,75,vpn,pki_ca
+%FTD-3-717020,717020,Failed to install device certificate for trustpoint label. Reason: reason_string.,%FTD-3-717020: Failed to install device certificate for trustpoint label. Reason: reason_string.,A failure occurred while trying to enroll or import an enrolled certificate into a trustpoint.,Use the failure reason to remedy the cause of failure and retry the enrollment. Common failures are due to invalid certificates being imported into the Secure Firewall Threat Defense device or a mismatch of the public key included in the enrolled certificate with the keypair referenced in the trustpoint.,3,Error,75,vpn,pki_ca
+%FTD-3-717021,717021,"Certificate data could not be verified. Reason: reason_string, key length in certificate: serial_number bits.","%FTD-3-717021: Certificate data could not be verified. Reason: reason_string, key length in certificate: serial_number bits.","An attempt to verify the certificate that is identified by the serial number and subject name was unsuccessful for the specified reason. When verifying certificate data using the signature, several errors can occur that should be logged, including invalid key types and unsupported key size.","Check the specified certificate to ensure that it is valid, that it includes a valid key type, and that it does not exceed the maximum supported key size.",3,Error,85,vpn,pki_ca
+%FTD-6-717022,717022,Certificate was successfully validated. certificate_identifiers.,%FTD-6-717022: Certificate was successfully validated. certificate_identifiers.,"The identified certificate was successfully validated. might include a reason, serial number, subject name, and additional information",None provided.,6,Informational,15,vpn,pki_ca
+%FTD-3-717023,717023,SSL failed to set device certificate for trustpoint trustpoint_name. Reason: reason_string.,%FTD-3-717023: SSL failed to set device certificate for trustpoint trustpoint_name. Reason: reason_string.,A failure occurred while trying to set an Secure Firewall Threat Defense certificate for the given trustpoint for authenticating the SSL connection. certificate,Resolve the issue indicated by the reason reported for the failure by doing the following:,3,Error,75,vpn,pki_ca
+%FTD-7-717024,717024,Checking CRL from trustpoint: trustpoint name for purpose,%FTD-7-717024: Checking CRL from trustpoint: trustpoint name for purpose,A CRL is being retrieved.,None required.,7,Debugging,5,vpn,pki_ca
+%FTD-7-717025,717025,Validating certificate chain containing number_of_certs certificate(s).,%FTD-7-717025: Validating certificate chain containing number_of_certs certificate(s).,A certificate chain is being validated.,None required.,7,Debugging,5,vpn,pki_ca
+%FTD-4-717026,717026,Name lookup failed for hostname hostname during PKI operation.,%FTD-4-717026: Name lookup failed for hostname hostname during PKI operation.,The given hostname cannot be resolved while attempting a PKI operation.,Check the configuration and the DNS server entries for the given hostname to make sure that it can be resolved. Then retry the operation.,4,Warning,55,vpn,pki_ca
+%FTD-3-717027,717027,Certificate chain failed validation. reason_string.,%FTD-3-717027: Certificate chain failed validation. reason_string.,"A certificate chain cannot be validated. reacheability of a CA server, trustpoint not being available, the validity period for the certificate identity has elapsed, or when the certificate is revoked.",Resolve the issue noted by the reason and retry the validation attempt by performing any of the following actions:,3,Error,75,vpn,pki_ca
+%FTD-6-717028,717028,Certificate chain was successfully validated additional_info.,%FTD-6-717028: Certificate chain was successfully validated additional_info.,A certificate chain was successfully validated. warning” indicates that a CRL check was not performed),None required.,6,Informational,5,vpn,pki_ca
+%FTD-7-717029,717029,Identified client certificate within certificate chain. serial_number.,%FTD-7-717029: Identified client certificate within certificate chain. serial_number.,The certificate specified as the client certificate is identified.,None required.,7,Debugging,5,vpn,pki_ca
+%FTD-7-717030,717030,Found a suitable trustpoint trustpoint_name to validate certificate.,%FTD-7-717030: Found a suitable trustpoint trustpoint_name to validate certificate.,A suitable or usable trustpoint is found that can be used to validate the certificate.,None required.,7,Debugging,5,vpn,pki_ca
+%FTD-4-717031,717031,Failed to find a suitable trustpoint for the issuer: issuer Reason: reason_string,%FTD-4-717031: Failed to find a suitable trustpoint for the issuer: issuer Reason: reason_string,"A usable trustpoint cannot be found. During certificate validation, a suitable trustpoint must be available in order to validate a certificate.","Resolve the issue indicated in the reason by checking the configuration to make sure that a trustpoint is configured, authenticated, and enrolled. Also make sure that the configuration allows for specific types of certificates, such as identity certificates.",4,Warning,55,vpn,pki_ca
+%FTD-3-717032,717032,OCSP status check failed. Reason: reason_string.,%FTD-3-717032: OCSP status check failed. Reason: reason_string.,"When the OCSP status check fails, this message is generated with the reason for the failure. The following list mentions the failure reasons:",None.,3,Error,75,vpn,pki_ca
+%FTD-6-717033,717033,OCSP response received.,%FTD-6-717033: OCSP response received.,An OCSP status check response was received successfully.,None required.,6,Informational,5,vpn,pki_ca
+%FTD-7-717034,717034,No-check extension found in certificate. CRL check bypassed.,%FTD-7-717034: No-check extension found in certificate. CRL check bypassed.,"An OCSP responder certificate was received that includes an “id-pkix-ocsp-nocheck” extension, which allows this certificate to be validated without an OCSP status check.",None required.,7,Debugging,5,vpn,pki_ca
+%FTD-4-717035,717035,OCSP status is being checked for certificate. certificate_identifier..,%FTD-4-717035: OCSP status is being checked for certificate. certificate_identifier..,The certificate for which an OCSP status check occurs is identified. rules,None required.,4,Warning,5,vpn,pki_ca
+%FTD-7-717036,717036,Looking for a tunnel group match based on certificate maps for peer certificate with certificate_identifier.,%FTD-7-717036: Looking for a tunnel group match based on certificate maps for peer certificate with certificate_identifier.,The peer certificate identified by the certificate identifier is being processed through the configured certificate maps to attempt a possible tunnel group match. rules,None required.,7,Debugging,5,vpn,pki_ca
+%FTD-4-717037,717037,Tunnel group search using certificate maps failed for peer certificate: certificate_identifier.,%FTD-4-717037: Tunnel group search using certificate maps failed for peer certificate: certificate_identifier.,"The peer certificate identified by the certificate identifier was processed through the configured certificate maps to attempt a possible tunnel group match, but no match can be found. rules",Make sure that the warning is expected based on the received peer certificate and the configured crypto CA certificate map rules.,4,Warning,55,vpn,pki_ca
+%FTD-7-717038,717038,"Tunnel group match found. Tunnel Group: tunnel_group_name, Peer certificate: certificate_identifier.","%FTD-7-717038: Tunnel group match found. Tunnel Group: tunnel_group_name, Peer certificate: certificate_identifier.","The peer certificate identified by the certificate identifier was processed by the configured certificate maps, and a match was found to the tunnel group.",None provided.,7,Debugging,5,vpn,pki_ca
+%FTD-5-717050,717050,"SCEP Proxy: Processed request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group-policy_name to CA ca_ip_address","%FTD-5-717050: SCEP Proxy: Processed request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group-policy_name to CA ca_ip_address","The SCEP proxy received a message and relayed it to the CA. The response from the CA is relayed back to the client. SCEP message types: PKIOperation, GetCACaps, GetCACert, GetNextCACert, and GetCACertChain. is received is received",None required.,5,Notification,5,vpn,pki_ca
+%FTD-3-717051,717051,"SCEP Proxy: Denied processing the request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group_policy_name to CA ca_ip_address. Reason: msg","%FTD-3-717051: SCEP Proxy: Denied processing the request type type from IP client_ip_address, User username, TunnelGroup tunnel_group_name, GroupPolicy group_policy_name to CA ca_ip_address. Reason: msg","The SCEP proxy denied processing of the request, which may be caused by a misconfiguration, an error condition in the proxy, or an invalid request. SCEP message types: PKIOperation, GetCACaps, GetCACert, GetNextCACert, and GetCACertChain. is received is received","Identify the cause from the reason printed. If the reason indicates that the request is invalid, check the CA URL configuration. Otherwise, confirm that the tunnel group is enabled for SCEP enrollment and debug further by using the debug crypto ca scep-proxy command.",3,Error,95,vpn,pki_ca
+%FTD-4-717052,717052,Group group_name User user_name IP IP_Address Session disconnected due to periodic certificate authentication failure. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number,%FTD-4-717052: Group group_name User user_name IP IP_Address Session disconnected due to periodic certificate authentication failure. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number,"Periodic certificate authentication failed, and the session was disconnected.",None required.,4,Warning,75,vpn,pki_ca
+%FTD-5-717053,717053,Group group_name User user_name IP IP_Address Periodic certificate authentication succeeded. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number,%FTD-5-717053: Group group_name User user_name IP IP_Address Periodic certificate authentication succeeded. Subject Name id_subject_name Issuer Name id_issuer_name Serial Number id_serial_number,Periodic certificate authentication succeeded.,None required.,5,Notification,5,vpn,pki_ca
+%FTD-1-717054,717054,The type certificate in the trustpoint tp_name is due to expire in number days. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number,%FTD-1-717054: The type certificate in the trustpoint tp_name is due to expire in number days. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number,The specified certificate in the trustpoint is about to expire.,None provided.,1,Alert,75,vpn,pki_ca
+%FTD-1-717055,717055,The type certificate in the trustpoint tp_name has expired. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number,%FTD-1-717055: The type certificate in the trustpoint tp_name has expired. Expiration date_and_time Subject Name subject_name Issuer Name issuer_name Serial Number serial_number,The specified certificate in the trustpoint has expired.,Renew the certificate.,1,Alert,75,vpn,pki_ca
+%FTD-6-717056,717056,Attempting type revocation check from Src:Interface/Src to IP/Src_Port using Dst_IP.,%FTD-6-717056: Attempting type revocation check from Src:Interface/Src to IP/Src_Port using Dst_IP.,The CA was attempting to download a CRL or send an OCSP revocation check request.,None required.,6,Informational,5,vpn,pki_ca
+%FTD-3-717057,717057,Automatic import of trustpool certificate bundle has failed. Maximum_retry_attempts_reached.Failed_to_reach_CA_server|Cisco_root_bundle_signature_validation_failed|Failed_to_update_trustpool_bundle_in_flash|Failed_to_install_trustpool_bundle_in_memory,%FTD-3-717057: Automatic import of trustpool certificate bundle has failed. Maximum_retry_attempts_reached.Failed_to_reach_CA_server|Cisco_root_bundle_signature_validation_failed|Failed_to_update_trustpool_bundle_in_flash|Failed_to_install_trustpool_bundle_in_memory,This syslog is generated with one of these error messages. This syslog is meant to update the user with results of the auto import operation and steer them towards the right debug messages especially in cases of failure. Details of each error are present in the debug output.,Verify CA accessibility and make space on flash CA root certificate.,3,Error,85,vpn,pki_ca
+%FTD-6-717058,717058,Automatic import of trustpool certificate bundle is successful: No_change_in_trustpool_bundle|Trustpool_updated_in_flash,%FTD-6-717058: Automatic import of trustpool certificate bundle is successful: No_change_in_trustpool_bundle|Trustpool_updated_in_flash,"This syslog is generated with one of these success messages. This syslog is meant to update the user with results of the auto import operation and steer them towards the right debug messages, especially in cases of failure. Details of each error are present in the debug output.",None.,6,Informational,25,vpn,pki_ca
+%FTD-6-717059,717059,"Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name matched the configured certificate map map_name","%FTD-6-717059: Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name matched the configured certificate map map_name",This log is generated when an ASDM connection is authenticated via certificates and allowed based on the configured certificate map rules.,None required.,6,Informational,5,vpn,pki_ca
+%FTD-3-717060,717060,"Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name failed to match the configured certificate map map_name","%FTD-3-717060: Peer certificate with serial_number:serial,subject:subject_name,issuer:issuer_name failed to match the configured certificate map map_name",This log is generated when an ASDM connection is authenticated via certificates and not allowed based on the configured certificate map rules.,"If the peer certificate referenced in the log is supposed to be allowed, check certificate map configuration for the referenced map_name and correct the map to allow the connection as needed.",3,Error,75,vpn,pki_ca
+%FTD-5-717061,717061,Starting protocol certificate enrollment for the trustpoint tpname with the CA ca_name. Request Type type Mode mode,%FTD-5-717061: Starting protocol certificate enrollment for the trustpoint tpname with the CA ca_name. Request Type type Mode mode,A CMP enrollment request has been triggered.,None required.,5,Notification,5,vpn,pki_ca
+%FTD-5-717062,717062,protocol Certificate enrollment succeeded for the trustpoint tpname with the CA ca using CMP. Received a new certificate with Subject Name subject Issuer Name issuer Serial Number serial,%FTD-5-717062: protocol Certificate enrollment succeeded for the trustpoint tpname with the CA ca using CMP. Received a new certificate with Subject Name subject Issuer Name issuer Serial Number serial,CMP enrollment request succeeded. New certificate received.,None required.,5,Notification,5,vpn,pki_ca
+%FTD-3-717063,717063,protocol Certificate enrollment failed for the trustpoint tpname with the CA ca,%FTD-3-717063: protocol Certificate enrollment failed for the trustpoint tpname with the CA ca,CMP enrollment request failed.,Use the CMP debug traces to fix the enrollment failure.,3,Error,75,vpn,pki_ca
+%FTD-5-717064,717064,Keypair keyname in the trustpoint tpname is regenerated for mode protocol certificate enrollment,%FTD-5-717064: Keypair keyname in the trustpoint tpname is regenerated for mode protocol certificate enrollment,The keypair in the trustpoint is regenerated for certificate enrollment using CMP.,None required.,5,Notification,5,vpn,pki_ca
+%FTD-5-717067,717067,Starting ACME certificate enrollment for trustpoint tpname with CA ca_name. Mode mode.,%FTD-5-717067: Starting ACME certificate enrollment for trustpoint tpname with CA ca_name. Mode mode.,The enrollment is triggered for ACME trustpoint.,None required.,5,Notification,5,vpn,pki_ca
+%FTD-5-717068,717068,"ACME Certificate enrollment succeeded for trustpoint tpname with CA ca. Received a new certificate with Subject Name subject, Issuer Name issuer, Serial Number serial .","%FTD-5-717068: ACME Certificate enrollment succeeded for trustpoint tpname with CA ca. Received a new certificate with Subject Name subject, Issuer Name issuer, Serial Number serial .",The ACME certificate enrollment is sucessful for the trustpoint.,None required.,5,Notification,5,vpn,pki_ca
+%FTD-3-717069,717069,ACME Certificate enrollment failed for trustpoint tpname with CA ca.,%FTD-3-717069: ACME Certificate enrollment failed for trustpoint tpname with CA ca.,The ACME certificate enrollment failed for the trustpoint.,Use the debug crypto ca acme <1-255>command to identify the failure reasons from the debug traces.,3,Error,75,vpn,pki_ca
+%FTD-5-717070,717070,Keypair keyname in trustpoint tpname is regenerated for mode ACME certificate renewal.,%FTD-5-717070: Keypair keyname in trustpoint tpname is regenerated for mode ACME certificate renewal.,Sucessful regeneration of the ACME keypair for the trustpoint.,None required.,5,Notification,5,vpn,pki_ca
+%FTD-3-717071,717071,CRL signature validation failed. Issuer: issuer name. Last Update: date and time. Next Update: date and time.,%FTD-3-717071: CRL signature validation failed. Issuer: issuer name. Last Update: date and time. Next Update: date and time.,"This syslog is generated during the X509 certificate verification process when an error is detected, where the message displays a certificate revocation list (CRL) information for the failed signature validation.",None required.,3,Error,5,vpn,pki_ca
+%FTD-5-717072,717072,A CRL with an older version than the currently cached one was downloaded. Issuer: Issuer name,%FTD-5-717072: A CRL with an older version than the currently cached one was downloaded. Issuer: Issuer name,None provided.,None provided.,5,Notification,25,vpn,pki_ca
+%FTD-7-718001,718001,Internal interprocess communication queue send failure: code [error_code].,%FTD-7-718001: Internal interprocess communication queue send failure: code [error_code].,An internal software error has occurred while attempting to enqueue a message on the VPN load balancing queue.,"This is generally a benign condition. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,vpn_load_balancing
+%FTD-5-718002,718002,"Create peer IP_address failure, already at maximum of [number_of_peers]","%FTD-5-718002: Create peer IP_address failure, already at maximum of [number_of_peers]",The maximum number of load-balancing peers has been exceeded. The new peer is ignored.,Check your load balancing and network configuration to ensure that the number of load-balancing peers does not exceed the maximum allowed.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-6-718003,718003,"Got unknown peer message [message_number] from [IP_address], local version [version_number], remote version [version_number]","%FTD-6-718003: Got unknown peer message [message_number] from [IP_address], local version [version_number], remote version [version_number]","An unrecognized load-balancing message was received from one of the load-balancing peers. This may indicate a version mismatch between peers, but is most likely caused by an internal software error.","Verify that all load-balancing peers are compatible. If they are and this condition persists or is linked to undesirable behavior, contact the Cisco TAC.",6,Informational,35,vpn,vpn_load_balancing
+%FTD-6-718004,718004,Got unknown internal message [message_number],%FTD-6-718004: Got unknown internal message [message_number],An internal software error occurred.,"This is generally a benign condition. If the problem persists, contact the Cisco TAC.",6,Informational,15,vpn,vpn_load_balancing
+%FTD-5-718005,718005,"Fail to send to IP_address, port port","%FTD-5-718005: Fail to send to IP_address, port port",An internal software error occurred during packet transmission on the load-balancing socket. This mght indicate a network problem.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718006,718006,Invalid load balancing state transition [cur=state_number][event=event_number],%FTD-5-718006: Invalid load balancing state transition [cur=state_number][event=event_number],A state machine error has occurred. This might indicate an internal software error.,"This is generally a benign condition. If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718007,718007,Socket open failure [failure_code]: failure_text,%FTD-5-718007: Socket open failure [failure_code]: failure_text,An error occurred when the load-balancing socket tried to open. This might indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",5,Notification,45,vpn,vpn_load_balancing
+%FTD-5-718008,718008,Socket bind failure [failure_code]: failure_text,%FTD-5-718008: Socket bind failure [failure_code]: failure_text,An error occurred when the Secure Firewall Threat Defense device tried to bind to the load-balancing socket. This might indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",5,Notification,45,vpn,vpn_load_balancing
+%FTD-5-718009,718009,Send HELLO response failure to [IP_address],%FTD-5-718009: Send HELLO response failure to [IP_address],An error occurred when the Secure Firewall Threat Defense device tried to send a hello response message to one of the load-balancing peers. This might indicate a network problem or an internal software error.,None provided.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718010,718010,Sent HELLO response to [IP_address],%FTD-5-718010: Sent HELLO response to [IP_address],The Secure Firewall Threat Defense device transmitted a hello response message to a load-balancing peer.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718011,718011,Send HELLO request failure to [IP_address],%FTD-5-718011: Send HELLO request failure to [IP_address],An error occurred when the Secure Firewall Threat Defense device tried to send a hello request message to one of the load-balancing peers. This may indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",5,Notification,45,vpn,vpn_load_balancing
+%FTD-5-718012,718012,Sent HELLO request to [IP_address],%FTD-5-718012: Sent HELLO request to [IP_address],The Secure Firewall Threat Defense device transmitted a hello request message to a load-balancing peer.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-6-718013,718013,Peer[IP_address] is not answering HELLO,%FTD-6-718013: Peer[IP_address] is not answering HELLO,The load-balancing peer is not answering a hello request message.,Check the status of the load-balancing SSF peer and the network connections.,6,Informational,15,vpn,vpn_load_balancing
+%FTD-5-718014,718014,Master peer[IP_address] is not answering HELLO,%FTD-5-718014: Master peer[IP_address] is not answering HELLO,The load balancing director peer is not answering the hello request message.,Check the status of the load balancing SSF director peer and the network connections.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718015,718015,Received HELLO request from [IP_address],%FTD-5-718015: Received HELLO request from [IP_address],None provided.,None provided.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718016,718016,Received HELLO response from [IP_address],%FTD-5-718016: Received HELLO response from [IP_address],The Secure Firewall Threat Defense device received a Hello Response packet from a load balancing peer.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-7-718017,718017,Got timeout for unknown peer[IP_address] msg type[message_type],%FTD-7-718017: Got timeout for unknown peer[IP_address] msg type[message_type],The Secure Firewall Threat Defense device processed a timeout for an unknown peer. The message was ignored because the peer may have already been removed from the active list.,"If the message persists or is linked to undesirable behavior, check the load balancing peers and verify that all are configured correctly.",7,Debugging,25,vpn,vpn_load_balancing
+%FTD-7-718018,718018,Send KEEPALIVE request failure to [IP_address],%FTD-7-718018: Send KEEPALIVE request failure to [IP_address],An error has occurred while attempting to send a Keepalive Request message to one of the load balancing peers. This t indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",7,Debugging,25,vpn,vpn_load_balancing
+%FTD-7-718019,718019,Sent KEEPALIVE request to [IP_address],%FTD-7-718019: Sent KEEPALIVE request to [IP_address],The Secure Firewall Threat Defense device transmitted a Keepalive Request message to a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718020,718020,Send KEEPALIVE response failure to [IP_address],%FTD-7-718020: Send KEEPALIVE response failure to [IP_address],An error has occurred while attempting to send a Keepalive Response message to one of the load balancing peers. This may indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",7,Debugging,25,vpn,vpn_load_balancing
+%FTD-7-718021,718021,Sent KEEPALIVE response to [IP_address],%FTD-7-718021: Sent KEEPALIVE response to [IP_address],The Secure Firewall Threat Defense device transmitted a Keepalive Response message to a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718022,718022,Received KEEPALIVE request from [IP_address],%FTD-7-718022: Received KEEPALIVE request from [IP_address],The Secure Firewall Threat Defense device received a Keepalive Request message from a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718023,718023,Received KEEPALIVE response from [IP_address],%FTD-7-718023: Received KEEPALIVE response from [IP_address],The Secure Firewall Threat Defense device received a Keepalive Response message from a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-5-718024,718024,Send CFG UPDATE failure to [IP_address],%FTD-5-718024: Send CFG UPDATE failure to [IP_address],An error has occurred while attempting to send a Configuration Update message to one of the load balancing peers. This might indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",5,Notification,45,vpn,vpn_load_balancing
+%FTD-7-718025,718025,Sent CFG UPDATE to [IP_address],%FTD-7-718025: Sent CFG UPDATE to [IP_address],The Secure Firewall Threat Defense device transmitted a Configuration Update message to a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718026,718026,Received CFG UPDATE from [IP_address],%FTD-7-718026: Received CFG UPDATE from [IP_address],The Secure Firewall Threat Defense device received a Configuration Update message from a load balancing peer.,None provided.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-6-718027,718027,Received unexpected KEEPALIVE request from [IP_address],%FTD-6-718027: Received unexpected KEEPALIVE request from [IP_address],The Secure Firewall Threat Defense device received an unexpected Keepalive request message from a load balancing peer.,"If the problem persists or is linked with undesirable behavior, verify that all load balancing peers are configured and discovered correctly.",6,Informational,25,vpn,vpn_load_balancing
+%FTD-5-718028,718028,Send OOS indicator failure to [IP_address],%FTD-5-718028: Send OOS indicator failure to [IP_address],An error has occurred while attempting to send an OOS indicator message to one of the load balancing peers. This might indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device and verify that interfaces are active and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",5,Notification,45,vpn,vpn_load_balancing
+%FTD-7-718029,718029,Sent OOS indicator to [IP_address],%FTD-7-718029: Sent OOS indicator to [IP_address],The Secure Firewall Threat Defense device transmitted an OOS indicator message to a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-6-718030,718030,Received planned OOS from [IP_address],%FTD-6-718030: Received planned OOS from [IP_address],The Secure Firewall Threat Defense device received a planned OOS message from a load balancing peer.,None required.,6,Informational,5,vpn,vpn_load_balancing
+%FTD-5-718031,718031,Received OOS obituary for [IP_address],%FTD-5-718031: Received OOS obituary for [IP_address],The Secure Firewall Threat Defense device received an OOS obituary message from a load balancing peer.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718032,718032,Received OOS indicator from [IP_address],%FTD-5-718032: Received OOS indicator from [IP_address],None provided.,None provided.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718033,718033,Send TOPOLOGY indicator failure to [IP_address],%FTD-5-718033: Send TOPOLOGY indicator failure to [IP_address],An error has occurred while attempting to send a Topology indicator message to one of the load balancing peers. This might indicate a network problem or an internal software error.,"Check the network-based configuration on the Secure Firewall Threat Defense device. Verify that interfaces are active, and protocol data is flowing through the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",5,Notification,45,vpn,vpn_load_balancing
+%FTD-7-718034,718034,Sent TOPOLOGY indicator to [IP_address],%FTD-7-718034: Sent TOPOLOGY indicator to [IP_address],The Secure Firewall Threat Defense device sent a Topology indicator message to a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718035,718035,Received TOPOLOGY indicator from [IP_address],%FTD-7-718035: Received TOPOLOGY indicator from [IP_address],The Secure Firewall Threat Defense device received a Topology indicator message from a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718036,718036,"Process timeout for req-type[type_value], exid[exchange_ID], peer[IP_address]","%FTD-7-718036: Process timeout for req-type[type_value], exid[exchange_ID], peer[IP_address]",The Secure Firewall Threat Defense device processed a peer timeout.,"Verify that the peer should have been timed out. If not, check the load balancing peer configuration and the network connection between the peer and the Secure Firewall Threat Defense device.",7,Debugging,25,vpn,vpn_load_balancing
+%FTD-6-718037,718037,Master processed number_of_timeouts timeouts,%FTD-6-718037: Master processed number_of_timeouts timeouts,The Secure Firewall Threat Defense device in the director role processed the specified number of peer timeouts.,"Verify that the timeouts are legitimate. If not, check the peer load balancing configuration and the network connection between the peer and the Secure Firewall Threat Defense device.",6,Informational,35,vpn,vpn_load_balancing
+%FTD-6-718038,718038,Slave processed number_of_timeouts timeouts,%FTD-6-718038: Slave processed number_of_timeouts timeouts,The Secure Firewall Threat Defense device in the member role processed the specified number of peer timeouts.,"Verify that the timeouts are legitimate. If not, check the peer load balancing configuration and the network connection between the peer and the Secure Firewall Threat Defense device.",6,Informational,35,vpn,vpn_load_balancing
+%FTD-6-718039,718039,Process dead peer[IP_address],%FTD-6-718039: Process dead peer[IP_address],The Secure Firewall Threat Defense device has detected a dead peer.,"Verify that the dead peer detection is legitimate. If not, check the peer load balancing configuration and the network connection between the peer and the Secure Firewall Threat Defense device.",6,Informational,25,vpn,vpn_load_balancing
+%FTD-6-718040,718040,Timed-out exchange ID[exchange_ID] not found,%FTD-6-718040: Timed-out exchange ID[exchange_ID] not found,"The Secure Firewall Threat Defense device has detected a dead peer, but the exchange ID is not recognized.",None required.,6,Informational,5,vpn,vpn_load_balancing
+%FTD-7-718041,718041,Timeout [msgType=type] processed with no callback,%FTD-7-718041: Timeout [msgType=type] processed with no callback,"The Secure Firewall Threat Defense device has detected a dead peer, but a call back was not used in the processing.",None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-5-718042,718042,Unable to ARP for [IP_address].,%FTD-5-718042: Unable to ARP for [IP_address].,The Secure Firewall Threat Defense device experienced an ARP failure when attempting to contact a peer.,Verify that the network is operational and that all peers can communicate with each other.,5,Notification,45,vpn,vpn_load_balancing
+%FTD-5-718043,718043,Updating/removing duplicate peer entry [IP_address],%FTD-5-718043: Updating/removing duplicate peer entry [IP_address],The Secure Firewall Threat Defense device found and is removing a duplicate peer entry.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718044,718044,Deleted peer[IP_address],%FTD-5-718044: Deleted peer[IP_address],The Secure Firewall Threat Defense device is deleting a load balancing peer.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718045,718045,Created peer[IP_address],%FTD-5-718045: Created peer[IP_address],The Secure Firewall Threat Defense device has detected a load balancing peer.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-7-718046,718046,Create group policy [policy_name],%FTD-7-718046: Create group policy [policy_name],The Secure Firewall Threat Defense device has created a group policy to securely communicate with the load balancing peers.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718047,718047,Fail to create group policy [policy_name],%FTD-7-718047: Fail to create group policy [policy_name],The Secure Firewall Threat Defense device experienced a failure when attempting to create a group policy for securing the communication between load balancing peers.,Verify that the load balancing configuration is correct.,7,Debugging,25,vpn,vpn_load_balancing
+%FTD-5-718048,718048,Create of secure tunnel failure for peer [IP_address],%FTD-5-718048: Create of secure tunnel failure for peer [IP_address],The Secure Firewall Threat Defense device experienced a failure when attempting to establish an IPsec tunnel to a load balancing peer.,Verify that the load balancing configuration is correct and that the network is operational.,5,Notification,45,vpn,vpn_load_balancing
+%FTD-7-718049,718049,Created secure tunnel to peer[IP_address],%FTD-7-718049: Created secure tunnel to peer[IP_address],The Secure Firewall Threat Defense device successfully established an IPsec tunnel to a load balancing peer.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-5-718050,718050,Delete of secure tunnel failure for peer [IP_address],%FTD-5-718050: Delete of secure tunnel failure for peer [IP_address],The Secure Firewall Threat Defense device experienced a failure when attempting to terminate an IPsec tunnel to a load balancing peer.,Verify that the load balancing configuration is correct and that the network is operational.,5,Notification,45,vpn,vpn_load_balancing
+%FTD-6-718051,718051,Deleted secure tunnel to peer[IP_address],%FTD-6-718051: Deleted secure tunnel to peer[IP_address],The Secure Firewall Threat Defense device successfully terminated an IPsec tunnel to a load balancing peer.,None required.,6,Informational,5,vpn,vpn_load_balancing
+%FTD-5-718052,718052,Received GRAT-ARP from duplicate control node[MAC_address],%FTD-5-718052: Received GRAT-ARP from duplicate control node[MAC_address],The Secure Firewall Threat Defense device received a gratuitous ARP from a duplicate director.,Check the load balancing configuration and verify that the network is operational.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718053,718053,"Detected duplicate control node, mastership stolen[MAC_address]","%FTD-5-718053: Detected duplicate control node, mastership stolen[MAC_address]",The Secure Firewall Threat Defense device detected a duplicate director and a stolen director.,Check the load balancing configuration and verify that the network is operational.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718054,718054,Detected duplicate control node[MAC_address] and going to SLAVE,%FTD-5-718054: Detected duplicate control node[MAC_address] and going to SLAVE,The Secure Firewall Threat Defense device detected a duplicate director and is switching to member mode.,Check the load balancing configuration and verify that the network is operational.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718055,718055,Detected duplicate control node[MAC_address] and staying MASTER,%FTD-5-718055: Detected duplicate control node[MAC_address] and staying MASTER,The Secure Firewall Threat Defense device detected a duplicate director and is staying in member mode.,Check the load balancing configuration and verify that the network is operational.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-7-718056,718056,"Deleted Master peer, IP IP_address","%FTD-7-718056: Deleted Master peer, IP IP_address",The Secure Firewall Threat Defense device deleted the load balancing director from its internal tables.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-5-718057,718057,"Queue send failure from ISR, msg type failure_code","%FTD-5-718057: Queue send failure from ISR, msg type failure_code",An internal software error has occurred while attempting to enqueue a message on the VPN load balancing queue from an Interrupt Service Routing.,"This is generally a benign condition. If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,vpn_load_balancing
+%FTD-7-718058,718058,"State machine return code: action_routine, return_code","%FTD-7-718058: State machine return code: action_routine, return_code",The return codes of action routines belonging to the load balancing finite state machine are being traced.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-7-718059,718059,"State machine function trace: state=state_name, event=event_name, func=action_routine.","%FTD-7-718059: State machine function trace: state=state_name, event=event_name, func=action_routine.",The events and states of the load balancing finite state machine are being traced.,None required.,7,Debugging,5,vpn,vpn_load_balancing
+%FTD-5-718060,718060,Inbound socket select fail: context=context_ID.,%FTD-5-718060: Inbound socket select fail: context=context_ID.,The socket select call returned an error and the socket cannot be read. This might indicate an internal software error.,"If the problem persists, contact the Cisco TAC.",5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718061,718061,Inbound socket read fail: context=context_ID.,%FTD-5-718061: Inbound socket read fail: context=context_ID.,The socket read failed after data was detected through the select call. This might indicate an internal software error.,"If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718062,718062,Inbound thread is awake (context=context_ID).,%FTD-5-718062: Inbound thread is awake (context=context_ID).,The load balancing process is awakened and begins processing.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718063,718063,Interface interface_name is down.,%FTD-5-718063: Interface interface_name is down.,The load balancing process found the interface down.,Check the interface configuration to make sure that the interface is operational.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718064,718064,Admin. interface interface_name is down.,%FTD-5-718064: Admin. interface interface_name is down.,The load balancing process found the administrative interface down.,Check the administrative interface configuration to make sure that the interface is operational.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718065,718065,"Cannot continue to run (public=up, private=down, enable=up, control node=down, session=LB_state).","%FTD-5-718065: Cannot continue to run (public=up, private=down, enable=up, control node=down, session=LB_state).",The load balancing process can not run because all prerequisite conditions have not been met. The prerequisite conditions are two active interfaces and load balancing enabled.,Check the interface configuration to make sure at least two interfaces are operational and load balancing is enabled.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718066,718066,"Cannot add secondary address to interface interface_name, ip IP_address.","%FTD-5-718066: Cannot add secondary address to interface interface_name, ip IP_address.",Load balancing requires a secondary address to be added to the outside interface. A failure occurred in adding that secondary address.,Check the address being used as the secondary address and make sure that it is valid and unique. Check the configuration of the outside interface.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718067,718067,"Cannot delete secondary address to interface interface_name, ip IP_address.","%FTD-5-718067: Cannot delete secondary address to interface interface_name, ip IP_address.",None provided.,None provided.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718068,718068,Start VPN Load Balancing in context context_ID.,%FTD-5-718068: Start VPN Load Balancing in context context_ID.,The load balancing process has been started and initialized.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718069,718069,Stop VPN Load Balancing in context context_ID.,%FTD-5-718069: Stop VPN Load Balancing in context context_ID.,The load balancing process has been stopped.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718070,718070,Reset VPN Load Balancing in context context_ID.,%FTD-5-718070: Reset VPN Load Balancing in context context_ID.,The LB process has been reset.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718071,718071,Terminate VPN Load Balancing in context context_ID.,%FTD-5-718071: Terminate VPN Load Balancing in context context_ID.,The LB process has been terminated.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718072,718072,Becoming control node of Load Balancing in context context_ID.,%FTD-5-718072: Becoming control node of Load Balancing in context context_ID.,The Secure Firewall Threat Defense device has become the LB director.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718073,718073,Becoming data node of Load Balancing in context context_ID.,%FTD-5-718073: Becoming data node of Load Balancing in context context_ID.,The Secure Firewall Threat Defense device has become the LB member.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718074,718074,Fail to create access list for peer context_ID.,%FTD-5-718074: Fail to create access list for peer context_ID.,ACLs are used to create secure tunnels over which the LB peers can communicate. The Secure Firewall Threat Defense device was unable to create one of these ACLs. This might indicate an addressing problem or an internal software problem.,"Check the addressing information of the inside interface on all peers and ensure that all peers are discovered correctly. If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718075,718075,Peer IP_address access list not set.,%FTD-5-718075: Peer IP_address access list not set.,"While removing a secure tunnel, the Secure Firewall Threat Defense device detected a peer entry that did not have an associated ACL.",None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718076,718076,Fail to create tunnel group for peer IP_address.,%FTD-5-718076: Fail to create tunnel group for peer IP_address.,The Secure Firewall Threat Defense device experienced a failure when trying to create a tunnel group for securing the communication between load balancing peers.,Verify that the load balancing configuration is correct.,5,Notification,45,vpn,vpn_load_balancing
+%FTD-5-718077,718077,Fail to delete tunnel group for peer IP_address.,%FTD-5-718077: Fail to delete tunnel group for peer IP_address.,The Secure Firewall Threat Defense device experienced a failure when attempting to delete a tunnel group for securing the communication between load balancing peers.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718078,718078,Fail to create crypto map for peer IP_address.,%FTD-5-718078: Fail to create crypto map for peer IP_address.,The Secure Firewall Threat Defense device experienced a failure when attempting to create a crypto map for securing the communication between load balancing peers.,Verify that the load balancing configuration is correct.,5,Notification,45,vpn,vpn_load_balancing
+%FTD-5-718079,718079,Fail to delete crypto map for peer IP_address.,%FTD-5-718079: Fail to delete crypto map for peer IP_address.,The Secure Firewall Threat Defense device experienced a failure when attempting to delete a crypto map for securing the communication between load balancing peers.,None provided.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718080,718080,Fail to create crypto policy for peer IP_address.,%FTD-5-718080: Fail to create crypto policy for peer IP_address.,The Secure Firewall Threat Defense device experienced a failure when attempting to create a transform set to be used in securing the communication between load balancing peers. This might indicate an internal software problem.,"If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718081,718081,Fail to delete crypto policy for peer IP_address.,%FTD-5-718081: Fail to delete crypto policy for peer IP_address.,The Secure Firewall Threat Defense device experienced a failure when attempting to delete a transform set used in securing the communication between load balancing peers.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-5-718082,718082,Fail to create crypto ipsec for peer IP_address.,%FTD-5-718082: Fail to create crypto ipsec for peer IP_address.,"When cluster encryption for VPN load balancing is enabled, the VPN load balancing device creates a set of site-to-site tunnels for every other device in the load balancing cluster. For each tunnel, a set of crypto parameters (access list, crypto maps, and transform set) is created dynamically. One or more crypto parameters failed to be created or configured.",Examine the message for other entries specific to the type of crypto parameters that failed to be created.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718083,718083,Fail to delete crypto ipsec for peer IP_address.,%FTD-5-718083: Fail to delete crypto ipsec for peer IP_address.,"When the local VPN load balancing device is removed from the cluster, crypto parameters are removed. One or more crypto parameters failed to be deleted.",Examine the message for other entries specific to the type of crypto parameters that failed to be deleted.,5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718084,718084,"Public/cluster IP not on the same subnet: public IP_address, mask netmask, cluster IP_address","%FTD-5-718084: Public/cluster IP not on the same subnet: public IP_address, mask netmask, cluster IP_address",The cluster IP address is not on the same network as the outside interface of the Secure Firewall Threat Defense device.,None provided.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718085,718085,Interface interface_name has no IP address defined.,%FTD-5-718085: Interface interface_name has no IP address defined.,The interface does not have an IP address configured.,Configure an IP address for the interface.,5,Notification,25,vpn,vpn_load_balancing
+%FTD-5-718086,718086,"Fail to install LB NP rules: type rule_type, dst interface_name, port port.","%FTD-5-718086: Fail to install LB NP rules: type rule_type, dst interface_name, port port.",The Secure Firewall Threat Defense device experienced a failure when attempting to create a SoftNP ACL rule to be used in securing the communication between load balancing peers. This may indicate an internal software problem.,"If the problem persists, contact the Cisco TAC.",5,Notification,35,vpn,vpn_load_balancing
+%FTD-5-718087,718087,"Fail to delete LB NP rules: type rule_type, rule rule_ID.","%FTD-5-718087: Fail to delete LB NP rules: type rule_type, rule rule_ID.",The Secure Firewall Threat Defense device experienced a failure when attempting to delete the SoftNP ACL rule used in securing the communication between load balancing peers.,None required.,5,Notification,5,vpn,vpn_load_balancing
+%FTD-7-718088,718088,Possible VPN LB misconfiguration. Offending device MAC [MAC_address].,%FTD-7-718088: Possible VPN LB misconfiguration. Offending device MAC [MAC_address].,The presence of a duplicate director indicates that one of the load balancing peers may be misconfigured.,"Check the load balancing configuration on all peers, but pay special attention to the peer identified.",7,Debugging,5,vpn,vpn_load_balancing
+%FTD-6-719001,719001,Email Proxy session could not be established: session limit of maximum_sessions has been reached.,%FTD-6-719001: Email Proxy session could not be established: session limit of maximum_sessions has been reached.,The incoming e-mail proxy session cannot be established because the maximum session limit has been reached.,None required.,6,Informational,5,network,proxy_email
+%FTD-3-719002,719002,Email Proxy session pointer from source_address has been terminated due to reason error.,%FTD-3-719002: Email Proxy session pointer from source_address has been terminated due to reason error.,"The session has been terminated because of an error. The possible errors are failure to add a session to the session database, failure to allocate memory, and failure to write data to a channel.",None required.,3,Error,5,network,proxy_email
+%FTD-6-719003,719003,Email Proxy session pointer resources have been freed for source_address .,%FTD-6-719003: Email Proxy session pointer resources have been freed for source_address .,The dynamic allocated session structure has been freed and set to NULL after the session terminated.,None required.,6,Informational,5,network,proxy_email
+%FTD-6-719004,719004,Email Proxy session pointer has been successfully established for source_address .,%FTD-6-719004: Email Proxy session pointer has been successfully established for source_address .,A new incoming e-mail client session has been established.,None required.,6,Informational,5,network,proxy_email
+%FTD-7-719005,719005,FSM NAME has been created using protocol for session pointer from source_address .,%FTD-7-719005: FSM NAME has been created using protocol for session pointer from source_address .,The FSM has been created for an incoming new session.,None required.,7,Debugging,5,network,proxy_email
+%FTD-7-719006,719006,Email Proxy session pointer has timed out for source_address because of network congestion.,%FTD-7-719006: Email Proxy session pointer has timed out for source_address because of network congestion.,"Network congestion is occurring, and data cannot be sent to either an e-mail client or an e-mail server. This condition starts the block timer. After the block timer is timed out, the session expires.",Retry the operation after a few minutes.,7,Debugging,5,network,proxy_email
+%FTD-7-719007,719007,Email Proxy session pointer cannot be found for source_address .,%FTD-7-719007: Email Proxy session pointer cannot be found for source_address .,A matching session cannot be found in the session database. The session pointer is bad.,None required.,7,Debugging,5,network,proxy_email
+%FTD-3-719008,719008,Email Proxy service is shutting down.,%FTD-3-719008: Email Proxy service is shutting down.,"The e-mail proxy is disabled. All resources are cleaned up, and all threads are terminated.",None required.,3,Error,5,network,proxy_email
+%FTD-7-719009,719009,Email Proxy service is starting.,%FTD-7-719009: Email Proxy service is starting.,The e-mail proxy is enabled.,None required.,7,Debugging,5,network,proxy_email
+%FTD-6-719010,719010,protocol Email Proxy feature is disabled on interface interface_name .,%FTD-6-719010: protocol Email Proxy feature is disabled on interface interface_name .,"The e-mail proxy feature is disabled on a specific entry point, invoked from the CLI. This is the main off switch for the user. When all protocols are turned off for all interfaces, the main shut-down routine is invoked to clean up global resources and threads.",None required.,6,Informational,5,network,proxy_email
+%FTD-6-719011,719011,Protocol Email Proxy feature is enabled on interface interface_name .,%FTD-6-719011: Protocol Email Proxy feature is enabled on interface interface_name .,"The e-mail proxy feature is enabled on a specific entry point, invoked from the CLI. This is the main on switch for the user. When it is first used, the main startup routine is invoked to allocate global resources and threads. Subsequent calls only need to start listening threads for the particular protocol.",None required.,6,Informational,5,network,proxy_email
+%FTD-6-719012,719012,Email Proxy server listening on port port for mail protocol protocol .,%FTD-6-719012: Email Proxy server listening on port port for mail protocol protocol .,A listening channel is opened for a specific protocol on a configured port and has added it to a TCP select group.,None required.,6,Informational,5,network,proxy_email
+%FTD-6-719013,719013,Email Proxy server closing port port for mail protocol protocol .,%FTD-6-719013: Email Proxy server closing port port for mail protocol protocol .,A listening channel is closed for a specific protocol on a configured port and has removed it from the TCP select group.,None required.,6,Informational,5,network,proxy_email
+%FTD-5-719014,719014,Email Proxy is changing listen port from old_port to new_port for mail protocol protocol .,%FTD-5-719014: Email Proxy is changing listen port from old_port to new_port for mail protocol protocol .,A change is signaled in the listening port for the specified protocol. All enabled interfaces for that port have their listening channels closed and have restarted listening on the new port. This action is invoked from the CLI.,None required.,5,Notification,5,network,proxy_email
+%FTD-7-719015,719015,"Parsed emailproxy session pointer from source_address username: mailuser = mail_user , vpnuser = VPN_user , mailserver = server","%FTD-7-719015: Parsed emailproxy session pointer from source_address username: mailuser = mail_user , vpnuser = VPN_user , mailserver = server","The username string is received from the client in the format vpnuser (name delimiter) mailuser (server delimiter) mailserver (for example: xxx:yyy@cisco.com). The name delimiter is optional. When the delimiter is not there, the VPN username and mail username are the same. The server delimiter is optional. When it is not present, the default configured mail server will be used.",None required.,7,Debugging,5,network,proxy_email
+%FTD-7-719016,719016,"Parsed emailproxy session pointer from source_address password: mailpass = ******, vpnpass= ******","%FTD-7-719016: Parsed emailproxy session pointer from source_address password: mailpass = ******, vpnpass= ******","The password string is received from the client in the format, vpnpass (name delimiter) mailpass (for example: xxx:yyy). The name delimiter is optional. When it is not present, the VPN password and mail password are the same.",None required.,7,Debugging,5,network,proxy_email
+%FTD-6-719017,719017,WebVPN user: vpnuser invalid dynamic ACL.,%FTD-6-719017: WebVPN user: vpnuser invalid dynamic ACL.,"The WebVPN session is aborted because the ACL has failed to parse for this user. The ACL determines what the user restrictions are on e-mail account access. The ACL is downloaded from the AAA server. Because of this error, it is unsafe to proceed with login.",Check the AAA server and fix the dynamic ACL for this user.,6,Informational,25,network,proxy_email
+%FTD-6-719018,719018,WebVPN user: vpnuser ACL ID acl_ID not found,%FTD-6-719018: WebVPN user: vpnuser ACL ID acl_ID not found,"The ACL cannot be found at the local maintained ACL list. The ACL determines what the user restrictions are on e-mail account access. The ACL is configured locally. Because of this error, you cannot be authorized to proceed.",None provided.,6,Informational,15,network,proxy_email
+%FTD-6-719019,719019,WebVPN user: vpnuser authorization failed.,%FTD-6-719019: WebVPN user: vpnuser authorization failed.,The ACL determines what the user restrictions are on e-mail account access. The user cannot access the e-mail account because the authorization check fails.,None required.,6,Informational,5,network,proxy_email
+%FTD-6-719020,719020,WebVPN user vpnuser authorization completed successfully.,%FTD-6-719020: WebVPN user vpnuser authorization completed successfully.,The ACL determines what the user restrictions are on e-mail account access. The user is authorized to access the e-mail account.,None required.,6,Informational,5,network,proxy_email
+%FTD-6-719021,719021,WebVPN user: vpnuser is not checked against ACL.,%FTD-6-719021: WebVPN user: vpnuser is not checked against ACL.,The ACL determines what the user restrictions are on e-mail account access. The authorization checking using the ACL is not enabled.,"Enable the ACL checking feature, if necessary.",6,Informational,15,network,proxy_email
+%FTD-6-719022,719022,WebVPN user vpnuser has been authenticated.,%FTD-6-719022: WebVPN user vpnuser has been authenticated.,The username is authenticated by the AAA server.,None required.,6,Informational,5,network,proxy_email
+%FTD-6-719023,719023,WebVPN user vpnuser has not been successfully authenticated. Access denied.,%FTD-6-719023: WebVPN user vpnuser has not been successfully authenticated. Access denied.,The username is denied by the AAA server. The session will be aborted. The user is not allowed to access the e-mail account.,None required.,6,Informational,35,network,proxy_email
+%FTD-6-719024,719024,Email Proxy piggyback auth fail: session = pointer user=vpnuser addr=source_address,%FTD-6-719024: Email Proxy piggyback auth fail: session = pointer user=vpnuser addr=source_address,"The Piggyback authentication is using an established WebVPN session to verify the username and IP address matching in the WebVPN session database. This is based on the assumption that the WebVPN session and e-mail proxy session are initiated by the same user, and a WebVPN session is already established. Because the authentication has failed, the session will be aborted. The user is not allowed to access the e-mail account.",None required.,6,Informational,5,network,proxy_email
+%FTD-6-719025,719025,Email Proxy DNS name resolution failed for hostname .,%FTD-6-719025: Email Proxy DNS name resolution failed for hostname .,"The hostname cannot be resolved with the IP address because it is not valid, or no DNS server is available.",Check DNS server availability and whether or not the configured mail server name is valid.,6,Informational,25,network,proxy_email
+%FTD-6-719026,719026,Email Proxy DNS name hostname resolved to IP_address .,%FTD-6-719026: Email Proxy DNS name hostname resolved to IP_address .,The hostname has successfully been resolved with the IP address.,None required.,6,Informational,5,network,proxy_email
+%FTD-4-720001,720001,(VPN-unit ) Failed to initialize with Chunk Manager.,%FTD-4-720001: (VPN-unit ) Failed to initialize with Chunk Manager.,"The VPN failover subsystem fails to initialize with the memory buffer management subsystem. A system-wide problem has occurred, and the VPN failover subsystem cannot be started.",None provided.,4,Warning,55,vpn,vpn_failover
+%FTD-6-720002,720002,(VPN-unit ) Starting VPN Stateful Failover Subsystem...,%FTD-6-720002: (VPN-unit ) Starting VPN Stateful Failover Subsystem...,The VPN failover subsystem is starting and booting up.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720003,720003,(VPN-unit ) Initialization of VPN Stateful Failover Component completed successfully,%FTD-6-720003: (VPN-unit ) Initialization of VPN Stateful Failover Component completed successfully,The VPN failover subsystem initialization is completed at boot time.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720004,720004,(VPN-unit ) VPN failover main thread started.,%FTD-6-720004: (VPN-unit ) VPN failover main thread started.,The VPN failover main processing thread is started at boot time.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720005,720005,(VPN-unit ) VPN failover timer thread started.,%FTD-6-720005: (VPN-unit ) VPN failover timer thread started.,The VPN failover timer processing thread is started at boot time.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720006,720006,(VPN-unit ) VPN failover sync thread started.,%FTD-6-720006: (VPN-unit ) VPN failover sync thread started.,The VPN failover bulk synchronization processing thread is started at boot time.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-4-720007,720007,(VPN-unit ) Failed to allocate chunk from Chunk Manager.,%FTD-4-720007: (VPN-unit ) Failed to allocate chunk from Chunk Manager.,The set of preallocated memory buffers is running out. The Secure Firewall Threat Defense device has a resource issue. The Secure Firewall Threat Defense device may be under heavy load when too many messages are being processed.,This condition may be improved later when the VPN failover subsystem processes outstanding messages and frees up previously allocated memory.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720008,720008,(VPN-unit ) Failed to register to High Availability Framework.,%FTD-4-720008: (VPN-unit ) Failed to register to High Availability Framework.,"The VPN failover subsystem failed to register to the core failover subsystem. The VPN failover subsystem cannot be started, which may be caused by initialization problems of other subsystems.",Search the message for any sign of system-wide initialization problems.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720009,720009,(VPN-unit ) Failed to create version control block.,%FTD-4-720009: (VPN-unit ) Failed to create version control block.,"The VPN failover subsystem failed to create a version control block. This step is required for the VPN failover subsystem to find out the backward compatible firmware versions for the current release. The VPN failover subsystem cannot be started, which may be caused by initialization problems of other subsystems.",Search the message for any sign of system-wide initialization problems.,4,Warning,55,vpn,vpn_failover
+%FTD-6-720010,720010,(VPN-unit ) VPN failover client is being disabled,%FTD-6-720010: (VPN-unit ) VPN failover client is being disabled,"An operator enabled failover without defining a failover key. In order to use a VPN failover, a failover key must be defined.",Use the failover key command to define a shared secret key between the active and standby units.,6,Informational,15,vpn,vpn_failover
+%FTD-4-720011,720011,(VPN-unit ) Failed to allocate memory,%FTD-4-720011: (VPN-unit ) Failed to allocate memory,"The VPN failover subsystem cannot allocate a memory buffer, which indicates a system-wide resource problem. The Secure Firewall Threat Defense device may be under heavy load.",None provided.,4,Warning,55,vpn,vpn_failover
+%FTD-6-720012,720012,(VPN-unit ) Failed to update IPsec failover runtime data on the standby unit.,%FTD-6-720012: (VPN-unit ) Failed to update IPsec failover runtime data on the standby unit.,The VPN failover subsystem cannot update IPsec-related runtime data because the corresponding IPsec tunnel has been deleted on the standby unit.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-4-720013,720013,(VPN-unit ) Failed to insert certificate in trustpoint trustpoint_name,%FTD-4-720013: (VPN-unit ) Failed to insert certificate in trustpoint trustpoint_name,The VPN failover subsystem tried to insert a certificate in the trustpoint.,Check the certificate content to determine if it is invalid.,4,Warning,55,vpn,vpn_failover
+%FTD-6-720014,720014,"(VPN-unit ) Phase 2 connection entry (msg_id=message_number , my cookie=mine , his cookie=his ) contains no SA list.","%FTD-6-720014: (VPN-unit ) Phase 2 connection entry (msg_id=message_number , my cookie=mine , his cookie=his ) contains no SA list.",No security association is linked to the Phase 2 connection entry.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720015,720015,"(VPN-unit ) Cannot found Phase 1 SA for Phase 2 connection entry (msg_id=message_number ,my cookie=mine , his cookie=his ).","%FTD-6-720015: (VPN-unit ) Cannot found Phase 1 SA for Phase 2 connection entry (msg_id=message_number ,my cookie=mine , his cookie=his ).",The corresponding Phase 1 security association for the given Phase 2 connection entry cannot be found.,None provided.,6,Informational,15,vpn,vpn_failover
+%FTD-5-720016,720016,(VPN-unit) Failed to initialize default timer #index .,%FTD-5-720016: (VPN-unit) Failed to initialize default timer #index .,The VPN failover subsystem failed to initialize the given timer event. The VPN failover subsystem cannot be started at boot time.,Search the message for any sign of system-wide initialization problems.,5,Notification,35,vpn,vpn_failover
+%FTD-5-720017,720017,(VPN-unit ) Failed to update LB runtime data,%FTD-5-720017: (VPN-unit ) Failed to update LB runtime data,The VPN failover subsystem failed to update the VPN load balancing runtime data.,None required.,5,Notification,5,vpn,vpn_failover
+%FTD-5-720018,720018,(VPN-unit ) Failed to get a buffer from the underlying core high availability subsystem. Error code code.,%FTD-5-720018: (VPN-unit ) Failed to get a buffer from the underlying core high availability subsystem. Error code code.,The Secure Firewall Threat Defense device may be under heavy load. The VPN failover subsystem failed to obtain a failover buffer.,"Decrease the amount of incoming traffic to improve the current load condition. With decreased incoming traffic, the Secure Firewall Threat Defense device will free up memory allocated for processing the incoming load.",5,Notification,35,vpn,vpn_failover
+%FTD-5-720019,720019,(VPN-unit ) Failed to update cTCP statistics.,%FTD-5-720019: (VPN-unit ) Failed to update cTCP statistics.,The VPN failover subsystem failed to update the IPsec/cTCP-related statistics.,"None required. Updates are sent periodically, so the standby unit IPsec/cTCP statistics should be updated with the next update message.",5,Notification,5,vpn,vpn_failover
+%FTD-5-720020,720020,(VPN-unit ) Failed to send type timer message.,%FTD-5-720020: (VPN-unit ) Failed to send type timer message.,The VPN failover subsystem failed to send a periodic timer message to the standby unit.,None required. The periodic timer message will be resent during the next timeout.,5,Notification,5,vpn,vpn_failover
+%FTD-5-720021,720021,(VPN-unit ) HA non-block send failed for peer msg message_number . HA error code .,%FTD-5-720021: (VPN-unit ) HA non-block send failed for peer msg message_number . HA error code .,The VPN failover subsystem failed to send a nonblock message. This is a temporary condition caused by the Secure Firewall Threat Defense device being under load or out of resources.,The condition will improve as more resources become available to the Secure Firewall Threat Defense device.,5,Notification,35,vpn,vpn_failover
+%FTD-4-720022,720022,(VPN-unit ) Cannot find trustpoint trustpoint,%FTD-4-720022: (VPN-unit ) Cannot find trustpoint trustpoint,An error occurred when the VPN failover subsystem tried to look up a trustpoint by name.,The trustpoint may be deleted by an operator.,4,Warning,45,vpn,vpn_failover
+%FTD-6-720023,720023,(VPN-unit ) HA status callback: Peer is not present.,%FTD-6-720023: (VPN-unit ) HA status callback: Peer is not present.,The VPN failover subsystem is notified by the core failover subsystem when the local Secure Firewall Threat Defense device detected that a peer is available or becomes unavailable.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720024,720024,(VPN-unit ) HA status callback: Control channel is status .,%FTD-6-720024: (VPN-unit ) HA status callback: Control channel is status .,None provided.,None provided.,6,Informational,15,vpn,vpn_failover
+%FTD-6-720025,720025,(VPN-unit ) HA status callback: Data channel is status .,%FTD-6-720025: (VPN-unit ) HA status callback: Data channel is status .,The failover data channel is up or down.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720026,720026,(VPN-unit ) HA status callback: Current progression is being aborted.,%FTD-6-720026: (VPN-unit ) HA status callback: Current progression is being aborted.,"An operator or other external condition has occurred and has caused the current failover progression to abort before the failover peer agrees on the role (either active or standby). For example, when the failover active command is entered on the standby unit during the negotiation, or when the active unit is being rebooted.",None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720027,720027,(VPN-unit ) HA status callback: My state state .,%FTD-6-720027: (VPN-unit ) HA status callback: My state state .,The state of the local failover device is changed.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720028,720028,(VPN-unit ) HA status callback: Peer state state .,%FTD-6-720028: (VPN-unit ) HA status callback: Peer state state .,The current state of the failover peer is reported.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720029,720029,(VPN-unit ) HA status callback: Start VPN bulk sync state.,%FTD-6-720029: (VPN-unit ) HA status callback: Start VPN bulk sync state.,The active unit is ready to send all the state information to the standby unit.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720030,720030,(VPN-unit ) HA status callback: Stop bulk sync state.,%FTD-6-720030: (VPN-unit ) HA status callback: Stop bulk sync state.,The active unit finished sending all the state information to the standby unit.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-7-720031,720031,(VPN-unit ) HA status callback: Invalid event received. event=event_ID .,%FTD-7-720031: (VPN-unit ) HA status callback: Invalid event received. event=event_ID .,The VPN failover subsystem received an invalid callback event from the underlying failover subsystem.,None required.,7,Debugging,5,vpn,vpn_failover
+%FTD-6-720032,720032,"(VPN-unit) HA status callback: id=ID , seq=sequence_# , grp=group , event=event , op=operand , my=my_state , peer=peer_state .","%FTD-6-720032: (VPN-unit) HA status callback: id=ID , seq=sequence_# , grp=group , event=event , op=operand , my=my_state , peer=peer_state .",The VPN failover subsystem indicated that a status update was notified by the underlying failover subsystem.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-4-720033,720033,(VPN-unit ) Failed to queue add to message queue.,%FTD-4-720033: (VPN-unit ) Failed to queue add to message queue.,"System resources may be running low. An error occurred when the VPN failover subsystem tried to queue an internal message. This may be a temporary condition indicating that the Secure Firewall Threat Defense device is under heavy load, and the VPN failover subsystem cannot allocate resource to handle incoming traffic.","This error condition may disappear if the current load of the Secure Firewall Threat Defense device is reduced, and additional system resources become available for processing new messages again.",4,Warning,55,vpn,vpn_failover
+%FTD-7-720034,720034,(VPN-unit ) Invalid type (type ) for message handler.,%FTD-7-720034: (VPN-unit ) Invalid type (type ) for message handler.,An error occurred when the VPN failover subsystem tried to process an invalid message type.,None required.,7,Debugging,5,vpn,vpn_failover
+%FTD-5-720035,720035,(VPN-unit ) Fail to look up CTCP flow handle,%FTD-5-720035: (VPN-unit ) Fail to look up CTCP flow handle,The cTCP flow may be deleted on the standby unit before the VPN failover subsystem tries to do a lookup.,"Look for any sign of cTCP flow deletion in the message to determine the reason (for example, idle timeout) why the flow was deleted.",5,Notification,35,vpn,vpn_failover
+%FTD-5-720036,720036,(VPN-unit ) Failed to process state update message from the active peer.,%FTD-5-720036: (VPN-unit ) Failed to process state update message from the active peer.,An error occurred when the VPN failover subsystem tried to process a state update message received by the standby unit.,None required. This may be a temporary condition because of the current load or low system resources.,5,Notification,5,vpn,vpn_failover
+%FTD-6-720037,720037,"(VPN-unit ) HA progression callback: id=id ,seq=sequence_number ,grp=group ,event=event ,op=operand , my=my_state ,peer=peer_state .","%FTD-6-720037: (VPN-unit ) HA progression callback: id=id ,seq=sequence_number ,grp=group ,event=event ,op=operand , my=my_state ,peer=peer_state .",The status of the current failover progression is reported.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-4-720038,720038,(VPN-unit ) Corrupted message from active unit.,%FTD-4-720038: (VPN-unit ) Corrupted message from active unit.,"The standby unit received a corrupted message from the active unit. Messages from the active unit are corrupted, which may be caused by incompatible firmware running between the active and standby units. The local unit has become the active unit of the failover pair.",None required.,4,Warning,65,vpn,vpn_failover
+%FTD-6-720039,720039,(VPN-unit ) VPN failover client is transitioning to active state,%FTD-6-720039: (VPN-unit ) VPN failover client is transitioning to active state,The local unit has become the active unit of the failover pair.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720040,720040,(VPN-unit ) VPN failover client is transitioning to standby state.,%FTD-6-720040: (VPN-unit ) VPN failover client is transitioning to standby state.,The local unit has become the standby unit of the failover pair.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-7-720041,720041,(VPN-unit ) Sending type message id to standby unit,%FTD-7-720041: (VPN-unit ) Sending type message id to standby unit,A message has been sent from the active unit to the standby unit.,None required.,7,Debugging,5,vpn,vpn_failover
+%FTD-7-720042,720042,(VPN-unit ) Receiving type message id from active unit,%FTD-7-720042: (VPN-unit ) Receiving type message id from active unit,A message has been received from the active unit by the standby unit.,None required.,7,Debugging,5,vpn,vpn_failover
+%FTD-4-720043,720043,(VPN-unit ) Failed to send type message id to standby unit,%FTD-4-720043: (VPN-unit ) Failed to send type message id to standby unit,"An error occurred when the VPN failover subsystem tried to send a message from the active unit to the standby unit. The error may be caused by message 720018, in which the core failover subsystem runs out of failover buffer or the failover LAN link is down.",Use the show failover command to see if the failover pair is running correctly and the failover LAN link is up.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720044,720044,(VPN-unit ) Failed to receive message from active unit,%FTD-4-720044: (VPN-unit ) Failed to receive message from active unit,An error occurred when the VPN failover subsystem tried to receive a message on the standby unit. The error may be caused by a corrupted message or an inadequate amount of memory allocated for storing the incoming message.,Use the show failover command and look for receive errors to determine if this is a VPN failover-specific problem or a general failover issue. Corrupted messages may be caused by incompatible firmware versions running on the active and standby units. Use the show memory command to determine if a low memory condition exists.,4,Warning,75,vpn,vpn_failover
+%FTD-6-720045,720045,(VPN-unit ) Start bulk syncing of state information on standby unit.,%FTD-6-720045: (VPN-unit ) Start bulk syncing of state information on standby unit.,The standby unit has been notified to start receiving bulk synchronization information from the active unit.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720046,720046,(VPN-unit ) End bulk syncing of state information on standby unit,%FTD-6-720046: (VPN-unit ) End bulk syncing of state information on standby unit,The standby unit has been notified that bulk synchronization from the active unit is completed.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-4-720047,720047,(VPN-unit ) Failed to sync SDI node secret file for server IP_address on the standby unit.,%FTD-4-720047: (VPN-unit ) Failed to sync SDI node secret file for server IP_address on the standby unit.,An error occurred when the VPN failover subsystem tried to synchronize a node secret file for the SDI server on the standby unit. The SDI node secret file is stored in flash. The error may indicate that the flash file system is full or corrupted.,"Use the dir command to display the flash contents. The node secret file has the filename, ip .sdi.",4,Warning,75,vpn,vpn_failover
+%FTD-7-720048,720048,"(VPN-unit ) FSM action trace begin: state=state , last event=event , func=function .","%FTD-7-720048: (VPN-unit ) FSM action trace begin: state=state , last event=event , func=function .",A VPN failover subsystem finite state machine function has started.,None required.,7,Debugging,5,vpn,vpn_failover
+%FTD-7-720049,720049,"(VPN-unit ) FSM action trace end: state=state , last event=event , return=return , func=function .","%FTD-7-720049: (VPN-unit ) FSM action trace end: state=state , last event=event , return=return , func=function .",A VPN failover subsystem finite state machine function has finished.,None required.,7,Debugging,5,vpn,vpn_failover
+%FTD-7-720050,720050,(VPN-unit ) Failed to remove timer. ID = id .,%FTD-7-720050: (VPN-unit ) Failed to remove timer. ID = id .,A timer cannot be removed from the timer processing thread.,None required.,7,Debugging,5,vpn,vpn_failover
+%FTD-4-720051,720051,(VPN-unit ) Failed to add new SDI node secret file for server id on the standby unit.,%FTD-4-720051: (VPN-unit ) Failed to add new SDI node secret file for server id on the standby unit.,An error occurred when the VPN failover subsystem tried to add a node secret file for the SDI server on the standby unit. The SDI node secret file is stored in flash. The error may indicate that the flash file system is full or corrupted.,"Use the dir command to display the flash contents. The node secret file has the filename, ip.sdi.",4,Warning,75,vpn,vpn_failover
+%FTD-4-720052,720052,(VPN-unit ) Failed to delete SDI node secret file for server id on the standby unit.,%FTD-4-720052: (VPN-unit ) Failed to delete SDI node secret file for server id on the standby unit.,"An error occurred when the VPN failover subsystem tried to delete a node secret file on the active unit. The node secret file being deleted may not exist in the flash file system, or there was problem reading the flash file system.",None provided.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720053,720053,"(VPN-unit ) Failed to add cTCP IKE rule during bulk sync, peer=IP_address , port=port","%FTD-4-720053: (VPN-unit ) Failed to add cTCP IKE rule during bulk sync, peer=IP_address , port=port","An error occurred when the VPN failover subsystem tried to load a cTCP IKE rule on the standby unit during bulk synchronization. The standby unit may be under heavy load, and the new IKE rule request may time out before completion.",None required.,4,Warning,5,vpn,vpn_failover
+%FTD-4-720054,720054,"(VPN-unit ) Failed to add new cTCP record, peer=IP_address , port=port .","%FTD-4-720054: (VPN-unit ) Failed to add new cTCP record, peer=IP_address , port=port .","A cTCP record is replicated to the standby unit and cannot be updated. The corresponding IPsec over cTCP tunnel may not be functioning after failover. The cTCP database may be full, or a record with the same peer IP address and port number exists already.",This may be a temporary condition and may improve when the existing cTCP tunnel is restored.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720055,720055,(VPN-unit ) VPN Stateful failover can only be run in single/non-transparent mode.,%FTD-4-720055: (VPN-unit ) VPN Stateful failover can only be run in single/non-transparent mode.,The VPN subsystem does not start unless it is running in single (nontransparent) mode.,Configure the Secure Firewall Threat Defense device for the appropriate mode to support VPN failover and restart the Secure Firewall Threat Defense device.,4,Warning,45,vpn,vpn_failover
+%FTD-6-720056,720056,(VPN-unit ) VPN Stateful failover Message Thread is being disabled.,%FTD-6-720056: (VPN-unit ) VPN Stateful failover Message Thread is being disabled.,"The VPN failover subsystem main message processing thread is disabled when you have tried to enable failover, but a failover key is not defined. A failover key is required for VPN failover.",None provided.,6,Informational,15,vpn,vpn_failover
+%FTD-6-720057,720057,(VPN-unit ) VPN Stateful failover Message Thread is enabled.,%FTD-6-720057: (VPN-unit ) VPN Stateful failover Message Thread is enabled.,The VPN failover subsystem main message processing thread is enabled when failover is enabled and a failover key is defined.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720058,720058,(VPN-unit ) VPN Stateful failover Timer Thread is disabled.,%FTD-6-720058: (VPN-unit ) VPN Stateful failover Timer Thread is disabled.,The VPN failover subsystem main timer processing thread is disabled when the failover key is not defined and failover is enabled.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720059,720059,(VPN-unit ) VPN Stateful failover Timer Thread is enabled.,%FTD-6-720059: (VPN-unit ) VPN Stateful failover Timer Thread is enabled.,The VPN failover subsystem main timer processing thread is enabled when the failover key is defined and failover is enabled.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720060,720060,(VPN-unit ) VPN Stateful failover Sync Thread is disabled.,%FTD-6-720060: (VPN-unit ) VPN Stateful failover Sync Thread is disabled.,"The VPN failover subsystem main bulk synchronization processing thread is disabled when failover is enabled, but the failover key is not defined.",None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720061,720061,(VPN-unit ) VPN Stateful failover Sync Thread is enabled.,%FTD-6-720061: (VPN-unit ) VPN Stateful failover Sync Thread is enabled.,The VPN failover subsystem main bulk synchronization processing thread is enabled when failover is enabled and the failover key is defined.,None provided.,6,Informational,15,vpn,vpn_failover
+%FTD-6-720062,720062,(VPN-unit ) Active unit started bulk sync of state information to standby unit.,%FTD-6-720062: (VPN-unit ) Active unit started bulk sync of state information to standby unit.,The VPN failover subsystem active unit has started bulk synchronization of state information to the standby unit.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-6-720063,720063,(VPN-unit ) Active unit completed bulk sync of state information to standby.,%FTD-6-720063: (VPN-unit ) Active unit completed bulk sync of state information to standby.,The VPN failover subsystem active unit has completed bulk synchronization of state information to the standby unit.,None required.,6,Informational,5,vpn,vpn_failover
+%FTD-4-720064,720064,"(VPN-unit ) Failed to update cTCP database record for peer=IP_address , port=port during bulk sync.","%FTD-4-720064: (VPN-unit ) Failed to update cTCP database record for peer=IP_address , port=port during bulk sync.",An error occurred while the VPN failover subsystem attempted to update an existing cTCP record during bulk synchronization. The cTCP record may have been deleted from the cTCP database on the standby unit and cannot be found.,Search in the message.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720065,720065,"(VPN-unit ) Failed to add new cTCP IKE rule, peer=peer , port=port .","%FTD-4-720065: (VPN-unit ) Failed to add new cTCP IKE rule, peer=peer , port=port .","An error occurred when the VPN failover subsystem tried to add a new IKE rule for the cTCP database entry on the standby unit. The Secure Firewall Threat Defense device may be under heavy load, and the request for adding a cTCP IKE rule timed out and was never completed.",None provided.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720066,720066,(VPN-unit ) Failed to activate IKE database.,%FTD-4-720066: (VPN-unit ) Failed to activate IKE database.,An error occurred when the VPN failover subsystem tried to activate the IKE security association database while the standby unit was transitioning to the active state. There may be resource-related issues on the standby unit that prevent the IKE security association database from activating.,Use the show failover command to see if the failover pair is still working correctly and/or look for other IKE-related errors in the message.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720067,720067,(VPN-unit ) Failed to deactivate IKE database.,%FTD-4-720067: (VPN-unit ) Failed to deactivate IKE database.,An error occurred when the VPN failover subsystem tried to deactivate the IKE security association database while the active unit was transitioning to the standby state. There may be resource-related issues on the active unit that prevent the IKE security association database from deactivating.,Use the show failover command to see if the failover pair is still working correctly and/or look for IKE-related errors in the message.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720068,720068,(VPN-unit ) Failed to parse peer message.,%FTD-4-720068: (VPN-unit ) Failed to parse peer message.,An error occurred when the VPN failover subsystem tried to parse a peer message received on the standby unit. The peer message received on the standby unit cannot be parsed.,"Make sure that both active and standby units are running the same version of firmware. Also, use the show failover command to ensure that the failover pair is still working correctly.",4,Warning,55,vpn,vpn_failover
+%FTD-4-720069,720069,(VPN-unit ) Failed to activate cTCP database.,%FTD-4-720069: (VPN-unit ) Failed to activate cTCP database.,An error occurred when the VPN failover subsystem tried to activate the cTCP database while the standby unit was transitioning to the active state. There may be resource-related issues on the standby unit that prevent the cTCP database from activating.,Use the show failover command to see if the failover pair is still working correctly and/or look for other cTCP related errors in the message.,4,Warning,55,vpn,vpn_failover
+%FTD-4-720070,720070,(VPN-unit ) Failed to deactivate cTCP database.,%FTD-4-720070: (VPN-unit ) Failed to deactivate cTCP database.,An error occurred when the VPN failover subsystem tried to deactivate the cTCP database while the active unit was transitioning to the standby state. There may be resource-related issues on the active unit that prevent the cTCP database from deactivating.,Use the show failover command to see if the failover pair is still working correctly and/or look for cTCP related errors in the message.,4,Warning,55,vpn,vpn_failover
+%FTD-5-720071,720071,(VPN-unit ) Failed to update cTCP dynamic data.,%FTD-5-720071: (VPN-unit ) Failed to update cTCP dynamic data.,An error occurred while the VPN failover subsystem tried to update cTCP dynamic data.,"This may be a temporary condition. Because this is a periodic update, wait to see if the same error recurs. Also, look for other failover-related messages in the message.",5,Notification,35,vpn,vpn_failover
+%FTD-5-720072,720072,"Timeout waiting for Integrity Firewall Server [interface ,ip ] to become available.","%FTD-5-720072: Timeout waiting for Integrity Firewall Server [interface ,ip ] to become available.","The Zonelab Integrity Server cannot reestablish a connection before timeout. In an active/standby failover setup, the SSL connection between a Zonelab Integrity Server and the Secure Firewall Threat Defense device needs to be reestablished after a failover.","Check that the configuration on the Secure Firewall Threat Defense device and the Zonelab Integrity Server match, and verify communication between the Secure Firewall Threat Defense device and the Zonelab Integrity Server.",5,Notification,45,vpn,vpn_failover
+%FTD-4-720073,720073,VPN Session failed to replicate - ACL acl_name not found,%FTD-4-720073: VPN Session failed to replicate - ACL acl_name not found,"When replicating VPN sessions to the standby unit, the standby unit failed to find the associated filter ACL.",Verify that the configuration on the standby unit has not been modified while in standby state. Resynchronize the standby unit by issuing the write standby command on the active unit.,4,Warning,65,vpn,vpn_failover
+%FTD-6-721001,721001,(device ) WebVPN Failover SubSystem started successfully.(device ) either WebVPN-primary or WebVPN-secondary.,%FTD-6-721001: (device ) WebVPN Failover SubSystem started successfully.(device ) either WebVPN-primary or WebVPN-secondary.,"The WebVPN failover subsystem in the current failover unit, either primary or secondary, has been started successfully.",None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-6-721002,721002,"(device ) HA status change: event event , my state my_state , peer state peer .","%FTD-6-721002: (device ) HA status change: event event , my state my_state , peer state peer .","The WebVPN failover subsystem receives status notification from the core HA component periodically. The incoming event, the new state of the local Secure Firewall Threat Defense device, and the new state of the failover peer are reported. device",None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-6-721003,721003,"(device ) HA progression change: event event , my state my_state , peer state peer .","%FTD-6-721003: (device ) HA progression change: event event , my state my_state , peer state peer .","The WebVPN failover subsystem transitions from one state to another state based on the event notified by the core HA component. The incoming event, the new state of the local Secure Firewall Threat Defense device, and the new state of the failover peer are being reported. device",None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-6-721004,721004,(device ) Create access list list_name on standby unit.,%FTD-6-721004: (device ) Create access list list_name on standby unit.,A WebVPN-specific access list is replicated from the active unit to the standby unit. A successful installation of the WebVPN access list on the standby unit has occurred.,None provided.,6,Informational,15,vpn,webvpn_failover
+%FTD-6-721005,721005,(device ) Fail to create access list list_name on standby unit.,%FTD-6-721005: (device ) Fail to create access list list_name on standby unit.,"When a WebVPN-specific access list is installed on the active unit, a copy is installed on the standby unit. The access list failed to be installed on the standby unit. The access list may have existed on the standby unit already. device","Use the show access-list command on both the active and standby units. Compare the content of the output and determine whether there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.",6,Informational,25,vpn,webvpn_failover
+%FTD-6-721006,721006,(device ) Update access list list_name on standby unit.,%FTD-6-721006: (device ) Update access list list_name on standby unit.,The content of the access list has been updated on the standby unit. device,None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-4-721007,721007,(device ) Fail to update access list list_name on standby unit.,%FTD-4-721007: (device ) Fail to update access list list_name on standby unit.,An error occurred while the standby unit tried to update a WebVPN-specific access list. The access list cannot be located on the standby unit. device,"Use a show access-list command on both the active and standby units. Compare the content of the output and determine whether or not there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.",4,Warning,45,vpn,webvpn_failover
+%FTD-6-721008,721008,(device ) Delete access list list_name on standby unit.,%FTD-6-721008: (device ) Delete access list list_name on standby unit.,None provided.,None provided.,6,Informational,15,vpn,webvpn_failover
+%FTD-6-721009,721009,(device ) Fail to delete access list list_name on standby unit.,%FTD-6-721009: (device ) Fail to delete access list list_name on standby unit.,"When a WebVPN-specific access list is removed on the active unit, a message is sent to the standby unit requesting the same access list be removed. An error condition occurred when an attempt was made to remove the corresponding access list on the standby unit. The access list did not exist on the standby unit. device","Use a show access-list command on both the active and standby units. Compare the content of the output and determine whether there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.",6,Informational,15,vpn,webvpn_failover
+%FTD-6-721010,721010,"(device ) Add access list rule list_name , line line_no on standby unit.","%FTD-6-721010: (device ) Add access list rule list_name , line line_no on standby unit.","When an access list rule is added to the active unit, the same rule is added on the standby unit. A new access list rule was added successfully on the standby unit. device",None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-4-721011,721011,"(device ) Fail to add access list rule list_name , line line_no on standby unit.","%FTD-4-721011: (device ) Fail to add access list rule list_name , line line_no on standby unit.","When an access list rule is added to the active unit, an attempt is made to add the same access list rule to the standby unit. An error occurred when an attempt is made to add a new access list rule to the standby unit. The same access list rule may exist on the standby unit. device",None provided.,4,Warning,45,vpn,webvpn_failover
+%FTD-6-721012,721012,(device ) Enable APCF XML file file_name on the standby unit.,%FTD-6-721012: (device ) Enable APCF XML file file_name on the standby unit.,"When an APCF XML file is installed on the active unit, an attempt is made to install the same file on the standby unit. An APCF XML file was installed successfully on the standby unit. Use the dir command on the standby unit to show that the XML file exists in the flash file system. device",None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-4-721013,721013,(device ) Fail to enable APCF XML file file_name on the standby unit.,%FTD-4-721013: (device ) Fail to enable APCF XML file file_name on the standby unit.,"When an APCF XML file is installed on the active unit, an attempt is made to install the same file on the standby unit. An APCF XML file failed to install on the standby unit. device","Use a dir command on both the active and standby unit. Compare the directory listing and determine if there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.",4,Warning,55,vpn,webvpn_failover
+%FTD-6-721014,721014,(device ) Disable APCF XML file file_name on the standby unit.,%FTD-6-721014: (device ) Disable APCF XML file file_name on the standby unit.,"When an APCF XML file is removed on the active unit, an attempt is made to remove the same file on the standby unit. An APCF XML file was removed from the standby unit successfully. device",None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-4-721015,721015,(device ) Fail to disable APCF XML file file_name on the standby unit.,%FTD-4-721015: (device ) Fail to disable APCF XML file file_name on the standby unit.,None provided.,None provided.,4,Warning,45,vpn,webvpn_failover
+%FTD-6-721016,721016,"(device ) WebVPN session for client user user_name , IP version ip_address has been created.","%FTD-6-721016: (device ) WebVPN session for client user user_name , IP version ip_address has been created.",A remote WebVPN user has logged in successfully and the login information has been installed on the standby unit. device,None required.,6,Informational,5,vpn,webvpn_failover
+%FTD-4-721017,721017,"(device ) Fail to create WebVPN session for user user_name , IP ip_address .","%FTD-4-721017: (device ) Fail to create WebVPN session for user user_name , IP ip_address .","When a WebVPN user logs in to the active unit, the login information is replicated to the standby unit. An error occurred while replicating the login information to the standby unit. device","Use the show vpn-sessiondb detail webvpn command for a regular WebVPN user, or the show vpn-sessiondb detail svc command for a WebVPN SVC user on both the active and standby units. Compare the entries and determine whether the same user session record appears on both Secure Firewall Threat Defense devices. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.",4,Warning,45,vpn,webvpn_failover
+%FTD-6-721018,721018,"(device ) WebVPN session for client user user_name , IP ip_address has been deleted.","%FTD-6-721018: (device ) WebVPN session for client user user_name , IP ip_address has been deleted.",None provided.,None provided.,6,Informational,15,vpn,webvpn_failover
+%FTD-4-721019,721019,"(device ) Fail to delete WebVPN session for client user user_name , IP ip_address .","%FTD-4-721019: (device ) Fail to delete WebVPN session for client user user_name , IP ip_address .","When a WebVPN user logs out on the active unit, a logout message is sent to the standby unit to remove the user session from the standby unit. An error occurred when an attempt was made to remove a WebVPN user record from the standby unit. device","Use the show vpn-sessiondb detail webvpn command for a regular WebVPN user, or the show vpn-sessiondb detail svc command for a WebVPN SVC user on both the active and standby units. Check whether there is any discrepancy. Resynchronize the standby unit, if needed, by using the write standby command on the active unit.",4,Warning,45,vpn,webvpn_failover
+%FTD-4-722001,722001,IP IP_address Error parsing SVC connect request.,%FTD-4-722001: IP IP_address Error parsing SVC connect request.,The request from the SVC was invalid.,"Research as necessary to determine if this error was caused by a defect in the SVC, an incompatible SVC version, or an attack against the device.",4,Warning,75,vpn,ssl_vpn_client
+%FTD-4-722002,722002,IP IP_address Error consolidating SVC connect request.,%FTD-4-722002: IP IP_address Error consolidating SVC connect request.,There is not enough memory to perform the action.,"Purchase more memory, upgrade the device, or reduce the load on the device.",4,Warning,55,vpn,ssl_vpn_client
+%FTD-4-722003,722003,IP IP_address Error authenticating SVC connect request.,%FTD-4-722003: IP IP_address Error authenticating SVC connect request.,The user took too long to download and connect.,Increase the timeouts for session idle and maximum connect time.,4,Warning,55,vpn,ssl_vpn_client
+%FTD-4-722004,722004,Group group User user-name IP IP_address Error responding to SVC connect request.,%FTD-4-722004: Group group User user-name IP IP_address Error responding to SVC connect request.,There is not enough memory to perform the action.,"Purchase more memory, upgrade the device, or reduce the load on the device.",4,Warning,55,vpn,ssl_vpn_client
+%FTD-5-722005,722005,Group group User user-name IP IP_address Unable to update session information for SVC connection.,%FTD-5-722005: Group group User user-name IP IP_address Unable to update session information for SVC connection.,There is not enough memory to perform the action.,"Purchase more memory, upgrade the device, or reduce the load on the device.",5,Notification,45,vpn,ssl_vpn_client
+%FTD-5-722006,722006,Group group User user-name IP ip_address Invalid address ip_address assigned to SVC connection.,%FTD-5-722006: Group group User user-name IP ip_address Invalid address ip_address assigned to SVC connection.,An invalid address was assigned to the user.,"Verify and correct the address assignment, if possible. Otherwise, notify your network administrator or escalate this issue according to your security policy. For additional assistance, contact the Cisco TAC.",5,Notification,45,vpn,ssl_vpn_client
+%FTD-3-722007,722007,Group group User user-name IP IP_address SVC Message: type-num/EMERGENCY: message.,%FTD-3-722007: Group group User user-name IP IP_address SVC Message: type-num/EMERGENCY: message.,"The SVC issued a message. - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused",None required.,3,Error,5,vpn,ssl_vpn_client
+%FTD-3-722008,722008,Group group User user-name IP IP_address SVC Message: type-num/ALERT: message.,%FTD-3-722008: Group group User user-name IP IP_address SVC Message: type-num/ALERT: message.,None provided.,None provided.,3,Error,65,vpn,ssl_vpn_client
+%FTD-3-722009,722009,Group group User user-name IP IP_address SVC Message: type-num/CRITICAL: message.,%FTD-3-722009: Group group User user-name IP IP_address SVC Message: type-num/CRITICAL: message.,"The SVC issued a message. - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused",None required.,3,Error,5,vpn,ssl_vpn_client
+%FTD-5-722010,722010,Group group User user-name IP IP_address SVC Message: type-num/ERROR: message.,%FTD-5-722010: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message.,"The SVC issued a message. - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused",None required.,5,Notification,5,vpn,ssl_vpn_client
+%FTD-5-722011,722011,Group group User user-name IP IP_address SVC Message: type-num/WARNING: message.,%FTD-5-722011: Group group User user-name IP IP_address SVC Message: type-num/WARNING: message.,"The SVC issued a message. - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused",None required.,5,Notification,5,vpn,ssl_vpn_client
+%FTD-5-722012,722012,Group group User user-name IP IP_address SVC Message: type-num/NOTICE: message.,%FTD-5-722012: Group group User user-name IP IP_address SVC Message: type-num/NOTICE: message.,"The SVC issued a message. - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused",None required.,5,Notification,5,vpn,ssl_vpn_client
+%FTD-6-722013,722013,Group group User user-name IP IP_address SVC Message: type-num/INFO: message.,%FTD-6-722013: Group group User user-name IP IP_address SVC Message: type-num/INFO: message.,The SVC issued a message. - 0—Normal - 16—Logout - 17—Closed due to error - 18—Closed due to rekey,None provided.,6,Informational,15,vpn,ssl_vpn_client
+%FTD-6-722014,722014,Group group User user-name IP IP_address SVC Message: type-num/DEBUG: message.,%FTD-6-722014: Group group User user-name IP IP_address SVC Message: type-num/DEBUG: message.,"The SVC issued a message. - 0—Normal. - 16—Logout - 17—Closed due to error - 18—Closed due to rekey - 1-15, 19-31—Reserved and unused",None required.,6,Informational,5,vpn,ssl_vpn_client
+%FTD-4-722015,722015,Group group User user-name IP IP_address Unknown SVC frame type: type-num,%FTD-4-722015: Group group User user-name IP IP_address Unknown SVC frame type: type-num,"The SVC sent an invalid frame type to the device, which might be caused by an SVC version incompatibility.",Verify the SVC version.,4,Warning,65,vpn,ssl_vpn_client
+%FTD-4-722016,722016,Group group User user-name IP IP_address Bad SVC frame length: length expected: expected-length,%FTD-4-722016: Group group User user-name IP IP_address Bad SVC frame length: length expected: expected-length,"The expected amount of data was not available from the SVC, which might be caused by an SVC version incompatibility.",Verify the SVC version.,4,Warning,55,vpn,ssl_vpn_client
+%FTD-4-722017,722017,"Group group User user-name IP ip_address Bad SVC framing: xx.2Xxx.2Xxx.2X>, reserved: xx","%FTD-4-722017: Group group User user-name IP ip_address Bad SVC framing: xx.2Xxx.2Xxx.2X>, reserved: xx",None provided.,None provided.,4,Warning,45,vpn,ssl_vpn_client
+%FTD-4-722018,722018,"Group group User user-name IP IP_address Bad SVC protocol version: version, expected: expected","%FTD-4-722018: Group group User user-name IP IP_address Bad SVC protocol version: version, expected: expected","The SVC sent a version unknown to the device, which might be caused by an SVC version incompatibility.",Verify the SVC version.,4,Warning,55,vpn,ssl_vpn_client
+%FTD-4-722019,722019,Group group User user-name IP IP_address Not enough data for an SVC header: length,%FTD-4-722019: Group group User user-name IP IP_address Not enough data for an SVC header: length,"The expected amount of data was not available from the SVC, which might be caused by an SVC version incompatibility.",Verify the SVC version.,4,Warning,55,vpn,ssl_vpn_client
+%FTD-3-722020,722020,TunnelGroup tunnel_group GroupPolicy group_policy User user-name IP IP_address No address available for SVC connection,%FTD-3-722020: TunnelGroup tunnel_group GroupPolicy group_policy User user-name IP IP_address No address available for SVC connection,Address assignment failed for the AnyConnect session. No IP addresses are available.,Check the configuration listed in the ip local ip command to see if enough addresses exist in the pools that have been assigned to the tunnel group and the group policy. Check the DHCP configuration and status. Check the address assignment configuration. Enable IPAA syslog messages to determine why the AnyConnect client cannot obtain an IP address.,3,Error,75,vpn,ssl_vpn_client
+%FTD-5-722028,722028,Group group User user-name IP IP_address Stale SVC connection closed.,%FTD-5-722028: Group group User user-name IP IP_address Stale SVC connection closed.,An unused SVC connection was closed.,"None required. However, the client may be having trouble connecting if multiple connections are established. The SVC log should be examined.",5,Notification,5,vpn,ssl_vpn_client
+%FTD-7-722029,722029,"Group group User user-name IP IP_address SVC Session Termination: Conns: connections, DPD Conns: DPD_conns, Comp resets: compression_resets, Dcmp resets: decompression_resets.","%FTD-7-722029: Group group User user-name IP IP_address SVC Session Termination: Conns: connections, DPD Conns: DPD_conns, Comp resets: compression_resets, Dcmp resets: decompression_resets.","The number of connections, reconnections, and resets that have occurred are reported. If connections is greater than 1 or the number of DPD_conns, compression_resets, or decompression_resets is greater than 0, it may indicate network reliability problems, which may be beyond the control of the Secure Firewall Threat Defense administrator. If there are many connections or DPD connections, the user may be having problems connecting and may experience poor performance.",The SVC log should be examined. You may want to research and take appropriate action to resolve possible network reliability problems.,7,Debugging,5,vpn,ssl_vpn_client
+%FTD-7-722030,722030,"Group group User user-name IP IP_address SVC Session Termination: In: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.","%FTD-7-722030: Group group User user-name IP IP_address SVC Session Termination: In: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.",End-of-session statistics are being recorded.,None required.,7,Debugging,25,vpn,ssl_vpn_client
+%FTD-7-722031,722031,"Group group User user-name IP IP_address SVC Session Termination: Out: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.","%FTD-7-722031: Group group User user-name IP IP_address SVC Session Termination: Out: data_bytes (+ctrl_bytes) bytes, data_pkts (+ctrl_pkts) packets, drop_pkts drops.","End-of-session statistics are being recorded. The statistics include data bytes, control packet bytes, data packets, control packets, and dropped packets.",None provided.,7,Debugging,25,vpn,ssl_vpn_client
+%FTD-5-722032,722032,Group <group> User <user_name> IP <ip_address> New TCP|UDP SVC connection replacing old connection.,%FTD-5-722032: Group <group> User <user_name> IP <ip_address> New TCP|UDP SVC connection replacing old connection.,A new SVC connection is replacing an existing one. You may be having trouble connecting.,Examine the SVC log.,5,Notification,25,vpn,ssl_vpn_client
+%FTD-5-722033,722033,Group <group> User <user_name> IP <ip_address> First TCP|UDP SVC connection established for SVC session.,%FTD-5-722033: Group <group> User <user_name> IP <ip_address> First TCP|UDP SVC connection established for SVC session.,The first SVC connection was established for the SVC session.,None required.,5,Notification,5,vpn,ssl_vpn_client
+%FTD-5-722034,722034,"Group <group> User <user_name> IP <ip_address> New TCP|UDP SVC connection, no existing connection.","%FTD-5-722034: Group <group> User <user_name> IP <ip_address> New TCP|UDP SVC connection, no existing connection.",A reconnection attempt has occurred. An SVC connection is replacing a previously closed connection. There is no existing connection for this session because the connection was already dropped by the SVC or the Secure Firewall Threat Defense device. You may be having trouble connecting.,None provided.,5,Notification,45,vpn,ssl_vpn_client
+%FTD-3-722035,722035,Group group User user-name IP IP_address Received large packet length (threshold num).,%FTD-3-722035: Group group User user-name IP IP_address Received large packet length (threshold num).,A large packet was received from the client.,Enter the anyconnect ssl df-bit-ignore enable command under the group policy to allow the Secure Firewall Threat Defense device to fragment the packets arriving with the DF bit set.,3,Error,65,vpn,ssl_vpn_client
+%FTD-6-722036,722036,Group group User user-name IP IP_address Transmitting large packet length (threshold num).,%FTD-6-722036: Group group User user-name IP IP_address Transmitting large packet length (threshold num).,A large packet was sent to the client. The source of the packet may not be aware of the MTU of the client. This could also be due to compression of non-compressible data.,"Turn off SVC compression, otherwise, none required.",6,Informational,5,vpn,ssl_vpn_client
+%FTD-5-722037,722037,Group group User user-name IP ip_address SVC closing connection: reason.,%FTD-5-722037: Group group User user-name IP ip_address SVC closing connection: reason.,"An SVC connection was terminated for the given reason. This behavior may be normal, or you may be having trouble connecting.",Examine the SVC log.,5,Notification,25,vpn,ssl_vpn_client
+%FTD-5-722038,722038,Group group User name IP user-name SVC terminating session: reason.,%FTD-5-722038: Group group User name IP user-name SVC terminating session: reason.,"An SVC session was terminated for the given reason. This behavior may be normal, or you may be having trouble connecting.",Examine the SVC log if the reason for termination was unexpected.,5,Notification,25,vpn,ssl_vpn_client
+%FTD-4-722041,722041,TunnelGroup tunnel_group GroupPolicy group_policy User username IP peer_address No IPv6 address available for SVC connection,%FTD-4-722041: TunnelGroup tunnel_group GroupPolicy group_policy User username IP peer_address No IPv6 address available for SVC connection,An IPv6 address was not available for assignment to the remote SVC client.,"Augment or create an IPv6 address pool, if desired.",4,Warning,45,vpn,ssl_vpn_client
+%FTD-4-722042,722042,Group group User user IP ip Invalid Cisco SSL Tunneling Protocol version,%FTD-4-722042: Group group User user IP ip Invalid Cisco SSL Tunneling Protocol version,An invalid SVC or AnyConnect client is trying to connect.,Validate that the SVC or AnyConnect client is compatible with the Secure Firewall Threat Defense device.,4,Warning,55,vpn,ssl_vpn_client
+%FTD-5-722043,722043,Group group User user IP ip DTLS disabled: unable to negotiate cipher,%FTD-5-722043: Group group User user IP ip DTLS disabled: unable to negotiate cipher,The DTLS (UDP transport) cannot be established. The SSL encryption configuration was probably changed.,"Revert the SSL encryption configuration. Make sure there is at least one block cipher (AES, DES, or 3DES) in the SSL encryption configuration.",5,Notification,35,vpn,ssl_vpn_client
+%FTD-5-722044,722044,Group group User user IP ip Unable to request IPvver address for SSL tunnel,%FTD-5-722044: Group group User user IP ip Unable to request IPvver address for SSL tunnel,An IP address cannot be requested because of low memory on the Secure Firewall Threat Defense device.,Reduce the load on the Secure Firewall Threat Defense device or add more memory.,5,Notification,35,vpn,ssl_vpn_client
+%FTD-3-722045,722045,Connection terminated: no SSL tunnel initialization data,%FTD-3-722045: Connection terminated: no SSL tunnel initialization data,Data to establish a connection is missing. This is a defect in the Secure Firewall Threat Defense software.,Contact the Cisco TAC for assistance.,3,Error,65,vpn,ssl_vpn_client
+%FTD-3-722046,722046,Group group User user IP ip Session terminated: Unable to establish tunnel,%FTD-3-722046: Group group User user IP ip Session terminated: Unable to establish tunnel,The Secure Firewall Threat Defense device cannot set up connection parameters. This is a defect in the Secure Firewall Threat Defense software.,Contact the Cisco TAC for assistance.,3,Error,75,vpn,ssl_vpn_client
+%FTD-4-722047,722047,Group group User user IP ip Tunnel terminated: SVC not enabled or invalid SVC image on the ASA,%FTD-4-722047: Group group User user IP ip Tunnel terminated: SVC not enabled or invalid SVC image on the ASA,"The user logged in via the web browser and tried to start the SVC or AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The tunnel connection has been terminated, but the clientless connection remains.",Enable the SVC globally using the svc enable command. Validate the integrity of versions of the SVC images by reloading new images using the svc image command.,4,Warning,75,vpn,ssl_vpn_client
+%FTD-4-722048,722048,Group group User user IP ip Tunnel terminated: SVC not enabled for the user,%FTD-4-722048: Group group User user IP ip Tunnel terminated: SVC not enabled for the user,"The user logged in via the web browser, and tried to start the SVC or AnyConnect client. The SVC service is not enabled for this user. The tunnel connection has been terminated, but the clientless connection remains.",Enable the service for this user using the group-policy and username commands.,4,Warning,45,vpn,ssl_vpn_client
+%FTD-4-722049,722049,Group group User user IP ip Session terminated: SVC not enabled or invalid SVC image on the ASA,%FTD-4-722049: Group group User user IP ip Session terminated: SVC not enabled or invalid SVC image on the ASA,"The user logged in via the AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The session connection has been terminated.",Enable the SVC globally using the svc-enable command. Validate the integrity and versions of the SVC images by reloading new images using the svc image command.,4,Warning,75,vpn,ssl_vpn_client
+%FTD-4-722050,722050,Group group User user IP ip Session terminated: SVC not enabled for the user,%FTD-4-722050: Group group User user IP ip Session terminated: SVC not enabled for the user,The user logged in through the AnyConnect client. The SVC service is not enabled for this user. The session connection has been terminated.,Enable the service for this user using the group-policy and username commands.,4,Warning,45,vpn,ssl_vpn_client
+%FTD-6-722051,722051,Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 address assigned-ip assigned to session,%FTD-6-722051: Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 address assigned-ip assigned to session,The specified address has been assigned to the given user.,None required.,6,Informational,5,vpn,ssl_vpn_client
+%FTD-6-722053,722053,Group g User u IP ip Unknown client user-agent connection,%FTD-6-722053: Group g User u IP ip Unknown client user-agent connection,An unknown or unsupported SSL VPN client has connected to the Secure Firewall Threat Defense device. Older clients include the Cisco SVC and the Cisco AnyConnect client earlier than Version 2.3.1.,None provided.,6,Informational,15,vpn,ssl_vpn_client
+%FTD-4-722054,722054,Group group_policy User user_name IP remote_IP SVC terminating connection: Failed to install Redirect URL: redirect_URL Redirect ACL: non_exist for assigned_IP.,%FTD-4-722054: Group group_policy User user_name IP remote_IP SVC terminating connection: Failed to install Redirect URL: redirect_URL Redirect ACL: non_exist for assigned_IP.,"An error occurred for an AnyConnect VPN connection when a redirect URL was installed, and the ACL was received from the ISE, but the redirect ACL does not exist on the Secure Firewall Threat Defense device.",Configure the redirect ACL on the Secure Firewall Threat Defense device.,4,Warning,55,vpn,ssl_vpn_client
+%FTD-6-722055,722055,Group group-policy User username IP public-ip Client Type: user-agent,%FTD-6-722055: Group group-policy User username IP public-ip Client Type: user-agent,The indicated user is attempting to connect with the given user-agent. version and host operating system for AnyConnect clients.,None required.,6,Informational,5,vpn,ssl_vpn_client
+%FTD-4-722056,722056,Unsupported AnyConnect client connection rejected from ip address. Client info: user-agent string. Reason: reason,%FTD-4-722056: Unsupported AnyConnect client connection rejected from ip address. Client info: user-agent string. Reason: reason,This syslog indicates that an AnyConnect client connection is rejected. The reason for this is provided in the syslog along with the client information. and host operating system for AnyConnect clients,Use the client information and reason provided in the syslog to resolve the issue.,4,Warning,45,vpn,ssl_vpn_client
+%FTD-4-722057,722057,Group group policy User username IP client IP SVC terminating connection: Failed to bind SGT tag with assigned IP: assigned IP.,%FTD-4-722057: Group group policy User username IP client IP SVC terminating connection: Failed to bind SGT tag with assigned IP: assigned IP.,"When the device fails to bind a Security Group Tag (SGT) to the assigned IP address during remote access VPN authentication, this message is generated. The syslog message provides information that helps to identify when an SGT binding error occurs, along with specific user, group, and IP information, making it much easier to diagnose and resolve related issues.",Use the client information and reason provided in the syslog to resolve the issue.,4,Warning,55,vpn,ssl_vpn_client
+%FTD-6-723001,723001,Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is up.,%FTD-6-723001: Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is up.,The Citrix connection is up.,None required.,6,Informational,5,vpn,citrix_client
+%FTD-6-723002,723002,Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is down.,%FTD-6-723002: Group group-name User user-name IP IP_address WebVPN Citrix ICA connection connection is down.,The Citrix connection is down.,"No action is required when the Citrix ICA connection is terminated intentionally by the client, the server, or the Secure Firewall Threat Defense administrator. However, if this is not the case, verify that the WebVPN session in which the Citrix ICA connection is set up is still active. If it is inactive, then receiving this message is normal. If the WebVPN session is still active, verify that the ICA client and Citrix server both work correctly and that there is no error displayed. If not, bring either or both up or respond to any error. If this message is still received, contact the Cisco TAC and provide the following information:",6,Informational,25,vpn,citrix_client
+%FTD-7-723003,723003,No memory for WebVPN Citrix ICA connection connection.,%FTD-7-723003: No memory for WebVPN Citrix ICA connection connection.,The Secure Firewall Threat Defense device is running out of memory. The Citrix connection was rejected.,"Verify that the Secure Firewall Threat Defense device is working correctly. Pay special attention to memory and buffer usage. If the Secure Firewall Threat Defense device is under heavy load, buy more memory and upgrade the Secure Firewall Threat Defense device or reduce the load on the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,citrix_client
+%FTD-7-723004,723004,WebVPN Citrix encountered bad flow control flow.,%FTD-7-723004: WebVPN Citrix encountered bad flow control flow.,"The Secure Firewall Threat Defense device encountered an internal flow control mismatch, which can be caused by massive data flow, such as might occur during stress testing or with a high volume of ICA connections.","Reduce ICA connectivity to the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,citrix_client
+%FTD-7-723005,723005,No channel to set up WebVPN Citrix ICA connection.,%FTD-7-723005: No channel to set up WebVPN Citrix ICA connection.,The Secure Firewall Threat Defense device was unable to create a new channel for Citrix.,"Verify that the Citrix ICA client and the Citrix server are still alive. If not, bring them back up and retest. Check the Secure Firewall Threat Defense device load, paying special attention to memory and buffer usage. If the Secure Firewall Threat Defense device is under heavy load, upgrade the Secure Firewall Threat Defense device, add memory, or reduce the load. If the problem persists, contact the Cisco TAC.",7,Debugging,25,vpn,citrix_client
+%FTD-7-723006,723006,WebVPN Citrix SOCKS errors.,%FTD-7-723006: WebVPN Citrix SOCKS errors.,An internal Citrix SOCKS error has occurred on the Secure Firewall Threat Defense device.,"Verify that the Citrix ICA client is working correctly. In addition, check the network connection status between the Citrix ICA client and the Secure Firewall Threat Defense device, paying attention to packet loss. Resolve any abnormal network conditions. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,citrix_client
+%FTD-7-723007,723007,WebVPN Citrix ICA connection connection list is broken.,%FTD-7-723007: WebVPN Citrix ICA connection connection list is broken.,The Secure Firewall Threat Defense device internal Citrix connection list is broken.,"Verify that the Secure Firewall Threat Defense device is working correctly, paying special attention to memory and buffer usage. If the Secure Firewall Threat Defense device is under heavy load, upgrade the Secure Firewall Threat Defense device, add memory, or reduce the load. If the problem persists, contact the Cisco TAC.",7,Debugging,15,vpn,citrix_client
+%FTD-7-723008,723008,WebVPN Citrix ICA SOCKS Server server is invalid.,%FTD-7-723008: WebVPN Citrix ICA SOCKS Server server is invalid.,An attempt was made to access a Citrix Socks server that does not exist.,"Verify that the Secure Firewall Threat Defense device is working correctly. Note whether or not there is any memory or buffer leakage. If this issue occurs frequently, capture information about memory usage, network topology, and the conditions during which this message is received. Send this information to the Cisco TAC for review. Make sure that the WebVPN session is still up while this message is being received. If not, determine the reason that the WebVPN session is down. If the Secure Firewall Threat Defense device is under heavy load, upgrade the Secure Firewall Threat Defense device, add memory, or reduce the load. If the problem persists, contact the Cisco TAC.",7,Debugging,25,vpn,citrix_client
+%FTD-7-723009,723009,Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection connection.,%FTD-7-723009: Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection connection.,Data was received on a Citrix connection that does not exist.,"The original published Citrix application connection was probably terminated, and the remaining active published applications lost connectivity. Restart all published applications to generate a new Citrix ICA tunnel. If the Secure Firewall Threat Defense device is under heavy load, upgrade the Secure Firewall Threat Defense device, add memory, or reduce the load. If the problem persists, contact the Cisco TAC.",7,Debugging,25,vpn,citrix_client
+%FTD-7-723010,723010,Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection channel.,%FTD-7-723010: Group group-name User user-name IP IP_address WebVPN Citrix received data on invalid connection channel.,None provided.,None provided.,7,Debugging,15,vpn,citrix_client
+%FTD-7-723011,723011,Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message length msg-length. Expected length is exp-msg-length.,%FTD-7-723011: Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message length msg-length. Expected length is exp-msg-length.,The Citrix SOCKS message length is incorrect.,"Verify that the Citrix ICA client is working correctly. In addition, check the network connection status between the ICA client and the Secure Firewall Threat Defense device, paying attention to packet loss. After resolving any abnormal network conditions, if the problem still exists, contact the Cisco TAC.",7,Debugging,15,vpn,citrix_client
+%FTD-7-723012,723012,Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message format.,%FTD-7-723012: Group group-name User user-name IP IP_address WebVPN Citrix received bad SOCKS socks message format.,The Citrix SOCKS message format is incorrect.,"Verify that the Citrix ICA client is working correctly. In addition, check the network connection status between the ICA client and the Secure Firewall Threat Defense device, paying attention to packet loss. After resolving any abnormal network conditions, if the problem still exists, contact the Cisco TAC.",7,Debugging,15,vpn,citrix_client
+%FTD-7-723013,723013,WebVPN Citrix encountered invalid connection connection during periodic timeout.,%FTD-7-723013: WebVPN Citrix encountered invalid connection connection during periodic timeout.,"The Secure Firewall Threat Defense internal Citrix timer has expired, and the Citrix connection is invalid.",None provided.,7,Debugging,15,vpn,citrix_client
+%FTD-7-723014,723014,Group group-name User user-name IP IP_address WebVPN Citrix TCP connection connection to server server on channel channel initiated.,%FTD-7-723014: Group group-name User user-name IP IP_address WebVPN Citrix TCP connection connection to server server on channel channel initiated.,The Secure Firewall Threat Defense internal Citrix Secure Gateway is connected to the Citrix server.,None required.,7,Debugging,5,vpn,citrix_client
+%FTD-4-724001,724001,Group group-name User user-name IP IP_address WebVPN session not allowed. Unable to determine if Secure Desktop software was running on the client's workstation.,%FTD-4-724001: Group group-name User user-name IP IP_address WebVPN session not allowed. Unable to determine if Secure Desktop software was running on the client's workstation.,The session was not allowed because an error occurred during processing of the CSD Host Integrity Check results on the Secure Firewall Threat Defense device.,Determine whether the client firewall is truncating long URLs. Uninstall CSD from the client and reconnect to the Secure Firewall Threat Defense device.,4,Warning,55,vpn,secure_desktop
+%FTD-4-724002,724002,Group group-name User user-name IP IP_address WebVPN session not terminated. Secure Desktop was not running on the client's workstation.,%FTD-4-724002: Group group-name User user-name IP IP_address WebVPN session not terminated. Secure Desktop was not running on the client's workstation.,CSD is not running on the client machine.,None provided.,4,Warning,45,vpn,secure_desktop
+%FTD-6-725001,725001,Starting SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol session,%FTD-6-725001: Starting SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol session,"The SSL handshake has started with the remote device, which can be a client or server.",None required.,6,Informational,5,vpn,ssl_stack
+%FTD-6-725002,725002,Device completed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol-version session,%FTD-6-725002: Device completed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol-version session,The SSL handshake has completed successfully with the remote device. TLSv1.2,None required.,6,Informational,5,vpn,ssl_stack
+%FTD-6-725003,725003,SSL client peer-type:interface/src-ip to src-port/dst-ip request to resume previous session,%FTD-6-725003: SSL client peer-type:interface/src-ip to src-port/dst-ip request to resume previous session,The remote device is trying to resume a previous SSL session.,None required.,6,Informational,5,vpn,ssl_stack
+%FTD-6-725004,725004,Device requesting certificate from SSL client peer-type:interface/src-ip to src-port/dst-ip for authentication,%FTD-6-725004: Device requesting certificate from SSL client peer-type:interface/src-ip to src-port/dst-ip for authentication,The Secure Firewall Threat Defense device has requested a client certificate for authentication.,None required.,6,Informational,5,vpn,ssl_stack
+%FTD-6-725005,725005,SSL server peer-type:interface/src-ip to src-port/dst-ip requesting our device certificate for authentication,%FTD-6-725005: SSL server peer-type:interface/src-ip to src-port/dst-ip requesting our device certificate for authentication,The server has requested the certificate of the Secure Firewall Threat Defense device for authentication.,None required.,6,Informational,5,vpn,ssl_stack
+%FTD-6-725006,725006,Device failed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port,%FTD-6-725006: Device failed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port,The SSL handshake with the remote device has failed.,"Look for syslog message 725014, which indicates the reason for the failure.",6,Informational,25,vpn,ssl_stack
+%FTD-6-725007,725007,SSL session with peer-type interface:src-ip/src-port to dst-ip/dst-port terminated,%FTD-6-725007: SSL session with peer-type interface:src-ip/src-port to dst-ip/dst-port terminated,The SSL session has terminated.,None required.,6,Informational,5,vpn,ssl_stack
+%FTD-7-725008,725008,SSL client peer-type:interface/src-ip to src-port/dst-ip proposes the following dst-port cipher(s),%FTD-7-725008: SSL client peer-type:interface/src-ip to src-port/dst-ip proposes the following dst-port cipher(s),The number of ciphers proposed by the remote SSL device are listed.,None required.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725009,725009,Device proposes the following n cipher(s) to server interface:src-ip/src_port to dst_ip/dst_port,%FTD-7-725009: Device proposes the following n cipher(s) to server interface:src-ip/src_port to dst_ip/dst_port,The number of ciphers proposed to the SSL server are listed.,None required.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725010,725010,Device supports the following n cipher(s),%FTD-7-725010: Device supports the following n cipher(s),The number of ciphers supported by the Secure Firewall Threat Defense device for an SSL session are listed.,None required.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725011,725011,Cipher[order] : cipher_name,%FTD-7-725011: Cipher[order] : cipher_name,"Always following messages 725008, 725009, and 725010, this message indicates the cipher name and its order of preference.",None required.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725012,725012,Device chooses cipher cipher for the SSL session with client peer-type:interface/src-ip to src-port/dst-ip,%FTD-7-725012: Device chooses cipher cipher for the SSL session with client peer-type:interface/src-ip to src-port/dst-ip,The cipher that was chosen by the Cisco device for the SSL session is listed.,None required.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725013,725013,SSL server interface:src-ip/src-port to dst-ip/dst-port chooses cipher cipher,%FTD-7-725013: SSL server interface:src-ip/src-port to dst-ip/dst-port chooses cipher cipher,The cipher that was chosen by the server for the SSL session is identified.,None provided.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725014,725014,SSL lib error. Function: function Reason: reason,%FTD-7-725014: SSL lib error. Function: function Reason: reason,The reason for failure of the SSL handshake is indicated.,Include this message when reporting any SSL-related issue to the Cisco TAC.,7,Debugging,15,vpn,ssl_stack
+%FTD-3-725015,725015,Error verifying client certificate. Public key size in client certificate (actual_key_size bits) exceeds the maximum supported key size of ideal_key_size bits,%FTD-3-725015: Error verifying client certificate. Public key size in client certificate (actual_key_size bits) exceeds the maximum supported key size of ideal_key_size bits,The verification of an SSL client certificate failed because of an unsupported (large) key size.,Use client certificates with key sizes that are less than or equal to 4096 bits.,3,Error,85,vpn,ssl_stack
+%FTD-6-725016,725016,Device selects trust-point trustpoint for peer-type interface:src-ip/src-port to dst-ip/dst-port,%FTD-6-725016: Device selects trust-point trustpoint for peer-type interface:src-ip/src-port to dst-ip/dst-port,"With server-name indication (SNI), the certificate used for a given connection may not be the certificate configured on the interface. There is also no indication of which certificate trustpoint has been selected. This syslog gives an indication of the trustpoint used by the connection (given by interface :src-ip /src-port ).",None required.,6,Informational,5,vpn,ssl_stack
+%FTD-7-725017,725017,No certificates received during the handshake with s s:B/d to B/d for s session,%FTD-7-725017: No certificates received during the handshake with s s:B/d to B/d for s session,A remote client has not sent a valid certificate.,None provided.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725021,725021,Device preferring cipher-suite cipher(s). Connection info: interface :src-ip /src-port to dst-ip /dst-port,%FTD-7-725021: Device preferring cipher-suite cipher(s). Connection info: interface :src-ip /src-port to dst-ip /dst-port,The cipher suites being preferred when negotiating the handshake is listed in this message. Following is a list of prefered cipher suite strings that are used when negotiating the handshake:,None required.,7,Debugging,5,vpn,ssl_stack
+%FTD-7-725022,725022,Device skipping cipher : cipher - reason. Connection info: interface :src-ip /src-port to dst-ip /dst-port,%FTD-7-725022: Device skipping cipher : cipher - reason. Connection info: interface :src-ip /src-port to dst-ip /dst-port,This syslog displays the reason for skipping a particular cipher in a list of cipher suites when negotiating the handshake.,None provided.,7,Debugging,5,vpn,ssl_stack
+%FTD-6-725025,725025,SSL Pre-auth connection rate limit hit s watermark,%FTD-6-725025: SSL Pre-auth connection rate limit hit s watermark,"When the device reaches the rate-limit threshold for the number of pre-authenticated SSL connections. This message appears when the number of pre-authenticated SSL connections is high (90% of the limit) or when it is low (70% of the limit). The syslog is rate-limited to one syslog for every 10 seconds. In this message, s denotes high or low of the threshold limit.",Contact Cisco TAC.,6,Informational,15,vpn,ssl_stack
+%FTD-6-726001,726001,Inspected im_protocol im_service Session between Client im_client_1 Packet flow from im_client_2:/src_ifc/sip to sport:/dest_ifc/dip Action: dport action,%FTD-6-726001: Inspected im_protocol im_service Session between Client im_client_1 Packet flow from im_client_2:/src_ifc/sip to sport:/dest_ifc/dip Action: dport action,An IM inspection was performed on an IM message and the specified criteria were satisfied. The configured action is taken. or “?”,None provided.,6,Informational,15,network,session
+%FTD-4-733100,733100,"[Object] drop rate-rate_ID exceeded. Current burst rate is rate_val per second, max configured rate is rate_val; Current average rate is rate_val per second, max configured rate is rate_val; Cumulative total count is total_cnt","%FTD-4-733100: [Object] drop rate-rate_ID exceeded. Current burst rate is rate_val per second, max configured rate is rate_val; Current average rate is rate_val per second, max configured rate is rate_val; Cumulative total count is total_cnt","The specified object in the message has exceeded the specified burst threshold rate or average threshold rate. The object can be a drop activity of a host, TCP/UDP port, IP protocol, or various drops caused by potential attacks. The Secure Firewall Threat Defense device may be under attack. - Firewall - Bad pkts - Rate limit - DoS attck - ACL drop - Conn limit - ICMP attk - Scanning - SYN attck - Inspect - Interface (A citation of a particular interface object might take a number of forms. For example, you might see 80/HTTP, which would signify port 80, with the well-known protocol HTTP.) different rates for different intervals. The following three examples show how these variables occur: %Firewall Threat Defense-4-733100: [Interface] drop rate 1 exceeded. Current burst rate is 1 per second, max configured rate is 8000; Current average rate is 2030 per second, max configured rate is 2000; Cumulative total count is 3930654.”",None provided.,4,Warning,75,threat_detection,ids
+%FTD-4-733101,733101,"Object_objectIP. Current burst rate is rate_val per second, max configured rate is rate_val; Current average rate is rate_val per second, max configured rate is rate_val; Cumulative total count is total_cnt.","%FTD-4-733101: Object_objectIP. Current burst rate is rate_val per second, max configured rate is rate_val; Current average rate is rate_val per second, max configured rate is rate_val; Cumulative total count is total_cnt.","The Secure Firewall Threat Defense device detected that a specific host (or several hosts in the same 1024-node subnet) is either scanning the network (attacking), or is being scanned (targeted). The following two examples show how these variables occur: %Firewall Threat Defense-4-733101: Subnet 100.0.0.0 is targeted. Current burst rate is 200 per second, max configured rate is 0; Current average rate is 0 per second, max configured rate is 0; Cumulative total count is 2028. %Firewall Threat Defense-4-733101: Host 175.0.0.1 is attacking. Current burst rate is 200 per second, max configured rate is 0; Current average rate is 0 per second, max configured rate is 0; Cumulative total count is 2024","For the specific host or subnet, use the show threat-detection statistics host ip-address ip-mask command to check the overall situation and then adjust the threshold rate of the scanning threat to the appropriate value. After the appropriate value is determined, an optional action can be taken to shun those host attackers (not subnet attacker) by configuring the threat-detection scanning-threat shun-host command. You may specify certain hosts or object groups in the shun-host except list. For more information, see the CLI configuration guide. If scanning detection is not desirable, you can disable this feature by using the no threat-detection scanning command.",4,Warning,65,threat_detection,ids
+%FTD-4-733102,733102,Threat-detection adds host host to shun list,%FTD-4-733102: Threat-detection adds host host to shun list,"A host has been shunned by the threat detection engine. When the threat-detection scanning-threat shun command is configured, the attacking hosts will be shunned by the threat detection engine. The following message shows how this command was implemented: %Firewall Threat Defense-4-733102: Threat-detection add host 11.1.1.40 to shun list",None provided.,4,Warning,65,threat_detection,ids
+%FTD-4-733103,733103,Threat-detection removes host host from shun list,%FTD-4-733103: Threat-detection removes host host from shun list,"A host has been shunned by the threat detection engine. When you use the clear-threat-detection shun command, the specified host will be removed from the shunned list. The following message shows how this command is implemented: %Firewall Threat Defense-4-733103: Threat-detection removes host 11.1.1.40 from shun list",None required.,4,Warning,5,threat_detection,ids
+%FTD-4-733104,733104,TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Average rate of avg_rate SYNs/sec exceeded the threshold of threshold_rate.,%FTD-4-733104: TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Average rate of avg_rate SYNs/sec exceeded the threshold of threshold_rate.,"The Secure Firewall Threat Defense device is under Syn flood attack and protected by the TCP intercept mechanism, if the average rate for intercepted attacks exceeds the configured threshold. The message is showing which server is under attack and where the attacks are coming from.",Write an ACL to filter out the attacks.,4,Warning,75,threat_detection,ids
+%FTD-4-733105,733105,TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Burst rate of burst_rate SYNs/sec exceeded the threshold of threshold_rate.,%FTD-4-733105: TCP Intercept SYN flood attack detected to host_ip/host_port (real_ip/real_port). Burst rate of burst_rate SYNs/sec exceeded the threshold of threshold_rate.,"The Secure Firewall Threat Defense device is under Syn flood attack and protected by the TCP intercept mechanism, if the burst rate for intercepted attacks exceeds the configured threshold. The message is showing which server is under attack and where the attacks are coming from.",Write an ACL to filter out the attacks.,4,Warning,75,threat_detection,ids
+%FTD-6-734001,734001,"DAP: User user, Addr ipaddr, Connection connection: The following DAP records were selected for this connection: string","%FTD-6-734001: DAP: User user, Addr ipaddr, Connection connection: The following DAP records were selected for this connection: string",The DAP records that were selected for the connection are listed. - IPsec - AnyConnect - Clientless (web browser) - Cut-Through-Proxy - L2TP,None required.,6,Informational,5,vpn,dap
+%FTD-5-734002,734002,"DAP: User user, Addr ipaddr: Connection terminated by the following DAP records: string","%FTD-5-734002: DAP: User user, Addr ipaddr: Connection terminated by the following DAP records: string",The DAP records that terminated the connection are listed.,None required.,5,Notification,5,vpn,dap
+%FTD-7-734003,734003,"DAP: User name, Addr ipaddr: Session Attribute attr_name/value","%FTD-7-734003: DAP: User name, Addr ipaddr: Session Attribute attr_name/value",The AAA and endpoint session attributes that are associated with the connection are listed.,None provided.,7,Debugging,5,vpn,dap
+%FTD-3-734004,734004,DAP: Processing error: Code internal,%FTD-3-734004: DAP: Processing error: Code internal,A DAP processing error occurred.,"Enable the debug dap errors command and re-run DAP processing for further debugging information. If this does not resolve the issue, contact the Cisco TAC and provide the internal error code and any information about the conditions that generated the error.",3,Error,65,vpn,dap
+%FTD-1-735001,735001,Cooling Fan var1: OK,%FTD-1-735001: Cooling Fan var1: OK,A cooling fan has been restored to normal operation.,None required.,1,Alert,5,system,environment
+%FTD-1-735002,735002,Cooling Fan var1: Failure Detected,%FTD-1-735002: Cooling Fan var1: Failure Detected,A cooling fan has failed.,"Perform the following steps: 1. Check for obstructions that would prevent the fan from rotating. 2. Replace the cooling fan. 3. If the problem persists, record the message as it appears and contact the Cisco TAC.",1,Alert,95,system,environment
+%FTD-1-735003,735003,Power Supply var1: OK,%FTD-1-735003: Power Supply var1: OK,A power supply has been restored to normal operation.,None required.,1,Alert,5,system,environment
+%FTD-1-735004,735004,Power Supply var1: Failure Detected,%FTD-1-735004: Power Supply var1: Failure Detected,None provided.,None provided.,1,Alert,85,system,environment
+%FTD-1-735005,735005,Power Supply Unit Redundancy OK,%FTD-1-735005: Power Supply Unit Redundancy OK,Power supply unit redundancy has been restored.,None required.,1,Alert,5,system,environment
+%FTD-1-735006,735006,Power Supply Unit Redundancy Lost,%FTD-1-735006: Power Supply Unit Redundancy Lost,"A power supply failure occurred. Power supply unit redundancy has been lost, but the Secure Firewall Threat Defense device is functioning normally with minimum resources. Any further failures will result in an Secure Firewall Threat Defense device shutdown.","To regain full redundancy, perform the following steps: 1. Check for AC power failure. 2. Replace the power supply. 3. If the problem persists, record the message as it appears and contact the Cisco TAC.",1,Alert,95,system,environment
+%FTD-1-735007,735007,"CPU var1: Temp: var2 var3, Critical","%FTD-1-735007: CPU var1: Temp: var2 var3, Critical",The CPU has reached a critical temperature.,Record the message as it appears and contact the Cisco TAC.,1,Alert,75,system,environment
+%FTD-1-735008,735008,"Chassis Ambient var1: Temp: var2 var3, Critical","%FTD-1-735008: Chassis Ambient var1: Temp: var2 var3, Critical",A chassis ambient temperature sensor has reached a critical level.,Record the message as it appears and contact the Cisco TAC.,1,Alert,75,system,environment
+%FTD-2-735009,735009,Environment Monitoring has failed initialization and configuration. Environment Monitoring is not running.,%FTD-2-735009: Environment Monitoring has failed initialization and configuration. Environment Monitoring is not running.,Environment monitoring has experienced a fatal error during initialization and was unable to continue.,Collect the output of the show environment and debug ipmi commands. Record the message as it appears and contact the Cisco TAC.,2,Critical,95,system,environment
+%FTD-3-735010,735010,Environment Monitoring has failed to update one or more of its records.,%FTD-3-735010: Environment Monitoring has failed to update one or more of its records.,Environment monitoring has experienced an error that temporarily prevented it from updating one or more of its records.,"If this message appears repeatedly, collect the output from the show environment driver and debug ipmi commands. Record the message as it appears and contact the Cisco TAC.",3,Error,75,system,environment
+%FTD-1-735011,735011,Power Supply var1: Fan OK,%FTD-1-735011: Power Supply var1: Fan OK,The power supply fan has returned to a working operating state.,None required.,1,Alert,5,system,environment
+%FTD-1-735012,735012,Power Supply var1: Fan Failure Detected,%FTD-1-735012: Power Supply var1: Fan Failure Detected,The power supply fan has failed.,Contact Cisco TAC to troubleshoot the failure. Power down the unit until this failure is resolved.,1,Alert,85,system,environment
+%FTD-1-735013,735013,Voltage Channel var1: Voltage OK,%FTD-1-735013: Voltage Channel var1: Voltage OK,A voltage channel has returned to a normal operating level.,None required.,1,Alert,5,system,environment
+%FTD-1-735014,735014,Voltage Channel var1: Voltage Critical,%FTD-1-735014: Voltage Channel var1: Voltage Critical,A voltage channel has changed to a critical level.,Contact Cisco TAC to troubleshoot the failure. Power down the unit until this failure is resolved.,1,Alert,85,system,environment
+%FTD-4-735015,735015,"CPU var1: Temp: var2 var3, Warm","%FTD-4-735015: CPU var1: Temp: var2 var3, Warm",The CPU temperature is warmer than the normal operating range.,Continue to monitor this component to ensure that it does not reach a critical temperature.,4,Warning,45,system,environment
+%FTD-4-735016,735016,"Chassis Ambient var1: Temp: var2 var3, Warm","%FTD-4-735016: Chassis Ambient var1: Temp: var2 var3, Warm",The chassis temperature is warmer than the normal operating range.,Continue to monitor this component to ensure that it does not reach a critical temperature.,4,Warning,45,system,environment
+%FTD-1-735017,735017,"Power Supply var1: Temp: var2 var3, OK","%FTD-1-735017: Power Supply var1: Temp: var2 var3, OK",The power supply temperature has returned to a normal operating temperature.,None required.,1,Alert,5,system,environment
+%FTD-4-735018,735018,"Power Supply var1: Temp: var2 var3, Critical","%FTD-4-735018: Power Supply var1: Temp: var2 var3, Critical",The power supply has reached a critical operating temperature.,None provided.,4,Warning,45,system,environment
+%FTD-4-735019,735019,"Power Supply var1: Temp: var2 var3, Warm","%FTD-4-735019: Power Supply var1: Temp: var2 var3, Warm",The power supply temperature is warmer than the normal operating range.,Continue to monitor this component to ensure that it does not reach a critical temperature.,4,Warning,45,system,environment
+%FTD-1-735020,735020,"CPU var1: Temp: var2 var3, OK","%FTD-1-735020: CPU var1: Temp: var2 var3, OK",The CPU temperature has returned to the normal operating temperature.,None required.,1,Alert,5,system,environment
+%FTD-1-735021,735021,"Chassis Ambient var1: Temp: var2 var3, OK","%FTD-1-735021: Chassis Ambient var1: Temp: var2 var3, OK",The chassis temperature has returned to the normal operating temperature.,None required.,1,Alert,5,system,environment
+%FTD-1-735022,735022,CPUnum is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the CPU,%FTD-1-735022: CPUnum is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the CPU,"The Secure Firewall Threat Defense device has detected a CPU running beyond the maximum thermal operating temperature, and will shut down immediately after detection.",The chassis and CPU need to be inspected immediately for ventilation issues.,1,Alert,75,system,environment
+%FTD-2-735023,735023,device was previously shutdown due to the CPU complex running beyond the max thermal operating temperature. The chassis needs to be inspected immediately for ventilation issues,%FTD-2-735023: device was previously shutdown due to the CPU complex running beyond the max thermal operating temperature. The chassis needs to be inspected immediately for ventilation issues,"At boot time, the Secure Firewall Threat Defense device detected a shutdown that occurred because a CPU was running beyond the maximum safe operating temperature. Using the show environment command will indicate that this event has occurred.",The chassis need to be inspected immediately for ventilation issues.,2,Critical,85,system,environment
+%FTD-1-735024,735024,CPUvar1 Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues,%FTD-1-735024: CPUvar1 Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues,The IO hub temperature has returned to the normal operating temperature.,None required.,1,Alert,5,system,environment
+%FTD-1-735025,735025,var1 was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues,%FTD-1-735025: var1 was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues,The IO hub temperature has a critical temperature.,Record the message as it appears and contact the Cisco TAC.,1,Alert,75,system,environment
+%FTD-4-735026,735026,"IO Hub var1: Temp: var2 var3, OK","%FTD-4-735026: IO Hub var1: Temp: var2 var3, OK",The IO hub temperature is warmer than the normal operating range.,Continue to monitor this component to ensure that it does not reach a critical temperature.,4,Warning,45,system,environment
+%FTD-1-735027,735027,CPU cpu_num Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues.,%FTD-1-735027: CPU cpu_num Voltage Regulator is running beyond the max thermal operating temperature and the device will be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues.,"The Secure Firewall Threat Defense device has detected a CPU voltage regulator running beyond the maximum thermal operating temperature, and shuts down immediately after detection.",The chassis and CPU need to be inspected immediately for ventilation issues.,1,Alert,75,system,environment
+%FTD-2-735028,735028,ASA was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues.,%FTD-2-735028: ASA was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues.,"At boot time, the Secure Firewall Threat Defense device detected a shutdown that occurred because of a CPU voltage regulator running beyond the maximum safe operating temperature. Enter the show environment command to indicate that this event has occurred.",The chassis and CPU need to be inspected immediately for ventilation issues.,2,Critical,85,system,environment
+%FTD-1-735029,735029,IO Hub is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the circuit,%FTD-1-735029: IO Hub is running beyond the max thermal operating temperature and the device will be shutting down immediately to prevent permanent damage to the circuit,"The Secure Firewall Threat Defense device has detected that the IO hub is running beyond the maximum thermal operating temperature, and will shut down immediately after detection.",The chassis and IO hub need to be inspected immediately for ventilation issues.,1,Alert,75,system,environment
+%FTD-2-736001,736001,Unable to allocate enough memory at boot for jumbo-frame reservation. Jumbo-frame support has been disabled.,%FTD-2-736001: Unable to allocate enough memory at boot for jumbo-frame reservation. Jumbo-frame support has been disabled.,"Insufficient memory has been detected when jumbo frame support was being configured. As a result, jumbo-frame support was disabled.","Try reenabling jumbo frame support using the jumbo-frame reservation command. Save the running configuration and reboot the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.",2,Critical,95,vpn,general
+%FTD-7-737001,737001,"IPAA: Session=session, Received message 'message-type'","%FTD-7-737001: IPAA: Session=session, Received message 'message-type'",The IP address assignment process received a message.,None required.,7,Debugging,5,vpn,ip_address_assignment
+%FTD-3-737002,737002,"IPAA: Session=session, Received unknown message 'num'","%FTD-3-737002: IPAA: Session=session, Received unknown message 'num'",The IP address assignment process received a message.,None required.,3,Error,5,vpn,ip_address_assignment
+%FTD-5-737003,737003,"IPAA: Session=session, DHCP configured, no viable servers found for tunnel-group 'tunnel-group'","%FTD-5-737003: IPAA: Session=session, DHCP configured, no viable servers found for tunnel-group 'tunnel-group'",The DHCP server configuration for the given tunnel group is not valid.,Validate the DHCP configuration for the tunnel group. Make sure that the DHCP server is online.,5,Notification,25,vpn,ip_address_assignment
+%FTD-5-737004,737004,"IPAA: Session=session, DHCP configured, request failed for tunnel-group ''tunnel-group''","%FTD-5-737004: IPAA: Session=session, DHCP configured, request failed for tunnel-group ''tunnel-group''",The DHCP server configuration for the given tunnel group is not valid.,Validate the DHCP configuration for the tunnel group. Make sure that the DHCP server is online.,5,Notification,35,vpn,ip_address_assignment
+%FTD-6-737005,737005,"IPAA: Session=session, DHCP configured, request succeeded for tunnel-group 'tunnel-group'","%FTD-6-737005: IPAA: Session=session, DHCP configured, request succeeded for tunnel-group 'tunnel-group'",The DHCP server request has succeeded.,None provided.,6,Informational,15,vpn,ip_address_assignment
+%FTD-6-737006,737006,"IPAA: Session=session, Local pool request succeeded for tunnel-group 'tunnel-group'","%FTD-6-737006: IPAA: Session=session, Local pool request succeeded for tunnel-group 'tunnel-group'",The local pool request has succeeded.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-5-737007,737007,"IPAA: Session=session, Local pool request failed for tunnel-group 'tunnel-group'","%FTD-5-737007: IPAA: Session=session, Local pool request failed for tunnel-group 'tunnel-group'",The local pool request has failed. The pool assigned to the tunnel group may be exhausted.,Validate the IP local pool configuration by using the show ip local pool command.,5,Notification,35,vpn,ip_address_assignment
+%FTD-5-737008,737008,"IPAA: Session=session, tunnel-group ''tunnel-group'' not found","%FTD-5-737008: IPAA: Session=session, tunnel-group ''tunnel-group'' not found",The tunnel group was not found when trying to acquire an IP address for configuration. A software defect may cause this message to be generated.,Check the tunnel group configuration. Contact the Cisco TAC and report the issue.,5,Notification,25,vpn,ip_address_assignment
+%FTD-6-737009,737009,"IPAA: Session=session, AAA assigned address ip-address, request failed","%FTD-6-737009: IPAA: Session=session, AAA assigned address ip-address, request failed",The remote access client software requested the use of a particular address. The request to the AAA server to use this address failed. The address may be in use.,None provided.,6,Informational,25,vpn,ip_address_assignment
+%FTD-6-737010,737010,"IPAA: Session=session, AAA assigned address ip-address, succeeded","%FTD-6-737010: IPAA: Session=session, AAA assigned address ip-address, succeeded",The remote access client software requested the use of a particular address and successfully received this address.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-5-737011,737011,"IPAA: Session=session, AAA assigned address ip-address, not permitted, retrying","%FTD-5-737011: IPAA: Session=session, AAA assigned address ip-address, not permitted, retrying",The remote access client software requested the use of a particular address. The vpn-addr-assign aaa command is not configured. An alternatively configured address assignment method will be used.,"If you want to permit clients to specify their own address, enable the vpn-addr-assign aaa command.",5,Notification,25,vpn,ip_address_assignment
+%FTD-4-737012,737012,"IPAA: Session=session, Address assignment failed","%FTD-4-737012: IPAA: Session=session, Address assignment failed",The remote access client software request of a particular address failed.,"If using IP local pools, validate the local pool configuration. If using AAA, validate the configuration and status of the AAA server. If using DHCP, validate the configuration and status of the DHCP server. Increase the logging level (use notification or informational) to obtain additional messages to identify the reason for the failure.",4,Warning,55,vpn,ip_address_assignment
+%FTD-4-737013,737013,"IPAA: Session=session, Error freeing address ip-address, not found","%FTD-4-737013: IPAA: Session=session, Error freeing address ip-address, not found","The Secure Firewall Threat Defense device tried to free an address, but it was not on the allocated list because of a recent configuration change.",None provided.,4,Warning,45,vpn,ip_address_assignment
+%FTD-6-737014,737014,"IPAA: Session=session, Freeing AAA address ip-address","%FTD-6-737014: IPAA: Session=session, Freeing AAA address ip-address",The Secure Firewall Threat Defense device successfully released the IP address assigned through AAA.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-6-737015,737015,"IPAA: Session=session, Freeing DHCP address ip-address","%FTD-6-737015: IPAA: Session=session, Freeing DHCP address ip-address",The Secure Firewall Threat Defense device successfully released the IP address assigned through DHCP.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-6-737016,737016,"IPAA: Session=session, Freeing local pool pool-name address ip-address","%FTD-6-737016: IPAA: Session=session, Freeing local pool pool-name address ip-address",The Secure Firewall Threat Defense device successfully released the IP address assigned through local pools.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-6-737017,737017,"IPAA: Session=session, DHCP request attempt num succeeded","%FTD-6-737017: IPAA: Session=session, DHCP request attempt num succeeded",The Secure Firewall Threat Defense device successfully sent a request to a DHCP server.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-5-737018,737018,"IPAA: Session=session, DHCP request attempt num failed","%FTD-5-737018: IPAA: Session=session, DHCP request attempt num failed",The Secure Firewall Threat Defense device failed to send a request to a DHCP server.,Validate the DHCP configuration and connectivity to the DHCP server.,5,Notification,35,vpn,ip_address_assignment
+%FTD-4-737019,737019,"IPAA: Session=session, Unable to get address from group-policy or tunnel-group local pools","%FTD-4-737019: IPAA: Session=session, Unable to get address from group-policy or tunnel-group local pools",The Secure Firewall Threat Defense device failed to acquire an address from the local pools configured on the group policy or tunnel group. The local pools may be exhausted.,Validate the local pool configuration and status. Validate the group policy and tunnel group configuration of local pools.,4,Warning,55,vpn,ip_address_assignment
+%FTD-5-737023,737023,"IPAA: Session=session, Unable to allocate memory to store local pool address ip-address","%FTD-5-737023: IPAA: Session=session, Unable to allocate memory to store local pool address ip-address",The Secure Firewall Threat Defense device is low on memory.,"The Secure Firewall Threat Defense device may be overloaded and need more memory, or there may be a memory leak caused by a software defect. Contact the Cisco TAC and report the issue.",5,Notification,35,vpn,ip_address_assignment
+%FTD-5-737024,737024,"IPAA: Session= , Client requested address : , already in use, retrying","%FTD-5-737024: IPAA: Session= , Client requested address : , already in use, retrying",The client requested an IP address that is already in use. The request will be tried using a new IP address.,None required.,5,Notification,5,vpn,ip_address_assignment
+%FTD-5-737025,737025,"IPAA:Session=session, Duplicate local pool address found, {ip-address|(ipv6-address)} in quarantine","%FTD-5-737025: IPAA:Session=session, Duplicate local pool address found, {ip-address|(ipv6-address)} in quarantine",The IP address that was to be given to the client is already in use. The IP address has been removed from the pool and will not be reused.,Validate the local pool configuration; there may be an overlap caused by a software defect. Contact the Cisco TAC and report the issue.,5,Notification,25,vpn,ip_address_assignment
+%FTD-6-737026,737026,"IPAA: Session= , Client assigned session from local pool ip-address","%FTD-6-737026: IPAA: Session= , Client assigned session from local pool ip-address",The client has assigned the given address from a local pool.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-3-737027,737027,"IPAA: Session= , No data for address request","%FTD-3-737027: IPAA: Session= , No data for address request",A software defect has been found.,Contact the Cisco TAC and report the issue.,3,Error,65,vpn,ip_address_assignment
+%FTD-4-737028,737028,"IPAA: Session= , Unable to send session to standby: communication failure","%FTD-4-737028: IPAA: Session= , Unable to send session to standby: communication failure",The active Secure Firewall Threat Defense device was unable to communicate with the standby Secure Firewall Threat Defense device. The failover pair may be out-of-sync.,Validate the failover configuration and status.,4,Warning,55,vpn,ip_address_assignment
+%FTD-6-737029,737029,"IPAA: Session=session, Added {ip_address | ipv6_address} to standby","%FTD-6-737029: IPAA: Session=session, Added {ip_address | ipv6_address} to standby",The standby Secure Firewall Threat Defense device accepted the IP address assignment.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-4-737030,737030,"IPAA: Session=session, Unable to send {ip_address | ipv6_address} to standby: address in use","%FTD-4-737030: IPAA: Session=session, Unable to send {ip_address | ipv6_address} to standby: address in use",The standby Secure Firewall Threat Defense device has the given address already in use when the active Secure Firewall Threat Defense device attempted to acquire it. The failover pair may be out-of-sync.,Validate the failover configuration and status.,4,Warning,55,vpn,ip_address_assignment
+%FTD-6-737031,737031,"IPAA: Session= , Removed session from standby","%FTD-6-737031: IPAA: Session= , Removed session from standby",The standby Secure Firewall Threat Defense device cleared the IP address assignment.,None required.,6,Informational,5,vpn,ip_address_assignment
+%FTD-4-737032,737032,"IPAA: Session= , Unable to remove session from standby: address not found","%FTD-4-737032: IPAA: Session= , Unable to remove session from standby: address not found",The standby Secure Firewall Threat Defense device did not have an IP address in use when the active Secure Firewall Threat Defense device attempted to release it. The failover pair may be out-of-sync.,Validate the failover configuration and status.,4,Warning,55,vpn,ip_address_assignment
+%FTD-4-737033,737033,"IPAA: Session=session , Unable to assign session provided IP address (addr_allocator) to Client. This IP address has already been assigned by ip_addr","%FTD-4-737033: IPAA: Session=session , Unable to assign session provided IP address (addr_allocator) to Client. This IP address has already been assigned by ip_addr",The address assigned by the AAA/DHCP/local pool is already in use. or DHCP),Validate the AAA/DHCP/local pool address configurations. Overlap may occur.,4,Warning,55,vpn,ip_address_assignment
+%FTD-7-737035,737035,"IPAA: Session=session, ''message_type'' message queued","%FTD-7-737035: IPAA: Session=session, ''message_type'' message queued",A message is queued to the IP address assignment. This corresponds with syslog 737001. This message is not rate limited.,No action required.,7,Debugging,5,vpn,ip_address_assignment
+%FTD-7-737200,737200,"VPNFIP: Pool=pool, Allocated ip-address from pool","%FTD-7-737200: VPNFIP: Pool=pool, Allocated ip-address from pool",This log occurs an address is allocated from a local pool.,None required,7,Debugging,5,vpn,ip_address_assignment
+%FTD-7-737201,737201,"VPNFIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","%FTD-7-737201: VPNFIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","This log occurs when an address returned to a local pool. The recycle flag indicates whether this address should be re-used for the next request. For rare situation, the recycle flag will be FALSE. For example, when there is an address collision , the address has been assigned to a VPN session by other means such as by AAA or DHCP. In this case, we will not immediately try to reuse that address for the next request.",None required,7,Debugging,5,vpn,ip_address_assignment
+%FTD-3-737202,737202,"VPNFIP: Pool=pool, ERROR: message","%FTD-3-737202: VPNFIP: Pool=pool, ERROR: message",This log is generated when an error event is detected related to the VPN FIP database.,"If error is persistent, contact Cisco TAC.",3,Error,65,vpn,ip_address_assignment
+%FTD-4-737203,737203,"VPNFIP: Pool=pool, WARN: message","%FTD-4-737203: VPNFIP: Pool=pool, WARN: message",This log is generated to warn of an event related to the VPN FIP database.,None provided.,4,Warning,45,vpn,ip_address_assignment
+%FTD-5-737204,737204,"VPNFIP: Pool=pool, NOTIFY: message","%FTD-5-737204: VPNFIP: Pool=pool, NOTIFY: message",This log is generated to notify of an event related to the VPN FIP database.,None required,5,Notification,5,vpn,ip_address_assignment
+%FTD-6-737205,737205,"VPNFIP: Pool=pool, INFO: message","%FTD-6-737205: VPNFIP: Pool=pool, INFO: message",This log is generated to inform of an event related to the VPN FIP database.,None required,6,Informational,5,vpn,ip_address_assignment
+%FTD-7-737206,737206,"VPNFIP: Pool=pool, DEBUG: message","%FTD-7-737206: VPNFIP: Pool=pool, DEBUG: message",This log is generated to debug an event related to the VPN FIP database.,None required,7,Debugging,5,vpn,ip_address_assignment
+%FTD-7-737400,737400,"POOLIP: Pool=pool, Allocated ip-address from pool","%FTD-7-737400: POOLIP: Pool=pool, Allocated ip-address from pool",This log occurs an address is allocated from a local pool.,None required,7,Debugging,5,vpn,ip_address_assignment
+%FTD-7-737401,737401,"POOLIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","%FTD-7-737401: POOLIP: Pool=pool, Returned ip-address to pool (recycle=recycle)","This log occurs an address returned to a local pool. The recycle flag indicates whether this address should be re-used for the next request. For rare situation, the recycle flag will be FALSE. For example, when there is an address collision—the address has been assigned to a VPN session by other means such as by AAA or DHCP. In this case, we will not immediately try to reuse that address for the next request.",None required,7,Debugging,5,vpn,ip_address_assignment
+%FTD-4-737402,737402,"POOLIP: Pool=pool, Failed to return ip-address to pool (recycle=recycle). Reason: message","%FTD-4-737402: POOLIP: Pool=pool, Failed to return ip-address to pool (recycle=recycle). Reason: message",This log occurs unable to return an address to an address pool.,None required,4,Warning,5,vpn,ip_address_assignment
+%FTD-3-737403,737403,"POOLIP: Pool=pool, ERROR: message","%FTD-3-737403: POOLIP: Pool=pool, ERROR: message",This log is generated when an error event is detected related to an IP local pool database.,"If error is persistent, contact Cisco TAC.",3,Error,65,vpn,ip_address_assignment
+%FTD-4-737404,737404,"POOLIP: Pool=pool, WARN: message","%FTD-4-737404: POOLIP: Pool=pool, WARN: message",This log is generated to warn of an event related to an IP local pool database.,"If warning is persistent, contact Cisco TAC.",4,Warning,45,vpn,ip_address_assignment
+%FTD-5-737405,737405,"POOLIP: Pool=pool, NOTIFY: message","%FTD-5-737405: POOLIP: Pool=pool, NOTIFY: message",This log is generated to notify of an event related to an IP local pool database.,None required,5,Notification,5,vpn,ip_address_assignment
+%FTD-6-737406,737406,"POOLIP: Pool=pool, INFO: message","%FTD-6-737406: POOLIP: Pool=pool, INFO: message",This log is generated to inform of an event related to an IP local pool database.,None required,6,Informational,5,vpn,ip_address_assignment
+%FTD-7-737407,737407,"POOLIP: Pool=pool, DEBUG: message","%FTD-7-737407: POOLIP: Pool=pool, DEBUG: message",This log is generated to debug an event related to an IP local pool database.,None required,7,Debugging,5,vpn,ip_address_assignment
+%FTD-6-741000,741000,Coredump filesystem image created on variable_1 - size variable_2 MB,%FTD-6-741000: Coredump filesystem image created on variable_1 - size variable_2 MB,A core dump file system was successfully created. The file system is used to manage core dumps by capping the amount of disk space that core dumps may use.,Make sure that you save your configuration after creating the core dump file system.,6,Informational,15,system,general
+%FTD-6-741001,741001,Coredump filesystem image on variable - resized from variable MB to variable MB,%FTD-6-741001: Coredump filesystem image on variable - resized from variable MB to variable MB,The core dump file system has been successfully resized.,None provided.,6,Informational,15,system,general
+%FTD-6-741002,741002,Coredump log and filesystem contents cleared on variable_1,%FTD-6-741002: Coredump log and filesystem contents cleared on variable_1,"All core dumps have been deleted from the core dump file system, and the core dump log has been cleared. The core dump file system and coredump log are always synchronized with each other.",None required. You can clear the core dump file system to reset it to a known state using the clear coredump command.,6,Informational,5,system,general
+%FTD-6-741003,741003,Coredump filesystem and it's contents removed on variable_1,%FTD-6-741003: Coredump filesystem and it's contents removed on variable_1,"The core dump file system and its contents have been removed, and the core dump feature has been disabled.",Make sure that you save your configuration after the core dump feature has been disabled.,6,Informational,15,system,general
+%FTD-6-741004,741004,Coredump configuration reset to default values,%FTD-6-741004: Coredump configuration reset to default values,"The core dump configuration has been reset to its default value, which is disabled.",Make sure that you save your configuration after the core dump feature has been disabled.,6,Informational,15,system,general
+%FTD-4-741005,741005,Coredump operation 'variable_1' failed with error variable_2_variable_3,%FTD-4-741005: Coredump operation 'variable_1' failed with error variable_2_variable_3,An error occurred during the performance of a core dump-related operation. - CREATE_FSYS—An error occurred when creating the core dump file system. - CLEAR_LOG—An error occurred when clearing the core dump log. - DELETE_FSYS—An error occurred when deleting the core dump file system.,None provided.,4,Warning,55,system,general
+%FTD-4-741006,741006,"Unable to write Coredump Helper configuration, reason variable_1","%FTD-4-741006: Unable to write Coredump Helper configuration, reason variable_1",An error occurred when writing to the coredump helper configuration file. This error occurs only if disk0: is full. The configuration file is located in disk0:.coredumpinfo/coredump.cfg. the core dump helper configuration file failed.,"Disable the core dump feature, remove unneeded items from disk0:, and then reenable core dumps, if desired.",4,Warning,55,system,general
+%FTD-3-742001,742001,failed to read master key for password encryption from persistent store,%FTD-3-742001: failed to read master key for password encryption from persistent store,None provided.,None provided.,3,Error,75,system,password_encryption
+%FTD-3-742002,742002,failed to set master key for password encryption,%FTD-3-742002: failed to set master key for password encryption,"An attempt to read the key config-key password encryption command failed. The error may be caused by the following reasons: Other reasons for the error may be valid. In these cases, the actual error is printed in response to the command.",Correct the problem indicated in the command response.,3,Error,75,system,password_encryption
+%FTD-3-742003,742003,"failed to save master key for password encryption, reason=reason_text","%FTD-3-742003: failed to save master key for password encryption, reason=reason_text","An attempt to save the primary key to nonvolatile memory failed. The actual reason is specified by the reason_text parameter. The reason can be an out-of-memory condition, or the nonvolatile store can be inconsistent.","If the problem persists, reformat the nonvolatile store that is used to save the key by using the write erase command. Before performing this step, make sure that you back up the out-of-the-box configuration. Then reenter the write erase command.",3,Error,75,system,password_encryption
+%FTD-3-742004,742004,"failed to sync master key for password encryption, reason=reason_text","%FTD-3-742004: failed to sync master key for password encryption, reason=reason_text",An attempt to synchronize the primary key to the peer failed. The actual reason is specified by the reason_text parameter.,Try to correct the problem specified in the reason_text parameter.,3,Error,75,system,password_encryption
+%FTD-3-742005,742005,cipher text enc_pass is not compatible with the configured master key or the cipher text has been tampered,%FTD-3-742005: cipher text enc_pass is not compatible with the configured master key or the cipher text has been tampered,None provided.,None provided.,3,Error,65,system,password_encryption
+%FTD-3-742006,742006,password decryption failed due to unavailable memory,%FTD-3-742006: password decryption failed due to unavailable memory,An attempt to decrypt a password failed because no memory was available. Features using this password will not work as desired.,Correct the memory problem.,3,Error,75,system,password_encryption
+%FTD-3-742007,742007,password encryption failed due to unavailable memory,%FTD-3-742007: password encryption failed due to unavailable memory,An attempt to encrypt a password failed because no memory was available. Passwords may be left in clear text form in the configuration.,"Correct the memory problem, and reapply the configuration that failed password encryption.",3,Error,75,system,password_encryption
+%FTD-3-742008,742008,password enc_pass decryption failed due to decoding error,%FTD-3-742008: password enc_pass decryption failed due to decoding error,"Password decryption failed because of decoding errors, which may occur if the encrypted password has been modified after being encrypted.",Reapply the configuration in question with a clear text password.,3,Error,75,system,password_encryption
+%FTD-3-742009,742009,password encryption failed due to encoding error,%FTD-3-742009: password encryption failed due to encoding error,"Password encryption failed because of decoding errors, which may be an internal software error.","Reapply the configuration in question with a clear text password. If the problem persists, contact the Cisco TAC.",3,Error,75,system,password_encryption
+%FTD-3-742010,742010,encrypted password enc_pass is not well formed,%FTD-3-742010: encrypted password enc_pass is not well formed,"The encrypted password provided in the command is not well formed. The password may not be a valid, encrypted password, or it may have been modified since it was encrypted.",None provided.,3,Error,65,system,password_encryption
+%FTD-1-743000,743000,The PCI device with vendor ID: vendor_id device ID: device_id located at bus:device.function (hex) bus_num:dev_num.func_num has a link link_attr_name of actual_link_attr_val when it should have a link link_attr_name of expected_link_attr_val,%FTD-1-743000: The PCI device with vendor ID: vendor_id device ID: device_id located at bus:device.function (hex) bus_num:dev_num.func_num has a link link_attr_name of actual_link_attr_val when it should have a link link_attr_name of expected_link_attr_val,"A PCI device in the system is not configured correctly, which may result in the system not performing at its optimum level.","Collect the output of the show controller pci detail command, and contact the Cisco TAC.",1,Alert,75,system,hardware
+%FTD-1-743001,743001,Backplane health monitoring detected link failure,%FTD-1-743001: Backplane health monitoring detected link failure,A hardware failure has probably occurred and has been detected on one of the links between the Secure Firewall Threat Defense Services Module and the switch chassis.,Contact the Cisco TAC.,1,Alert,85,system,hardware
+%FTD-1-743002,743002,Backplane health monitoring detected link OK,%FTD-1-743002: Backplane health monitoring detected link OK,"A link has been restored between the Secure Firewall Threat Defense Services Module and the switch chassis. However, the failure and subsequent recovery probably indicates a hardware failure.",Contact the Cisco TAC.,1,Alert,85,system,hardware
+%FTD-1-743004,743004,System is not fully operational - The PCI device with vendor ID: vendor_id (vendor_name) device ID: device_id (device_name) could not be found in the system.,%FTD-1-743004: System is not fully operational - The PCI device with vendor ID: vendor_id (vendor_name) device ID: device_id (device_name) could not be found in the system.,A PCI device in the system that is needed for it to be fully operational was not found.,Collect the output of the show controller pci detail command and contact the Cisco TAC.,1,Alert,75,system,hardware
+%FTD-3-743010,743010,EOBC RPC server failed to start for client module client_name.,%FTD-3-743010: EOBC RPC server failed to start for client module client_name.,The service failed to start for a particular client of the EOBC RPC service on the server.,None provided.,3,Error,75,system,hardware
+%FTD-3-743011,743011,"EOBC RPC call failed, return code code.","%FTD-3-743011: EOBC RPC call failed, return code code.",The EOBC RPC client failed to make an RPC to the intended server.,Call the Cisco TAC.,3,Error,75,system,hardware
+%FTD-7-746012,746012,user-identity: Add IP-User mapping ip_address - domain_name\user_name result - reason,%FTD-7-746012: user-identity: Add IP-User mapping ip_address - domain_name\user_name result - reason,A new user-IP mapping has been added to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reason is VPN user. The failure reasons include the following: Maximum user limit reached and Duplicated address.,None required.,7,Debugging,5,access_control,identity_based_firewall
+%FTD-7-746013,746013,user-identity: Delete IP-User mapping ip_address - domain_name\user name - result reason,%FTD-7-746013: user-identity: Delete IP-User mapping ip_address - domain_name\user name - result reason,"A change has been made to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reasons include the following: Inactive timeout, NetBIOS probing failed, PIP notification, VPN user logout, Cut-through-proxy user logout, and MAC address mismatch. The failure reason is PIP notification.",None required.,7,Debugging,5,access_control,identity_based_firewall
+%FTD-5-746014,746014,user-identity: [FQDN] fqdn address IP_Address obsolete,%FTD-5-746014: user-identity: [FQDN] fqdn address IP_Address obsolete,A fully qualified domain name has become obsolete.,None required.,5,Notification,5,access_control,identity_based_firewall
+%FTD-5-746015,746015,user-identity: [FQDN] fqdn resolved IP_address,%FTD-5-746015: user-identity: [FQDN] fqdn resolved IP_address,A fully qualified domain name lookup has succeeded.,None required.,5,Notification,5,access_control,identity_based_firewall
+%FTD-3-746016,746016,"user-identity: DNS lookup for ip failed, reason:reason","%FTD-3-746016: user-identity: DNS lookup for ip failed, reason:reason",None provided.,None provided.,3,Error,75,access_control,identity_based_firewall
+%FTD-3-747001,747001,"Clustering: Recovered from state machine event queue depleted. Event (event-id , ptr-in-hex , ptr-in-hex ) dropped. Current state state-name , stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex","%FTD-3-747001: Clustering: Recovered from state machine event queue depleted. Event (event-id , ptr-in-hex , ptr-in-hex ) dropped. Current state state-name , stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex","The cluster FSM event queue is full, and a new event has been dropped.",None.,3,Error,85,system,cluster
+%FTD-5-747002,747002,"Clustering: Recovered from state machine dropped event (event-id , ptr-in-hex , ptr-in-hex ). Intended state: state-name . Current state: state-name .","%FTD-5-747002: Clustering: Recovered from state machine dropped event (event-id , ptr-in-hex , ptr-in-hex ). Intended state: state-name . Current state: state-name .",The cluster FSM received an event that is incompatible with the current state.,None.,5,Notification,45,system,cluster
+%FTD-5-747003,747003,"Clustering: Recovered from state machine failure to process event (event-id , ptr-in-hex , ptr-in-hex ) at state state-name .","%FTD-5-747003: Clustering: Recovered from state machine failure to process event (event-id , ptr-in-hex , ptr-in-hex ) at state state-name .",The cluster FSM failed to process an event for all reasons given.,None.,5,Notification,35,system,cluster
+%FTD-6-747004,747004,Clustering: state machine changed from state state-name to state-name .,%FTD-6-747004: Clustering: state machine changed from state state-name to state-name .,The cluster FSM has progressed to a new state.,None.,6,Informational,15,system,cluster
+%FTD-7-747005,747005,"Clustering: State machine notify event event-name (event-id , ptr-in-hex , ptr-in-hex )","%FTD-7-747005: Clustering: State machine notify event event-name (event-id , ptr-in-hex , ptr-in-hex )",The cluster FSM has notified clients about an event.,None.,7,Debugging,5,system,cluster
+%FTD-7-747006,747006,Clustering: State machine is at state state-name,%FTD-7-747006: Clustering: State machine is at state state-name,"The cluster FSM moved to a stable state; that is, Disabled, Slave, or Master.",None.,7,Debugging,5,system,cluster
+%FTD-5-747007,747007,"Clustering: Recovered from finding stray config sync thread, stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex .","%FTD-5-747007: Clustering: Recovered from finding stray config sync thread, stack ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex , ptr-in-hex .",Astray configuration sync thread has been detected.,None.,5,Notification,25,system,cluster
+%FTD-4-747008,747008,Clustering: New cluster member name with serial number serial-number-A rejected due to name conflict with existing unit with serial number serial-number-B .,%FTD-4-747008: Clustering: New cluster member name with serial number serial-number-A rejected due to name conflict with existing unit with serial number serial-number-B .,The same unit name has been configured on multiple units.,None.,4,Warning,45,system,cluster
+%FTD-2-747009,747009,Clustering: Fatal error due to failure to create RPC server for module module name .,%FTD-2-747009: Clustering: Fatal error due to failure to create RPC server for module module name .,The Secure Firewall Threat Defense device failed to create an RPC server.,Disable clustering on this unit and try to re-enable it. Contact the Cisco TAC if the problem persists.,2,Critical,95,system,cluster
+%FTD-3-747010,747010,"Clustering: RPC call failed, message message-name , return code code-value .","%FTD-3-747010: Clustering: RPC call failed, message message-name , return code code-value .",An RPC call failure has occurred. The system tries to recover from the failure.,None.,3,Error,75,system,cluster
+%FTD-2-747011,747011,Clustering: Memory allocation error.,%FTD-2-747011: Clustering: Memory allocation error.,A memory allocation failure occurred in clustering.,"Disable clustering on this unit and try to re-enable it. If the problem persists, check the memory usage on the Secure Firewall Threat Defense device.",2,Critical,95,system,cluster
+%FTD-3-747012,747012,"Clustering: Failed to replicate global object id hex-id-value in domain domain-name to peer unit-name , continuing operation.","%FTD-3-747012: Clustering: Failed to replicate global object id hex-id-value in domain domain-name to peer unit-name , continuing operation.",A global object ID replication failure has occurred.,None.,3,Error,75,system,cluster
+%FTD-3-747013,747013,"Clustering: Failed to remove global object id hex-id-value in domain domain-name from peer unit-name , continuing operation.","%FTD-3-747013: Clustering: Failed to remove global object id hex-id-value in domain domain-name from peer unit-name , continuing operation.",A global object ID removal failure has occurred.,None.,3,Error,75,system,cluster
+%FTD-3-747014,747014,"Clustering: Failed to install global object id hex-id-value in domain domain-name , continuing operation.","%FTD-3-747014: Clustering: Failed to install global object id hex-id-value in domain domain-name , continuing operation.",A global object ID installation failure has occurred.,None.,3,Error,75,system,cluster
+%FTD-4-747015,747015,Clustering: Forcing stray member unit-name to leave the cluster.,%FTD-4-747015: Clustering: Forcing stray member unit-name to leave the cluster.,A stray cluster member has been found.,None.,4,Warning,45,system,cluster
+%FTD-4-747016,747016,"Clustering: Found a split cluster with both unit-name-A and unit-name-B as master units. Master role retained by unit-name-A , unit-name-B will leave, then join as a slave.","%FTD-4-747016: Clustering: Found a split cluster with both unit-name-A and unit-name-B as master units. Master role retained by unit-name-A , unit-name-B will leave, then join as a slave.",A split cluster has been found.,None.,4,Warning,45,system,cluster
+%FTD-4-747017,747017,Clustering: Failed to enroll unit unit-name due to maximum member limit limit-value reached.,%FTD-4-747017: Clustering: Failed to enroll unit unit-name due to maximum member limit limit-value reached.,The Secure Firewall Threat Defense device failed to enroll a new unit because the maximum member limit has been reached.,None.,4,Warning,55,system,cluster
+%FTD-3-747018,747018,Clustering: State progression failed due to timeout in module module-name .,%FTD-3-747018: Clustering: State progression failed due to timeout in module module-name .,The cluster FSM progression has timed out.,None.,3,Error,75,system,cluster
+%FTD-4-747019,747019,"Clustering: New cluster member name rejected due to Cluster Control Link IP subnet mismatch (ip-address /ip-mask on new unit, ip-address /ip-mask on local unit).","%FTD-4-747019: Clustering: New cluster member name rejected due to Cluster Control Link IP subnet mismatch (ip-address /ip-mask on new unit, ip-address /ip-mask on local unit).",The control unit found that a new joining unit has an incompatible cluster interface IP address.,None.,4,Warning,55,system,cluster
+%FTD-4-747020,747020,Clustering: New cluster member unit-name rejected due to encryption license mismatch.,%FTD-4-747020: Clustering: New cluster member unit-name rejected due to encryption license mismatch.,The control unit found that a new joining unit has an incompatible encryption license.,None.,4,Warning,55,system,cluster
+%FTD-3-747021,747021,Clustering: Master unit unit-name is quitting due to interface health check failure on interface-name .,%FTD-3-747021: Clustering: Master unit unit-name is quitting due to interface health check failure on interface-name .,The control unit has disabled clustering because of an interface health check failure.,None.,3,Error,75,system,cluster
+%FTD-3-747022,747022,"Clustering: Asking slave unit unit-name to quit because it failed interface health check x times, rejoin will be attempted after y min. Failed interface: interface-name .","%FTD-3-747022: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times, rejoin will be attempted after y min. Failed interface: interface-name .",This syslog message occurs when the maximum number of rejoin attempts has not been exceeded. A data unit has disabled clustering because of an interface health check failure for the specified amount of time. This unit will re-enable itself automatically after the specified amount of time (ms).,None.,3,Error,75,system,cluster
+%FTD-4-747025,747025,Clustering: New cluster member unit-name rejected due to firewall mode mismatch.,%FTD-4-747025: Clustering: New cluster member unit-name rejected due to firewall mode mismatch.,None provided.,None provided.,4,Warning,55,system,cluster
+%FTD-4-747026,747026,"Clustering: New cluster member unit-name rejected due to cluster interface name mismatch (ifc-name on new unit, ifc-name on local unit).","%FTD-4-747026: Clustering: New cluster member unit-name rejected due to cluster interface name mismatch (ifc-name on new unit, ifc-name on local unit).",A control unit found a joining unit that has an incompatible cluster control link interface name.,None.,4,Warning,55,system,cluster
+%FTD-4-747027,747027,Clustering: Failed to enroll unit unit-name due to insufficient size of cluster pool pool-name in context-name .,%FTD-4-747027: Clustering: Failed to enroll unit unit-name due to insufficient size of cluster pool pool-name in context-name .,A control unit could not enroll a joining unit because of the size limit of the minimal cluster pool configured.,None.,4,Warning,55,system,cluster
+%FTD-4-747028,747028,"Clustering: New cluster member unit-name rejected due to interface mode mismatch (mode-name on new unit, mode-name on local unit).","%FTD-4-747028: Clustering: New cluster member unit-name rejected due to interface mode mismatch (mode-name on new unit, mode-name on local unit).","A control unit found a joining unit that has an incompatible interface-mode, either spanned or individual.",None.,4,Warning,55,system,cluster
+%FTD-4-747029,747029,Clustering: Unit unit-name is quitting due to Cluster Control Link down.,%FTD-4-747029: Clustering: Unit unit-name is quitting due to Cluster Control Link down.,A unit disabled clustering because of a cluster interface failure.,None.,4,Warning,55,system,cluster
+%FTD-3-747030,747030,"Clustering: Asking slave unit unit-name to quit because it failed interface health check x times (last failure on interface-name ), Clustering must be manually enabled on the unit to re-join.","%FTD-3-747030: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times (last failure on interface-name ), Clustering must be manually enabled on the unit to re-join.",An interface health check has failed and the maximum number of rejoin attempts has been exceeded. A data unit has disabled clustering because of an interface health check failure.,None.,3,Error,75,system,cluster
+%FTD-3-747031,747031,Clustering: Platform mismatch between cluster master (platform-type ) and joining unit unit-name (platform-type ). unit-name aborting cluster join.,%FTD-3-747031: Clustering: Platform mismatch between cluster master (platform-type ) and joining unit unit-name (platform-type ). unit-name aborting cluster join.,The joining unit's platform type does not match with that of the cluster control unit.,Make sure that the joining unit has the same platform type as that of the cluster control unit.,3,Error,75,system,cluster
+%FTD-3-747032,747032,Clustering: Service module mismatch between cluster master (module-name ) and joining unit unit-name (module-name )in slot slot-number . unit-name aborting cluster join.,%FTD-3-747032: Clustering: Service module mismatch between cluster master (module-name ) and joining unit unit-name (module-name )in slot slot-number . unit-name aborting cluster join.,The joining unit's external modules are not consistent (module type and order in which they are installed) with those on the cluster control unit.,Make sure that the modules installed on the joining unit are of the same type and are in the same order as they are in the cluster control unit.,3,Error,75,system,cluster
+%FTD-3-747033,747033,Clustering: Interface mismatch between cluster master and joining unit unit-name . unit-name aborting cluster join.,%FTD-3-747033: Clustering: Interface mismatch between cluster master and joining unit unit-name . unit-name aborting cluster join.,The joining unit's interfaces are not the same as those on the cluster control unit.,Make sure that the interfaces available on the joining unit are the same as those on the cluster control unit.,3,Error,75,system,cluster
+%FTD-4-747034,747034,Unit %s is quitting due to Cluster Control Link down (%d times after last rejoin). Rejoin will be attempted after %d minutes.,%FTD-4-747034: Unit %s is quitting due to Cluster Control Link down (%d times after last rejoin). Rejoin will be attempted after %d minutes.,Cluster Control Link down and the unit is kicked out with rejoin.,Wait for the unit to rejoin.,4,Warning,45,system,cluster
+%FTD-4-747035,747035,Unit %s is quitting due to Cluster Control Link down. Clustering must be manually enabled on the unit to rejoin.,%FTD-4-747035: Unit %s is quitting due to Cluster Control Link down. Clustering must be manually enabled on the unit to rejoin.,Cluster Control Link down and the unit is kicked out without rejoin.,Rejoin the unit manually.,4,Warning,45,system,cluster
+%FTD-3-747036,747036,Application software mismatch between cluster master %s[Master unit name] (%s[Master application software name]) and joining unit (%s[Joining unit application software name]). %s[Joining member name] aborting cluster join.,%FTD-3-747036: Application software mismatch between cluster master %s[Master unit name] (%s[Master application software name]) and joining unit (%s[Joining unit application software name]). %s[Joining member name] aborting cluster join.,The applications on control unit and the joining data unit are not the same. Data unit will be kicked out.,"Make sure that the data unit run the same applications/services, and manually rejoin the unit.",3,Error,75,system,cluster
+%FTD-3-747042,747042,Clustering: Master received the config hash string request message from an unknown member with id cluster-member-id,%FTD-3-747042: Clustering: Master received the config hash string request message from an unknown member with id cluster-member-id,Control unit received the config hash string request event.,Verify requestor member is still in OnCall state.,3,Error,75,system,cluster
+%FTD-3-747043,747043,"Clustering: Get config hash string from master error: ret_code ret_code, string_len string_len","%FTD-3-747043: Clustering: Get config hash string from master error: ret_code ret_code, string_len string_len",Failed to get config hash string from control unit.,Contact technical support to troubleshoot the issue on control unit. Ensure to turn on 'debug cluster ccp’ to identify the root cause.,3,Error,75,system,cluster
+%FTD-6-747044,747044,Configuration Hash string verification result,%FTD-6-747044: Configuration Hash string verification result,The result of configuration hash string comparison..,None required.,6,Informational,5,system,cluster
+%FTD-5-748001,748001,Module slot_number in chassis chassis_number is leaving the cluster due to a chassis configuration change,%FTD-5-748001: Module slot_number in chassis chassis_number is leaving the cluster due to a chassis configuration change,"A cluster control link has changed in the MIO, a cluster group has been removed in the MIO, or a blade module has been removed in the MIO configuration.",None required.,5,Notification,5,system,cluster
+%FTD-4-748002,748002,Clustering configuration on the chassis is missing or incomplete; clustering is disabled,%FTD-4-748002: Clustering configuration on the chassis is missing or incomplete; clustering is disabled,"Configurations are missing or incomplete in the MIO (for example, a cluster group is not configured, or a cluster control link is not configured).","Go to the MIO console and configure the cluster service type, add the module to the service type, and define the cluster control link accordingly.",4,Warning,45,system,cluster
+%FTD-4-748003,748003,Module slot_number in chassis chassis_number is leaving the cluster due to a chassis health check failure,%FTD-4-748003: Module slot_number in chassis chassis_number is leaving the cluster due to a chassis health check failure,"The blade cannot talk to the MIO, so it relies on the MIO to detect this communication problem and de-bundle the data ports. If data ports are de-bundled, the Secure Firewall Threat Defense device will be kicked out by an interface health check.",Check if the MIO card is up or if the communication between the MIO and the blade is still up.,4,Warning,55,system,cluster
+%FTD-5-748004,748004,Module slot_number in chassis chassis_number is re-joining the cluster due to a chassis health check recovery,%FTD-5-748004: Module slot_number in chassis chassis_number is re-joining the cluster due to a chassis health check recovery,"The MIO blade health check has recovered, and the Secure Firewall Threat Defense device tries to rejoin the cluster.",Check if the MIO card is up or if the communication between the MIO and the blade is still up,5,Notification,25,system,cluster
+%FTD-3-748005,748005,Failed to bundle the ports for module slot_number in chassis chassis_number ; clustering is disabled,%FTD-3-748005: Failed to bundle the ports for module slot_number in chassis chassis_number ; clustering is disabled,The MIO failed to bundle the ports for itself.,Check if the MIO is operating correctly.,3,Error,75,system,cluster
+%FTD-3-748006,748006,Asking module slot_number in chassis chassis_number to leave the cluster due to a port bundling failure,%FTD-3-748006: Asking module slot_number in chassis chassis_number to leave the cluster due to a port bundling failure,"The MIO failed to bundle ports for a blade, so the blade has been kicked out.",Check if the MIO is operating correctly.,3,Error,75,system,cluster
+%FTD-2-748007,748007,Failed to de-bundle the ports for module slot_number in chassis chassis_number ; traffic may be black holed,%FTD-2-748007: Failed to de-bundle the ports for module slot_number in chassis chassis_number ; traffic may be black holed,The MIO failed to de-bundle the ports.,Check if the MIO is operating correctly.,2,Critical,95,system,cluster
+%FTD-6-748008,748008,[CPU load percentage | memory load percentage ] of module slot_number in chassis chassis_number (member-name ) exceeds overflow protection threshold [CPU percentage | memory percentage ]. System may be oversubscribed on member failure.,%FTD-6-748008: [CPU load percentage | memory load percentage ] of module slot_number in chassis chassis_number (member-name ) exceeds overflow protection threshold [CPU percentage | memory percentage ]. System may be oversubscribed on member failure.,"The CPU load has exceeded (N-1)/N, where N is the total number of active cluster members, or the memory load has exceeded (100 – x) * (N – 1) / N + x, where N is the number of cluster members, and x is the baseline memory usage of the last joining member.",Re-plan the network and clustering deployment. Either reduce the amount of traffic or add more blades/chassis.,6,Informational,25,system,cluster
+%FTD-6-748009,748009,[CPU load percentage | memory load percentage ] of chassis chassis_number exceeds overflow protection threshold [CPU percentage | memory percentage }. System may be oversubscribed on chassis failure.,%FTD-6-748009: [CPU load percentage | memory load percentage ] of chassis chassis_number exceeds overflow protection threshold [CPU percentage | memory percentage }. System may be oversubscribed on chassis failure.,The chassis traffic load exceeded a certain threshold.,Re-plan the network and clustering deployment. Either reduce the amount of traffic or add more blades/chassis.,6,Informational,25,system,cluster
+%FTD-4-748011,748011,"Mismatched resource profile size with Master. Master: cores number CPU cores / RAM size MB RAM, Mine: cores number CPU cores / RAM size MB RAM","%FTD-4-748011: Mismatched resource profile size with Master. Master: cores number CPU cores / RAM size MB RAM, Mine: cores number CPU cores / RAM size MB RAM","When the unit that is joining into cluster has different resource profile size compared to control unit, this syslog appears on the joining unit. Example %Firewall Threat Defense-4-748011: Mismatched resource profile size with Master. Master: 6 CPU cores / 14426 MB RAM, Mine: 8 CPU cores 19261 MB RAM.",None required.,4,Warning,5,system,cluster
+%FTD-4-748012,748012,"Mismatched module type with Master. Master: PID, MINE: PID","%FTD-4-748012: Mismatched module type with Master. Master: PID, MINE: PID","When the unit that is joining into cluster has different module type compared to the control unit, this syslog appears on the joining unit. Example %Firewall Threat Defense-4-748012: Mismatched module type with Master. Master: FPR4K-SM-24, Mine: FPR4K-SM-24s",None required.,4,Warning,5,system,cluster
+%FTD-3-748100,748100,<application_name> application status is changed from <status> to <status>.,%FTD-3-748100: <application_name> application status is changed from <status> to <status>.,Detect the application status change from one state to another. Application status change will trigger application health check mechanism.,Verify the status of the application.,3,Error,75,system,cluster
+%FTD-3-748101,748101,Peer unit <unit_id> reported its <application_name> application status is <status>.,%FTD-3-748101: Peer unit <unit_id> reported its <application_name> application status is <status>.,Peer unit reported application status change that will trigger application health check mechanism.,Verify the status of the application.,3,Error,75,system,cluster
+%FTD-3-748102,748102,"Master unit <unit_id> is quitting due to <application_name> Application health check failure, and master's application state is <status>.","%FTD-3-748102: Master unit <unit_id> is quitting due to <application_name> Application health check failure, and master's application state is <status>.",Application health check detects that the control unit is not healthy. The control unit will leave the cluster group.,"Verify the status of the application. When the application (snort) is up again, the unit will rejoin automatically.",3,Error,85,system,cluster
+%FTD-3-748103,748103,"Asking slave unit <unit_id> to quit due to <application_name> Application health check failure, and slave's application state is <status>.","%FTD-3-748103: Asking slave unit <unit_id> to quit due to <application_name> Application health check failure, and slave's application state is <status>.",Application health check detects that the data unit is not healthy. Control unit will evict the data node.,"Verify the status of the application. When the application (snort) is up again, the unit will rejoin automatically.",3,Error,85,system,cluster
+%FTD-4-748201,748201,<Application name> application on module <module id> in chassis <chassis id> is <status>.,%FTD-4-748201: <Application name> application on module <module id> in chassis <chassis id> is <status>.,Status of the application in the service chain gets changed.,None provided.,4,Warning,45,system,cluster
+%FTD-3-748202,748202,Module <module_id> in chassis <chassis id> is leaving the cluster due to <application name> application failure\n.,%FTD-3-748202: Module <module_id> in chassis <chassis id> is leaving the cluster due to <application name> application failure\n.,"Unit will be kicked out of cluster if the application such as vDP, fails.",Verify the status of the application in the service chain.,3,Error,85,system,cluster
+%FTD-5-748203,748203,Module <module_id> in chassis <chassis id> is re-joining the cluster due to a service chain application recovery\n.,%FTD-5-748203: Module <module_id> in chassis <chassis id> is re-joining the cluster due to a service chain application recovery\n.,"Unit automatically rejoins the cluster if the service chain application such as vDP, recovers.",Verify the status of the application in the service chain.,5,Notification,35,system,cluster
+%FTD-5-750001,750001,"Local:local IP :local port Remote:remote IP : remote port Username: username Received request to request an IPsec tunnel; local traffic selector = local selectors: range, protocol, port range ; remote traffic selector = remote selectors: range, protocol, port range","%FTD-5-750001: Local:local IP :local port Remote:remote IP : remote port Username: username Received request to request an IPsec tunnel; local traffic selector = local selectors: range, protocol, port range ; remote traffic selector = remote selectors: range, protocol, port range","A request is being made for an operation on the IPsec tunnel such as a rekey, a request to establish a connection, and so on. and port number used for this connection connection is coming from",None required.,5,Notification,5,vpn,ikev2
+%FTD-5-750002,750002,Local:local IP :local port Remote: remote IP : remote port Username: username Received a IKE_INIT_SA request,%FTD-5-750002: Local:local IP :local port Remote: remote IP : remote port Username: username Received a IKE_INIT_SA request,An incoming tunnel or SA initiation request (IKE_INIT_SA request) has been received. and port number used for this connection connection is coming from,None provided.,5,Notification,25,vpn,ikev2
+%FTD-4-750003,750003,Local: local IP:local port Remote: remote IP:remote port Username: username Negotiation aborted due to ERROR: error,%FTD-4-750003: Local: local IP:local port Remote: remote IP:remote port Username: username Negotiation aborted due to ERROR: error,"The negotiation of an SA was aborted because of the provided error reason. and port number used for this connection connection is coming from - Failed to send data on the network - Asynchronous request queued - Failed to enqueue packet - A supplied parameter is incorrect - Failed to allocate memory - Failed the cookie negotiation - Failed to find a matching policy - Failed to locate an item in the database - Failed to initialize the policy database - Failed to insert a policy into the database - The peer's proposal is invalid - Failed to compute the DH value - Failed to construct a NONCE - An expected payload is missing from the packet - Failed to compute the SKEYSEED - Failed to create child SA keys - The peer's KE payload contained the wrong DH group - Received invalid KE notify, yet we've tried all configured DH groups - Failed to compute a hash value - Failed to authenticate the IKE SA - Failed to compute or verify a signature - Failed to validate the certificate - The certificate has been revoked and is consequently invalid",None provided.,4,Warning,65,vpn,ikev2
+%FTD-5-750004,750004,Local: local IP: local port Remote: remote IP: remote port Username: username Sending COOKIE challenge to throttle possible DoS,%FTD-5-750004: Local: local IP: local port Remote: remote IP: remote port Username: username Sending COOKIE challenge to throttle possible DoS,An incoming connection request was challenged with a cookie based on the cookie challenge thresholds that are configured to prevent a possible DoS attack. and port number used for this connection connection is coming from,None required.,5,Notification,45,vpn,ikev2
+%FTD-5-750005,750005,"Local: local IP: local port Remote: remote IP: remote port Username: username IPsec rekey collision detected. I am lowest nonce initiator, deleting SA with inbound SPI SPI","%FTD-5-750005: Local: local IP: local port Remote: remote IP: remote port Username: username IPsec rekey collision detected. I am lowest nonce initiator, deleting SA with inbound SPI SPI","A rekey collision was detected (both peers trying to initiate a rekey at the same time), and it was resolved by keeping the one initiated by this Secure Firewall Threat Defense device because it had the lowest nonce. This action caused the indicated SA referenced by the SPI to be deleted. and port number used for this connection connection is coming from",None provided.,5,Notification,25,vpn,ikev2
+%FTD-5-750006,750006,Local: local IP: local port Remote: remote IP: remote port Username: username SA UP. Reason: reason,%FTD-5-750006: Local: local IP: local port Remote: remote IP: remote port Username: username SA UP. Reason: reason,"An SA came up for the given reason, such as for a newly established connection or a rekey. and port number used for this connection connection is coming from",None required.,5,Notification,5,vpn,ikev2
+%FTD-5-750007,750007,Local: local IP: local port Remote: remote IP: remote port Username: username SA DOWN. Reason: reason,%FTD-5-750007: Local: local IP: local port Remote: remote IP: remote port Username: username SA DOWN. Reason: reason,"An SA was torn down or deleted for the given reason, such as a request by the peer, operator request (via an administrator action), rekey, and so on. and port number used for this connection connection is coming from",None required.,5,Notification,5,vpn,ikev2
+%FTD-5-750008,750008,Local: local IP: local port Remote: remote IP: remote port Username: username SA rejected due to system resource low,%FTD-5-750008: Local: local IP: local port Remote: remote IP: remote port Username: username SA rejected due to system resource low,An SA request was rejected to alleviate a low system resource condition. and port number used for this connection connection is coming from,"Check CAC settings for IKEv2 to determine if this is expected behavior based on configured thresholds; otherwise, if the condition persists, investigate further to alleviate the issue.",5,Notification,35,vpn,ikev2
+%FTD-5-750009,750009,Local: local IP: local port Remote: remote IP: remote port Username: username SA request rejected due to CAC limit reached: Rejection reason: reason,%FTD-5-750009: Local: local IP: local port Remote: remote IP: remote port Username: username SA request rejected due to CAC limit reached: Rejection reason: reason,"A Connection Admission Control (CAC) limiting threshold was reached, which caused the SA request to be rejected. and port number used for this connection connection is coming from","Check CAC settings for IKEv2 to determine if this is expected behavior based on configured thresholds; otherwise, if the condition persists, investigate further to alleviate the issue.",5,Notification,35,vpn,ikev2
+%FTD-5-750010,750010,Local: local-ip Remote: remote-ip Username:username IKEv2 local throttle-request queue depth threshold of threshold reached; increase the window size on peer peer for better performance,%FTD-5-750010: Local: local-ip Remote: remote-ip Username:username IKEv2 local throttle-request queue depth threshold of threshold reached; increase the window size on peer peer for better performance,"The Secure Firewall Threat Defense device overflowed its throttle request queue to the specified peer, indicating that the peer is slow. The throttle request queue holds requests destined for the peer, which cannot be sent immediately because the maximum number of requests allowed to be in-flight based on the IKEv2 window size were already in-flight. As in-flight requests are completed, requests are pulled off of the throttle request queue and sent to the peer. If the peer is not processing these requests quickly, the throttle queue backs up.","If possible, increase the IKEv2 window size on the remote peer to allow more concurrent requests to be in-flight, which may improve performance. The Secure Firewall Threat Defense device does not currently support an increased IKEv2 window size setting. Note",5,Notification,25,vpn,ikev2
+%FTD-3-750011,750011,Tunnel Rejected: Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).,%FTD-3-750011: Tunnel Rejected: Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).,The tunnel was rejected because the selected IKEv2 encryption algorithm is not strong enough to secure the proposed IPSEC encryption algorithm.,None provided.,3,Error,65,vpn,ikev2
+%FTD-4-750012,750012,Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).,%FTD-4-750012: Selected IKEv2 encryption algorithm (IKEV2 encry algo ) is not strong enough to secure proposed IPSEC encryption algorithm (IPSEC encry algo ).,The selected IKEv2 encryption algorithm is not strong enough to secure the proposed IPSEC encryption algorithm.,Configure a stronger IKEv2 encryption algorithm to match or exceed the strength of the IPsec child SA encryption algorithm.,4,Warning,45,vpn,ikev2
+%FTD-5-750013,750013,IKEv2 SA (iSPI ISPI rRSP rSPI) Peer Moved: Previous prev_remote_ip:prev_remote_port/prev_local_ip:prev_local_port. Updated new_remote_ip:new_remote_port/new_local_ip:new_local_port,%FTD-5-750013: IKEv2 SA (iSPI ISPI rRSP rSPI) Peer Moved: Previous prev_remote_ip:prev_remote_port/prev_local_ip:prev_local_port. Updated new_remote_ip:new_remote_port/new_local_ip:new_local_port,"The new mobike feature allows peer IP to be changed without tearing down the tunnel. For example, a mobile device (smartphone) acquires new IP after connecting to a different network.The following list describes the message values:",Contact the Development engineers.,5,Notification,25,vpn,ikev2
+%FTD-3-751001,751001,Failed to complete Diffie-Hellman operation. Error: error.,%FTD-3-751001: Failed to complete Diffie-Hellman operation. Error: error.,"A failure to complete a Diffie-Hellman operation occurred, as indicated by the error.","A low memory issue or other internal error that should be resolved has occurred. If it persists, use the memory tracking tool to isolate the issue.",3,Error,75,vpn,ikev2
+%FTD-3-751002,751002,No pre-shared key or trustpoint configured for self in tunnel group group,%FTD-3-751002: No pre-shared key or trustpoint configured for self in tunnel group group,The Secure Firewall Threat Defense device was unable to find any type of authentication information in the tunnel group that it could use to authenticate itself to the peer.,None provided.,3,Error,75,vpn,ikev2
+%FTD-7-751003,751003,Need to send a DPD message to peer,%FTD-7-751003: Need to send a DPD message to peer,Dead peer detection needs to be performed for the specified peer to determine if it is still alive. The Secure Firewall Threat Defense device may have terminated a connection to the peer.,None required.,7,Debugging,5,vpn,ikev2
+%FTD-3-751004,751004,No remote authentication method configured for peer in tunnel group group,%FTD-3-751004: No remote authentication method configured for peer in tunnel group group,A method to authenticate the remote peer was not found in the configuration to allow the connection.,Check the configuration to make sure that a valid remote peer authentication setting is present.,3,Error,65,vpn,ikev2
+%FTD-3-751005,751005,"AnyConnect client reconnect authentication failed. Session ID: session_id, Error: error","%FTD-3-751005: AnyConnect client reconnect authentication failed. Session ID: session_id, Error: error",A failure occurred during an AnyConnect client reconnection attempt using the session token.,"Take action according to the error specified, if necessary. The error may indicate that a session was removed instead of remaining in resume state because a client disconnect was detected or sessions were cleared on the Secure Firewall Threat Defense device. If necessary, also compare this message to the event logs on the Anyconnect client.",3,Error,95,vpn,ikev2
+%FTD-3-751006,751006,Certificate authentication failed. Error: error,%FTD-3-751006: Certificate authentication failed. Error: error,A failure related to certificate authentication occurred.,"Take action according to the error specified, if necessary. Check the certificate trustpoint configuration and make sure that the necessary CA certificate exists to be able to correctly verify client certificate chains. Use the debug crypto ca commands to isolate the failure.",3,Error,100,vpn,ikev2
+%FTD-5-751007,751007,Configured attribute not supported for IKEv2. Attribute: attribute,%FTD-5-751007: Configured attribute not supported for IKEv2. Attribute: attribute,A configured attribute could not be applied to the IKE version 2 connection because it is not supported for IKE version 2 connections.,"None required, To eliminate this message from being generated, you can remove the IKE version 2 configuration setting.",5,Notification,5,vpn,ikev2
+%FTD-3-751008,751008,"Group=group, Tunnel rejected: IKEv2 not enabled in group policy","%FTD-3-751008: Group=group, Tunnel rejected: IKEv2 not enabled in group policy","IKE version 2 is not allowed based on the enabled protocols for the indicated group to which a connection attempt was mapped, and the connection was rejected.","Check the group policy VPN tunnel protocol setting and enable IKE version 2, if desired.",3,Error,65,vpn,ikev2
+%FTD-3-751009,751009,Unable to find tunnel group for peer.,%FTD-3-751009: Unable to find tunnel group for peer.,A tunnel group could not be found for the peer.,"Check the configuration and tunnel group mapping rules, then configure them to allow the peer to land on a configured group.",3,Error,75,vpn,ikev2
+%FTD-3-751010,751010,Local: localIP:port Remote:remoteIP:port Username: username/group Unable to determine self-authentication method. No crypto map setting or tunnel group found.,%FTD-3-751010: Local: localIP:port Remote:remoteIP:port Username: username/group Unable to determine self-authentication method. No crypto map setting or tunnel group found.,A method for authenticating the Secure Firewall Threat Defense device to the peer could not be found in either the tunnel group or crypto map.,"Check the configuration, and configure a self-authentication method in the crypto map for the initiator L2L or in the applicable tunnel group.",3,Error,75,vpn,ikev2
+%FTD-3-751011,751011,Failed user authentication. Error: error,%FTD-3-751011: Failed user authentication. Error: error,None provided.,None provided.,3,Error,75,vpn,ikev2
+%FTD-3-751012,751012,Failure occurred during Configuration Mode processing. Error: error,%FTD-3-751012: Failure occurred during Configuration Mode processing. Error: error,A failure occurred during configuration mode processing while settings were being applied to the connection.,"Take action based on the indicated error. Use the debug crypto ikev2 commands to determine the cause of the failure, or debug the indicated subsystem that is specified by the error, if necessary.",3,Error,75,vpn,ikev2
+%FTD-3-751013,751013,Failed to process Configuration Payload request for attribute attribute_id. Error: error,%FTD-3-751013: Failed to process Configuration Payload request for attribute attribute_id. Error: error,The Configuration Payload request failed to process and generate a Configuration Payload response for an attribute that was requested by the peer.,"A memory error, configuration error, or another type of error has occurred. Use the debug crypto ikev2 commands to help isolate the cause of the failure.",3,Error,75,vpn,ikev2
+%FTD-4-751014,751014,Warning Configuration Payload request for attribute attribute_id could not be processed. Error: error,%FTD-4-751014: Warning Configuration Payload request for attribute attribute_id could not be processed. Error: error,A warning occurred while processing a CP request to generate a CP response for a requested attribute.,"Take action based on the attribute indicated in the warning and the indicated warning message. For example, a newer client is being used with an older Secure Firewall Threat Defense image, which does not understand a new attribute that has been added to the client. An upgrade of the Secure Firewall Threat Defense image may be necessary to allow the attribute to be processed.",4,Warning,55,vpn,ikev2
+%FTD-4-751015,751015,SA request rejected by CAC. Reason: reason,%FTD-4-751015: SA request rejected by CAC. Reason: reason,None provided.,None provided.,4,Warning,45,vpn,ikev2
+%FTD-4-751016,751016,Remote L2L Peer initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!,%FTD-4-751016: Remote L2L Peer initiated a tunnel with same outer and inner addresses. Peer could be Originate Only - Possible misconfiguration!,The peer may be configured for originate-only connections based on the received outer and inner IP addresses for the tunnel.,Check the L2L peer configuration.,4,Warning,45,vpn,ikev2
+%FTD-3-751017,751017,Configuration Error: error_description.,%FTD-3-751017: Configuration Error: error_description.,An error in the configuration that prevented the connection has been detected.,Correct the configuration based on the indicated error.,3,Error,65,vpn,ikev2
+%FTD-3-751018,751018,Terminating the VPN connection attempt from attempted group.,%FTD-3-751018: Terminating the VPN connection attempt from attempted group.,The tunnel group over which the connection is attempted is not the same as the tunnel group set in the group lock.,Check the group-lock value in the group policy or the user attributes.,3,Error,65,vpn,ikev2
+%FTD-4-751019,751019,Failed to obtain an licenseType license. Maximum license limit limit exceeded.,%FTD-4-751019: Failed to obtain an licenseType license. Maximum license limit limit exceeded.,"A session creation failed because the maximum license limit was exceeded, which caused a failure to either initiate or respond to a tunnel request.","Make sure that enough licenses are available for all allowed users and/or obtain more licenses to allow the rejected connections. For multiple context mode, allow more licenses for the context that reported the failure, if necessary.",4,Warning,55,vpn,ikev2
+%FTD-3-751020,751020,Local:%A:%u Remote:%A:%u Username:%s An %s remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (%s) without an AnyConnect Premium license.,%FTD-3-751020: Local:%A:%u Remote:%A:%u Username:%s An %s remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (%s) without an AnyConnect Premium license.,An IKEv2 remote access tunnel could not be created because the AnyConnect Premium license was applied but explicitly disabled with the anyconnect-essentials command in the webvpn configuration mode.,Make sure that an AnyConnect Premium license is installed on the Secure Firewall Threat Defense device is configured in the remote access IKEv2 policies or IPsec proposals.,3,Error,75,vpn,ikev2
+%FTD-4-751021,751021,variable_1 variable_2 with variable_3 encryption is not supported with this version of the AnyConnect Client. Please upgrade to the latest Anyconnect Client.,%FTD-4-751021: variable_1 variable_2 with variable_3 encryption is not supported with this version of the AnyConnect Client. Please upgrade to the latest Anyconnect Client.,An out-of-date AnyConnect client tried to connect to an Secure Firewall Threat Defense device that has IKEv2 with AES-GCM encryption policy configured. enters a username),Upgrade the AnyConnect client to the latest version to use IKEv2 with AES-GCM encryption.,4,Warning,55,vpn,ikev2
+%FTD-3-751022,751022,Tunnel rejected: Crypto Map Policy not found for remote traffic selector rem-ts-start/rem-ts-end/rem-ts.startport/rem-ts.endport/rem-ts.protocol local traffic selector local-ts-start/local-ts-end/local-ts.startport/local-ts.endport/local-ts.protocol!,%FTD-3-751022: Tunnel rejected: Crypto Map Policy not found for remote traffic selector rem-ts-start/rem-ts-end/rem-ts.startport/rem-ts.endport/rem-ts.protocol local traffic selector local-ts-start/local-ts-end/local-ts.startport/local-ts.endport/local-ts.protocol!,The Secure Firewall Threat Defense device was not able to find security policy information for the private networks or hosts indicated in the message. These networks or hosts were sent by the initiator and do not match any crypto ACLs at the Secure Firewall Threat Defense device. This is most likely a misconfiguration.,None provided.,3,Error,65,vpn,ikev2
+%FTD-6-751023,751023,Unknown client connection.,%FTD-6-751023: Unknown client connection.,An unknown non-Cisco IKEv2 client has connected to the Secure Firewall Threat Defense device.,Upgrade to a Cisco-supported IKEv2 client.,6,Informational,25,vpn,ikev2
+%FTD-3-751024,751024,"IPv6 User Filter tempipv6 configured. This setting has been deprecated, terminating connection","%FTD-3-751024: IPv6 User Filter tempipv6 configured. This setting has been deprecated, terminating connection","The IPv6 VPN filter has been deprecated and if it is configured instead of a unified filter for IPv6 traffic access control, the connection will be terminated.",Configure a unified filter with IPv6 entries to control IPv6 traffic for the user.,3,Error,65,vpn,ikev2
+%FTD-5-751025,751025,Group:group-policy IPv4 Address=assigned_IPv4_addr IPv6 address=assigned_IPv6_addr assigned to session,%FTD-5-751025: Group:group-policy IPv4 Address=assigned_IPv4_addr IPv6 address=assigned_IPv6_addr assigned to session,This message displays the assigned IP address information for the AnyConnect IKEv2 connection of the specified user.,None required.,5,Notification,5,vpn,ikev2
+%FTD-6-751026,751026,Client OS: client-os Client: client-name client-version,%FTD-6-751026: Client OS: client-os Client: client-name client-version,The indicated user is attempting to connect with the shown operating system and client version.,None required.,6,Informational,5,vpn,ikev2
+%FTD-4-751027,751027,"Received INVALID_SELECTORS Notification. Peer received a packet (SPI= spi). The decapsulated inner packet didn't match the negotiated policy in the SA. Packet destination pkt_daddr, port pkt_dest_port, source pkt_saddr, port pkt_src_port, protocol pkt_prot.","%FTD-4-751027: Received INVALID_SELECTORS Notification. Peer received a packet (SPI= spi). The decapsulated inner packet didn't match the negotiated policy in the SA. Packet destination pkt_daddr, port pkt_dest_port, source pkt_saddr, port pkt_src_port, protocol pkt_prot.",A peer received a packet on an IPsec security association (SA) that did not match the negotiated traffic descriptors for that SA. The peer sent an INVALID_SELECTORS notification containing the SPI and packet data for the offending packet.,"Copy the error message, the configuration, and any details about the events leading up to this error, then submit them to Cisco TAC.",4,Warning,55,vpn,ikev2
+%FTD-2-752001,752001,Tunnel Manager received invalid parameter to remove record,%FTD-2-752001: Tunnel Manager received invalid parameter to remove record,A failure to remove a record from the tunnel manager that might prevent future tunnels to the same peer from initiating has occurred.,"Reloading the device will remove the record, but if the error persists or recurs, perform additional debugging of the specific tunnel attempt.",2,Critical,100,vpn,ikev2
+%FTD-7-752002,752002,Tunnel Manager Removed entry. Map Tag = mapTag . Map Sequence Number = mapSeq .,%FTD-7-752002: Tunnel Manager Removed entry. Map Tag = mapTag . Map Sequence Number = mapSeq .,An entry to initiate a tunnel was successfully removed.,None required.,7,Debugging,5,vpn,ikev2
+%FTD-5-752003,752003,Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2. Map Tag = mapTag . Map Sequence Number = mapSeq,%FTD-5-752003: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2. Map Tag = mapTag . Map Sequence Number = mapSeq,An attempt is being made to initiate an IKEv2 tunnel that was based on the crypto map indicated.,None required.,5,Notification,5,vpn,ikev2
+%FTD-5-752004,752004,Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = mapTag . Map Sequence Number = mapSeq,%FTD-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = mapTag . Map Sequence Number = mapSeq,An attempt is being made to initiate an IKEv1 tunnel that was based on the crypto map indicated.,None required.,5,Notification,5,vpn,ikev2
+%FTD-2-752005,752005,Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Memory may be low. Map Tag = mapTag . Map Sequence Number = mapSeq.,%FTD-2-752005: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Memory may be low. Map Tag = mapTag . Map Sequence Number = mapSeq.,"An attempt to dispatch a tunnel initiation attempt failed because of an internal error, such as a memory allocation failure.",Use the memory tracking tools and additional debugging to isolate the issue.,2,Critical,95,vpn,ikev2
+%FTD-3-752006,752006,"Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group. Map Tag = Tag . Map Sequence Number = num, SRC Addr: address port: port Dst Addr: address port: port .","%FTD-3-752006: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group. Map Tag = Tag . Map Sequence Number = num, SRC Addr: address port: port Dst Addr: address port: port .",An attempt to dispatch a tunnel initiation attempt failed because of a configuration error of the indicated crypto map or associated tunnel group.,Check the configuration of the tunnel group and crypto map indicated to make sure that it is complete.,3,Error,75,vpn,ikev2
+%FTD-3-752007,752007,Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Entry already in Tunnel Manager. Map Tag = mapTag . Map Sequence Number = mapSeq,%FTD-3-752007: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Entry already in Tunnel Manager. Map Tag = mapTag . Map Sequence Number = mapSeq,An attempt was made to re-add an existing entry into the tunnel manager.,"If the issue persists, make sure that the configuration of the peer will allow the tunnel, and debug further to make sure that the tunnel manager entries are being added and removed correctly during tunnel initiation and successful or failed initiation attempts. Debug IKE version 2 or IKE version 1 connections further, because they may still be in the process of creating the tunnel.",3,Error,75,vpn,ikev2
+%FTD-7-752008,752008,Duplicate entry already in Tunnel Manager,%FTD-7-752008: Duplicate entry already in Tunnel Manager,"A duplicate request to initiate a tunnel was made, and the tunnel manager is already attempting to initiate the tunnel.","None required. If the issue persists, either IKE version 1 or IKE version 2 may have attempted a tunnel initiation and not have timed out yet. Debug further using the applicable commands to make sure that the tunnel manager entry is removed after successful or failed initiation attempts.",7,Debugging,5,vpn,ikev2
+%FTD-4-752009,752009,IKEv2 Doesn't support Multiple Peers,%FTD-4-752009: IKEv2 Doesn't support Multiple Peers,"An attempt to initiate a tunnel with IKE version 2 failed because the crypto map is configured with multiple peers, which is not supported for IKE version 2. Only IKE version 1 supports multiple peers.",Check the configuration to make sure that multiple peers are not expected for IKE version 2 site-to-site initiation.,4,Warning,55,vpn,ikev2
+%FTD-4-752010,752010,IKEv2 Doesn't have a proposal specified,%FTD-4-752010: IKEv2 Doesn't have a proposal specified,No IPsec proposal was found to be able to initiate an IKE version 2 tunnel .,"Check the configuration, then configure an IKE version 2 proposal that can be used to initiate the tunnel, if necessary.",4,Warning,45,vpn,ikev2
+%FTD-4-752011,752011,IKEv1 Doesn't have a transform set specified,%FTD-4-752011: IKEv1 Doesn't have a transform set specified,No IKE version 1 transform set was found to be able to initiate an IKE version 2 tunnel.,"Check the configuration, then configure an IKE version 2 transform set that can be used to initiate the tunnel, if necessary.",4,Warning,45,vpn,ikev2
+%FTD-4-752012,752012,IKEv protocol was unsuccessful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .,%FTD-4-752012: IKEv protocol was unsuccessful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .,The indicated protocol failed to initiate a tunnel using the configured crypto map.,"Check the configuration, then debug further within the indicated protocol to determine the cause of the failed tunnel attempt.",4,Warning,55,vpn,ikev2
+%FTD-4-752013,752013,Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .,%FTD-4-752013: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .,The tunnel manager is attempting to initiate the tunnel again after it failed.,"Check the configuration, and make sure that the crypto maps are correctly configured. Then determine if the tunnel is successfully created on the second attempt.",4,Warning,55,vpn,ikev2
+%FTD-4-752014,752014,Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .,%FTD-4-752014: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1 after a failed attempt. Map Tag = mapTag . Map Sequence Number = mapSeq .,The tunnel manager is falling back and attempting to initiate the tunnel using IKE version 1 after the tunnel failed.,"Check the configuration, and make sure that the crypto maps are correctly configured. Then determine if the tunnel is successfully created on the second attempt.",4,Warning,55,vpn,ikev2
+%FTD-3-752015,752015,Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .,%FTD-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq .,An attempt to bring up an L2L tunnel to a peer failed after trying with all configured protocols.,"Check the configuration, and make sure that the crypto maps are correctly configured. Debug the individual protocols to isolate the cause of the failure.",3,Error,75,vpn,ikev2
+%FTD-5-752016,752016,IKEv protocol was successful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq.,%FTD-5-752016: IKEv protocol was successful at setting up a tunnel. Map Tag = mapTag . Map Sequence Number = mapSeq.,The indicated protocol (IKE version 1 or IKE version 2) successfully created an L2L tunnel.,None required.,5,Notification,5,vpn,ikev2
+%FTD-4-752017,752017,"IKEv2 Backup L2L tunnel initiation denied on interface interface matching crypto map name, sequence number number . Unsupported configuration.","%FTD-4-752017: IKEv2 Backup L2L tunnel initiation denied on interface interface matching crypto map name, sequence number number . Unsupported configuration.",The Secure Firewall Threat Defense device uses IKEv1 to initiate the connection because IKEv2 does not support the backup L2L feature.,None required if IKEv1 is enabled. You must enable IKEv1 to use the backup L2L feature.,4,Warning,65,vpn,ikev2
+%FTD-4-753001,753001,Unexpected IKEv2 packet received from ip_address:port. Error: reason,%FTD-4-753001: Unexpected IKEv2 packet received from ip_address:port. Error: reason,This syslog is generated when an IKEv2 packet is received when the cluster is operating in Distributed VPN clustering mode and fails early consistency and/or error checks performed on it in the datapath. Expired SPI received.,None required if IKEv1 is enabled. You must enable IKEv1 to use the backup L2L feature.,4,Warning,5,vpn,ikev2
+%FTD-6-767001,767001,Inspect-name : Dropping an unsupported IPv6/IP46/IP64 packet from interface :IP Addr to interface :IP Addr (fail-close),%FTD-6-767001: Inspect-name : Dropping an unsupported IPv6/IP46/IP64 packet from interface :IP Addr to interface :IP Addr (fail-close),"A fail-close option was set for a service policy, and a particular inspect received an IPv6, IP64, or IP46 packet. Based on the fail-close option setting, this syslog message is generated and the packet is dropped.",None required.,6,Informational,35,access_control,inspection
+%FTD-3-768001,768001,"QUOTA: resource utilization is high: requested req, current curr, warning level level","%FTD-3-768001: QUOTA: resource utilization is high: requested req, current curr, warning level level","A system resource allocation level has reached its warning threshold. In the case of a management session, the resource is simultaneous administrative sessions.",None required.,3,Error,5,system,resource
+%FTD-3-768002,768002,"QUOTA: resource quota exceeded: requested req, current curr, limit limit","%FTD-3-768002: QUOTA: resource quota exceeded: requested req, current curr, limit limit","A request for a system resource would have exceeded its configured limit and was denied. In the case of a management session, the maximum number of simultaneous administrative sessions on the system has been reached.",None required.,3,Error,95,system,resource
+%FTD-3-768003,768003,"QUOTA: management_session quota exceeded for user user_name: current 3,user limit 3","%FTD-3-768003: QUOTA: management_session quota exceeded for user user_name: current 3,user limit 3",The current management session exceeded the configured limits for the user.,None required.,3,Error,5,system,resource
+%FTD-3-768004,768004,"QUOTA: management_session quota exceeded for ssh/telnet/http protocol: current 2, protocol limit 2","%FTD-3-768004: QUOTA: management_session quota exceeded for ssh/telnet/http protocol: current 2, protocol limit 2","The maximum number of management sessions for the protocol - ssh, telnet, or http exceeded the configured limit.",None provided.,3,Error,75,system,resource
+%FTD-5-769001,769001,UPDATE: ASA image 'src' was added to system boot list,%FTD-5-769001: UPDATE: ASA image 'src' was added to system boot list,The system image has been updated. The name of a file previously downloaded onto the system has been added to the system boot list.,None required.,5,Notification,5,system,update
+%FTD-5-769002,769002,UPDATE: ASA image 'src' was copied to 'dest',%FTD-5-769002: UPDATE: ASA image 'src' was copied to 'dest',The system image has been updated. An image file has been copied onto the system.,None required.,5,Notification,5,system,update
+%FTD-5-769003,769003,UPDATE: ASA image 'src' was renamed to 'dest',%FTD-5-769003: UPDATE: ASA image 'src' was renamed to 'dest',The system image has been updated. An existing image file has been renamed to an image file name in the system boot list.,None required.,5,Notification,5,system,update
+%FTD-2-769004,769004,"UPDATE: ASA image 'src_file' failed verification, reason: failure_reason","%FTD-2-769004: UPDATE: ASA image 'src_file' failed verification, reason: failure_reason",The image failed verification from either the copy command or verify command.,"Possible failure reasons are: insufficient system memory, no image found in file, checksum failed, signature not found in file, signature invalid, signature algorithm not supported, signature processing issue",2,Critical,100,system,update
+%FTD-5-769005,769005,UPDATE: ASA image 'image_name' passed verification,%FTD-5-769005: UPDATE: ASA image 'image_name' passed verification,None provided.,None provided.,5,Notification,25,system,update
+%FTD-3-769006,769006,UPDATE: ASA boot system image 'image_name' was not found on disk,%FTD-3-769006: UPDATE: ASA boot system image 'image_name' was not found on disk,This is an error message indicating that the file configured in the boot system list could not be located on disk.,"If the device fails to boot, change the boot system command to point to a valid file or install the missing file to the disk before rebooting the device.",3,Error,65,system,update
+%FTD-6-769007,769007,UPDATE: Image version is version_number,%FTD-6-769007: UPDATE: Image version is version_number,This message appears when the device is upgraded.,None required.,6,Informational,5,system,update
+%FTD-4-769009,769009,UPDATE: Image booted image_name is different from boot images,%FTD-4-769009: UPDATE: Image booted image_name is different from boot images,This is an error message appears after upgrading the device indicating that the file configured is different from the existing list of boot images.,None required.,4,Warning,5,system,update
+%FTD-4-770001,770001,"Resource resource allocation is more than the permitted limit of limit. If this condition persists, the ASA will be rebooted","%FTD-4-770001: Resource resource allocation is more than the permitted limit of limit. If this condition persists, the ASA will be rebooted",The CPU or memory resource allocation for the Secure Firewall Threat Defense virtual machine has exceeded the allowed limit for this platform. This condition does not occur unless the setting for the Secure Firewall Threat Defense virtual machine has been changed from that specified in the software downloaded from Cisco.com.,"To continue Secure Firewall Threat Defense operation, change the CPU or memory resource allocation of the virtual machine to what was specified with the software downloaded from Cisco.com.",4,Warning,55,system,resource
+%FTD-1-770002,770002,"Resource resource allocation is more than the permitted limit of limit, Device will be rebooted","%FTD-1-770002: Resource resource allocation is more than the permitted limit of limit, Device will be rebooted",The CPU or memory resource allocation for the Secure Firewall Threat Defense virtual machine has exceeded the allowed limit for this platform. This condition does not occur unless the setting for the Secure Firewall Threat Defense virtual machine has been changed from that specified in the software downloaded from Cisco.com. The Secure Firewall Threat Defense device will continue to reboot if the resource allocation is not changed.,Change the CPU or memory reosurce allocation to the virtual machine to what was specified with the software downloaded from Cisco.com.,1,Alert,85,system,resource
+%FTD-4-770003,770003,Resource resource allocation is less than the minimum requirement of value.,%FTD-4-770003: Resource resource allocation is less than the minimum requirement of value.,"The CPU or memory resource allocation to the Secure Firewall Threat Defense virtual machine is less than the minimum requirement for this platform. If this condition persists, performance will be lower than normal.","To continue Secure Firewall Threat Defense operation, change the CPU or memory reosurce allocation of the virtual machine to what was specified with the software downloaded from Cisco.",4,Warning,45,system,resource
+%FTD-3-771003,771003,"CLOCK: Hardware clock UIP bit is set to 1, for duration secs, start time duration secs, end time duration secs. Read clock time from linux system clock","%FTD-3-771003: CLOCK: Hardware clock UIP bit is set to 1, for duration secs, start time duration secs, end time duration secs. Read clock time from linux system clock",Rate-limited.,None required.,3,Error,5,system,hardware
+%FTD-3-772002,772002,"PASSWORD: console login warning, user username, cause: password expired","%FTD-3-772002: PASSWORD: console login warning, user username, cause: password expired","A user logged into the system console with an expired password, which is permitted to avoid system lockout.",The user should change the login password.,3,Error,65,authentication,password
+%FTD-2-772003,772003,"PASSWORD: session login failed, user username, IP ip, cause: password expired","%FTD-2-772003: PASSWORD: session login failed, user username, IP ip, cause: password expired",A user logged tried to log into the system with an expired password and was denied access.,None provided.,2,Critical,100,authentication,password
+%FTD-3-772004,772004,"PASSWORD: session login failed, user username, IP ip, cause: password expired","%FTD-3-772004: PASSWORD: session login failed, user username, IP ip, cause: password expired",A user logged tried to log into the system with an expired password and was denied access.,"If the user has authorized access, an administrator must change the password for the user. Unauthorized access attempts should trigger an appropriate response, for example. traffic from that IP address can be blocked.",3,Error,95,authentication,password
+%FTD-6-772005,772005,REAUTH: user 'username' passed authentication,%FTD-6-772005: REAUTH: user 'username' passed authentication,The user authenticated successfully after changing the password.,None required.,6,Informational,5,authentication,password
+%FTD-2-772006,772006,REAUTH: user 'username' failed authentication,%FTD-2-772006: REAUTH: user 'username' failed authentication,"The user entered the wrong password while trying to change it. As a result, the password was not changed.",The user should retry changing the password using the change-password command.,2,Critical,95,authentication,password
+%FTD-2-774001,774001,POST: unspecified error,%FTD-2-774001: POST: unspecified error,The crypto service provider failed the power on self-test.,Contact the Cisco TAC.,2,Critical,95,system,crypto
+%FTD-2-774002,774002,"POST: error 'err', func 'func', engine eng, algorithm alg, mode mode, dir dir, key len len","%FTD-2-774002: POST: error 'err', func 'func', engine eng, algorithm alg, mode mode, dir dir, key len len","The crypto service provider failed the power on self-test. SHA1, SHA256, SHA386, SHA512, HMAC-MD5, HMAC-SHA1, HMAC-SHA2, or AES-XCBC stateless-RC4",Contact the Cisco TAC.,2,Critical,95,system,crypto
+%FTD-6-776251,776251,CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name added to binding manager.,%FTD-6-776251: CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name added to binding manager.,Binding from the specified source was added to the binding manager. (SGT ) and the following format if SGname is unavailable: SGT.,None required.,6,Informational,5,access_control,trustsec
+%FTD-5-776252,776252,CTS SGT-MAP: CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name deleted from binding manager.,%FTD-5-776252: CTS SGT-MAP: CTS SGT-MAP: Binding binding IP - SGname (SGT ) from source name deleted from binding manager.,Binding from the specified source was deleted from the binding manager. Binding from the specified source was added to the binding manager. (SGT ) and the following format if SGname is unavailable: SGT.,None required.,5,Notification,5,access_control,trustsec
+%FTD-6-776253,776253,CTS SGT-MAP: Binding binding IP - new SGname (SGT ) from new source name changed from old sgt: old SGname (SGT ) from old source old source name .,%FTD-6-776253: CTS SGT-MAP: Binding binding IP - new SGname (SGT ) from new source name changed from old sgt: old SGname (SGT ) from old source old source name .,None provided.,None provided.,6,Informational,15,access_control,trustsec
+%FTD-3-776254,776254,CTS SGT-MAP: Binding manager unable to action binding binding IP - SGname (SGT ) from source name.,%FTD-3-776254: CTS SGT-MAP: Binding manager unable to action binding binding IP - SGname (SGT ) from source name.,"The binding manager cannot insert, delete, or update the binding (SGT ) and the following format if SGname is unavailable: SGT.",Contact the Cisco TAC for assistance.,3,Error,75,access_control,trustsec
+%FTD-6-778001,778001,VXLAN: Packet was discarded with invalid segment-id segment_id for protocol from ifc_name:ip_address/port to ip_address/port,%FTD-6-778001: VXLAN: Packet was discarded with invalid segment-id segment_id for protocol from ifc_name:ip_address/port to ip_address/port,"The Secure Firewall Threat Defense device tries to create an inner connection for a VXLAN packet, but the VXLAN packet has an invalid segment ID.",None required.,6,Informational,5,network,vxlan
+%FTD-6-778002,778002,VXLAN: There is no VNI interface for segment-id. Packet was discarded segment_id,%FTD-6-778002: VXLAN: There is no VNI interface for segment-id. Packet was discarded segment_id,"A decapsulated ingress VXLAN packet is discarded, because the segment ID in the VXLAN header does not match the segment ID of any VNI interface configured on the Secure Firewall Threat Defense device.",None required.,6,Informational,5,network,vxlan
+%FTD-6-778003,778003,VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.,%FTD-6-778003: VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.,The Secure Firewall Threat Defense Fast Path sees a VXLAN packet with an invalid segment ID.,Check the VNI interface segment ID configurations to see if the dropped packet has the VXLAN segment ID that does not match any VNI segment ID configuration.,6,Informational,45,network,vxlan
+%FTD-6-778004,778004,VXLAN: Invalid VXLAN header for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.,%FTD-6-778004: VXLAN: Invalid VXLAN header for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.,The Secure Firewall Threat Defense VTEP sees a VXLAN packet with an invalid VXLAN header.,None required.,6,Informational,5,network,vxlan
+%FTD-6-778005,778005,VXLAN: Packet with VXLAN segment-id segment-id from ifc-name is denied by FP L2 check.,%FTD-6-778005: VXLAN: Packet with VXLAN segment-id segment-id from ifc-name is denied by FP L2 check.,A VXLAN packet is denied by a Fast Path L2 check.,Check the VNI interface segment ID configurations to see if the dropped packet has the VXLAN segment ID that does not match any VNI segment ID configuration. Check to see if the STS table has an entry that matches the dropped packet’s segment ID.,6,Informational,35,network,vxlan
+%FTD-6-778006,778006,VXLAN: Invalid VXLAN UDP checksum from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.,%FTD-6-778006: VXLAN: Invalid VXLAN UDP checksum from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.,The Secure Firewall Threat Defense VTEP received a VXLAN packet with an invalid UDP checksum value.,None required.,6,Informational,5,network,vxlan
+%FTD-6-778007,778007,VXLAN: Packet from ifc-name :IP-address/port to IP-address/port was discarded due to invalid NVE peer.,%FTD-6-778007: VXLAN: Packet from ifc-name :IP-address/port to IP-address/port was discarded due to invalid NVE peer.,The Secure Firewall Threat Defense VTEP received a VXLAN packet from an IP address that is different from the configured NVE peer.,None required.,6,Informational,5,network,vxlan
+%FTD-6-778008,778008,VXLAN: There is no VNI interface for segment-id. Packet was discarded,%FTD-6-778008: VXLAN: There is no VNI interface for segment-id. Packet was discarded,The packet was discarded.,None required.,6,Informational,5,network,vxlan
+%FTD-6-779001,779001,STS: Out-tag lookup failed for in-tag segment-id of protocol from ifc-name :IP-address /port to IP-address /port .,%FTD-6-779001: STS: Out-tag lookup failed for in-tag segment-id of protocol from ifc-name :IP-address /port to IP-address /port .,"The Secure Firewall Threat Defense device tries to create a connection for a VXLAN packet, but failed to use the STS lookup table to locate the out-tag for the in-tag (segment ID) in the VXLAN packet.",None required.,6,Informational,5,network,tag_switching
+%FTD-6-779002,779002,"STS: STS and NAT locate different egress interface for segment-id segment-id, protocol from ifc-name:IP-address/port to IP-address/port. Packet was discarded","%FTD-6-779002: STS: STS and NAT locate different egress interface for segment-id segment-id, protocol from ifc-name:IP-address/port to IP-address/port. Packet was discarded","The Secure Firewall Threat Defense device tries to create a connection for a VXLAN packet, but the STS lookup table and NAT policy locate a different egress interface.",None required.,6,Informational,5,network,tag_switching
+%FTD-3-779003,779003,STS: Failed to read tag-switching table - reason,%FTD-3-779003: STS: Failed to read tag-switching table - reason,"The Secure Firewall Threat Defense device tried to read the tag-switching table, but failed.",None required.,3,Error,5,network,tag_switching
+%FTD-3-779004,779004,STS: Failed to write tag-switching table - reason,%FTD-3-779004: STS: Failed to write tag-switching table - reason,"The Secure Firewall Threat Defense device tried to write to the tag-switching table, but failed.",None required.,3,Error,5,network,tag_switching
+%FTD-3-779005,779005,STS: Failed to parse tag-switching request from http - reason,%FTD-3-779005: STS: Failed to parse tag-switching request from http - reason,"The Secure Firewall Threat Defense device tried to parse the HTTP request to see what to do on the tag-switching table, but failed.",None required.,3,Error,5,network,tag_switching
+%FTD-3-779006,779006,STS: Failed to save tag-switching table to flash - reason,%FTD-3-779006: STS: Failed to save tag-switching table to flash - reason,"The Secure Firewall Threat Defense device tried to save the tag-switching table to flash memory, but failed.",None required.,3,Error,5,network,tag_switching
+%FTD-3-779007,779007,STS: Failed to replicate tag-switching table to peer - reason,%FTD-3-779007: STS: Failed to replicate tag-switching table to peer - reason,"The Secure Firewall Threat Defense device attempts to replicate the tag-switching table to the failover standby unit or clustering data units, but failed to do so.",None required.,3,Error,5,network,tag_switching
+%FTD-6-780001,780001,RULE ENGINE: Started compilation for access-group transaction - description of the transaction.,%FTD-6-780001: RULE ENGINE: Started compilation for access-group transaction - description of the transaction.,The rule engine has started compilation for an access group transaction. The description of the transaction is the command line input of the access group itself.,None required.,6,Informational,5,access_control,tre
+%FTD-6-780002,780002,RULE ENGINE: Finished compilation for access-group transaction - description of the transaction.,%FTD-6-780002: RULE ENGINE: Finished compilation for access-group transaction - description of the transaction.,"The rule engine has finished compilation for a transaction. Taking access group as an example, the description of the transaction is the command line input of the access group itself.",None required.,6,Informational,5,access_control,tre
+%FTD-6-780003,780003,RULE ENGINE: Started compilation for nat transaction - description_of_the_transaction.,%FTD-6-780003: RULE ENGINE: Started compilation for nat transaction - description_of_the_transaction.,The rule engine has started compilation for a NAT transaction. The description of the transaction is the command line input of the nat command itself.,None required.,6,Informational,5,access_control,tre
+%FTD-6-780004,780004,RULE ENGINE: Finished compilation for nat transaction - description_of_the_transaction.,%FTD-6-780004: RULE ENGINE: Finished compilation for nat transaction - description_of_the_transaction.,The rule engine has finished compilation for a NAT transaction. The description of the transaction is the command line input of the nat command itself.,None required.,6,Informational,5,access_control,tre
+%FTD-6-780005,780005,RULE ENGINE: Started compilation for session transaction - description_of_the_transaction.,%FTD-6-780005: RULE ENGINE: Started compilation for session transaction - description_of_the_transaction.,None provided.,None provided.,6,Informational,15,access_control,tre
+%FTD-6-780006,780006,RULE ENGINE: Finished compilation for session transaction - description_of_the_transaction.,%FTD-6-780006: RULE ENGINE: Finished compilation for session transaction - description_of_the_transaction.,The rule engine has completed compilation for the transaction. This message is generated only when transactional commit is enabled.,None required.,6,Informational,5,access_control,tre
+%FTD-7-785001,785001,Clustering: Ownership for existing flow from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port moved from unit old-owner-unit-id at site old-site-id to unit new-owner-unit-id at site old-site-id due to reason,%FTD-7-785001: Clustering: Ownership for existing flow from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port moved from unit old-owner-unit-id at site old-site-id to unit new-owner-unit-id at site old-site-id due to reason,"This syslog is generated when clustering moved the flow from one unit in one site to another unit in another site in inter-DC environment. Reason must be whatever triggered the move, such as LISP notification.",Verify the flow status in the new unit at new site.,7,Debugging,15,system,cluster
+%FTD-6-801001,801001,Dropping UDP from address/port to address/port on interface interface_name.,%FTD-6-801001: Dropping UDP from address/port to address/port on interface interface_name.,Dropping UDP.,None required.,6,Informational,35,access_control,packet_filter
+%FTD-6-801002,801002,Dropping TCP from address/port to address/port flags on interface interface_name,%FTD-6-801002: Dropping TCP from address/port to address/port flags on interface interface_name,Dropping TCP.,None required.,6,Informational,35,access_control,packet_filter
+%FTD-6-801003,801003,"Dropping ICMP type=number, code=code from address to address on interface interface_name","%FTD-6-801003: Dropping ICMP type=number, code=code from address to address on interface interface_name",Dropping ICMP.,None required.,6,Informational,35,access_control,packet_filter
+%FTD-6-803001,803001,"bypass is continuing after power up, no protection will be provided by the system for traffic over Interface","%FTD-6-803001: bypass is continuing after power up, no protection will be provided by the system for traffic over Interface",Informational message to the user that the hardware bypass will be continued after bootup. Informational message to the user that the hardware bypass will be continued after bootup.,None required. None required.,6,Informational,5,system,hardware_bypass
+%FTD-6-803002,803002,no protection will be provided by the system for traffic over Interface,%FTD-6-803002: no protection will be provided by the system for traffic over Interface,Informational message to the user that hardware bypass is manually enabled. Informational message to the user that hardware bypass is manually enabled.,None required. None required.,6,Informational,5,system,hardware_bypass
+%FTD-6-803003,803003,User disabled bypass manually on Interface,%FTD-6-803003: User disabled bypass manually on Interface,Informational message to the user that hardware bypass is manually disabled. Informational message to the user that hardware bypass is manually disabled.,None required. None required.,6,Informational,5,system,hardware_bypass
+%FTD-6-804001,804001,Interface GigabitEthernet1/3 1000BaseSX SFP has been inserted,%FTD-6-804001: Interface GigabitEthernet1/3 1000BaseSX SFP has been inserted,Informational message to the user about the online insertion of the supported SFP module.,None required.,6,Informational,5,system,hardware
+%FTD-6-804002,804002,Interface GigabitEthernet1/3 SFP has been removed,%FTD-6-804002: Interface GigabitEthernet1/3 SFP has been removed,Informational message to the user about removal of the supported SFP module.,None required.,6,Informational,5,system,hardware
+%FTD-6-805001,805001,Offloaded conn Flow for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port),%FTD-6-805001: Offloaded conn Flow for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port),Indicates flow is offloaded to the super-fast path.,None required.,6,Informational,5,network,flow
+%FTD-6-805002,805002,conn Flow is no longer offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port),%FTD-6-805002: conn Flow is no longer offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port),Indicates flow offloading is disabled on a flow which was offloaded to the super-fast path.,None required.,6,Informational,5,network,flow
+%FTD-6-805003,805003,TCP Flow could not be offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port) reason,%FTD-6-805003: TCP Flow could not be offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port) reason,"Indicates flow could not be offloaded. For example, due to flow entry collision on the offload flow table.",None required.,6,Informational,5,network,flow
+%FTD-6-806001,806001,Primary alarm CPU temperature is High temp,%FTD-6-806001: Primary alarm CPU temperature is High temp,The CPU has reached temperature over primary alarm temperature setting for high temperature and such alarm is enabled.,None provided.,6,Informational,15,system,environment
+%FTD-6-806002,806002,Primary alarm for CPU high temperature is cleared,%FTD-6-806002: Primary alarm for CPU high temperature is cleared,The CPU temperature goes down to under primary alarm temperature setting for high temperature.,None required.,6,Informational,5,system,environment
+%FTD-6-806003,806003,Primary alarm CPU temperature is Low temp,%FTD-6-806003: Primary alarm CPU temperature is Low temp,The CPU has reached temperature under primary alarm temperature setting for low temperature and such alarm is enabled.,Contact Administrator who configured this alarm on following actions.,6,Informational,15,system,environment
+%FTD-6-806004,806004,Primary alarm for CPU Low temperature is cleared,%FTD-6-806004: Primary alarm for CPU Low temperature is cleared,The CPU temperature goes up to over primary alarm temperature setting for low temperature.,None required.,6,Informational,5,system,environment
+%FTD-6-806005,806005,Secondary alarm CPU temperature is High temp,%FTD-6-806005: Secondary alarm CPU temperature is High temp,The CPU has reached temperature over secondary alarm temperature setting for high temperature and such alarm is enabled.,Contact Administrator who configured this alarm on following actions.,6,Informational,15,system,environment
+%FTD-6-806006,806006,Secondary alarm for CPU High temperature is cleared,%FTD-6-806006: Secondary alarm for CPU High temperature is cleared,The CPU temperature goes down to under secondary alarm temperature setting for high temperature.,None required.,6,Informational,5,system,environment
+%FTD-6-806007,806007,Secondary alarm CPU temperature is Low temp,%FTD-6-806007: Secondary alarm CPU temperature is Low temp,The CPU has reached temperature under secondary alarm temperature setting for low temperature and such alarm is enabled.,Contact Administrator who configured this alarm on following actions.,6,Informational,15,system,environment
+%FTD-6-806008,806008,Secondary alarm for CPU Low temperature is cleared,%FTD-6-806008: Secondary alarm for CPU Low temperature is cleared,The CPU temperature goes up to over secondary alarm temperature setting for low temperature.,None required.,6,Informational,5,system,environment
+%FTD-6-806009,806009,Alarm asserted for ALARM_IN_1 description,%FTD-6-806009: Alarm asserted for ALARM_IN_1 description,Alarm input port 1 is triggered.,Contact Administrator who configured this alarm on following actions.,6,Informational,15,system,environment
+%FTD-6-806010,806010,Alarm cleared for ALARM_IN_1 description,%FTD-6-806010: Alarm cleared for ALARM_IN_1 description,Alarm input port 1 is cleared.,None required.,6,Informational,5,system,environment
+%FTD-6-806011,806011,Alarm asserted for ALARM_IN_2 description,%FTD-6-806011: Alarm asserted for ALARM_IN_2 description,Alarm input port 2 is triggered.,Contact Administrator who configured this alarm on following actions.,6,Informational,15,system,environment
+%FTD-6-806012,806012,Alarm cleared for ALARM_IN_2 description,%FTD-6-806012: Alarm cleared for ALARM_IN_2 description,None provided.,None provided.,6,Informational,15,system,environment
+%FTD-4-812005,812005,Link-State-Propagation activated on inline-pair due to failure of interface interface-name bringing down pair interface interface-name,%FTD-4-812005: Link-State-Propagation activated on inline-pair due to failure of interface interface-name bringing down pair interface interface-name,This message is generated when the link state propagation is activated on the inline pair due to failure of an interface.,None.,4,Warning,55,system,hardware_bypass
+%FTD-4-812006,812006,Link-State-Propagation de-activated on inline-pair due to recovery of interface interface-name bringing up pair interface interface-name,%FTD-4-812006: Link-State-Propagation de-activated on inline-pair due to recovery of interface interface-name bringing up pair interface interface-name,This message is generated when the link state propagation is deactivated on the inline pair due to recovery of failed interface.,None.,4,Warning,55,system,hardware_bypass
+%FTD-6-812007,812007,Inline-set hardware-bypass mode configuration status,%FTD-6-812007: Inline-set hardware-bypass mode configuration status,This message is generated when the state (succeeded or failed) of hardware and software bypass modes for the IPS inline interfaces changes.,None.,6,Informational,25,system,hardware_bypass
+%FTD-2-815002,815002,"Denied packet, hard limit, hard_limit_value, for object-group search exceeded for UDP from source:source_IP_address/port to destination:destination_IP_address/port","%FTD-2-815002: Denied packet, hard limit, hard_limit_value, for object-group search exceeded for UDP from source:source_IP_address/port to destination:destination_IP_address/port","When object-group-search threshold (by default threshold is 10K) is configured in FTD, and if any OGS search crosses 10k limit, packets are dropped and this message is generated.",None.,2,Critical,100,access_control,packet_filter
+%FTD-4-815003,815003,Object-Group-Search threshold exceeded current value threshold (10000) for packet UDP from source IP address/port to destination IP address/port,%FTD-4-815003: Object-Group-Search threshold exceeded current value threshold (10000) for packet UDP from source IP address/port to destination IP address/port,"When object-group-search threshold is not configured in FTD, and if any OGS search crosses 10000 limit, packets are dropped and this message is generated.",None provided.,4,Warning,75,network,nat
+%FTD-7-815004,815004,OGS: Packet protocol from source IP address/port to destination IP address/port matched number of source network objects source network objects and number of source network objects destination network objects total search entries total number of entries. Resultant key-set has number of entries entries,%FTD-7-815004: OGS: Packet protocol from source IP address/port to destination IP address/port matched number of source network objects source network objects and number of source network objects destination network objects total search entries total number of entries. Resultant key-set has number of entries entries,This message is generated to provide a detailed information on the object group search entries:,None.,7,Debugging,5,system,general
+%FTD-3-840001,840001,"Failed to create the backup for an IKEv2 session (Local:Local_IP:Local_port SPI:index, Remote:Remote_IP:Remote_port SPI:index)","%FTD-3-840001: Failed to create the backup for an IKEv2 session (Local:Local_IP:Local_port SPI:index, Remote:Remote_IP:Remote_port SPI:index)","In the high-availability setup of distributed site-to-site VPN, an attempt to create a backup session is made when a IKEv2 session is established or when the cluster membership changes. However, the attempt may fail for reasons such as capacity limit. Hence this message is generated on the unit of a session owner whenever it is notified of failing to create a backup.",None.,3,Error,75,vpn,ikev2
+%FTD-3-850001,850001,SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to delay of <delay>ms (threshold <AAB-threshold>ms) with <connection-info>,%FTD-3-850001: SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to delay of <delay>ms (threshold <AAB-threshold>ms) with <connection-info>,The Automatic-Application-Bypass (AAB) event is triggered due to packet delay exceeding the AAB threshold.,"Collect troubleshoot archive, snort core files and contact Cisco TAC.",3,Error,65,system,hardware_bypass
+%FTD-3-850002,850002,SNORT ID (snort-instance-id/snort-process-id) Automatic-Application-Bypass due to SNORT not responding to traffic for timeout-delayms (threshold AAB-thresholdms),%FTD-3-850002: SNORT ID (snort-instance-id/snort-process-id) Automatic-Application-Bypass due to SNORT not responding to traffic for timeout-delayms (threshold AAB-thresholdms),The Automatic-Application-Bypass (AAB) event is triggered due to SNORT not responding to traffics for a period exceeding the AAB threshold.,"Collect troubleshoot archive, snort core files and contact Cisco TAC.",3,Error,75,system,hardware_bypass
+%FTD-6-852001,852001,Received Lightweight to Full Proxy event from application Snort for TCP flow ip-address/port to ip-address/port,%FTD-6-852001: Received Lightweight to Full Proxy event from application Snort for TCP flow ip-address/port to ip-address/port,"This message appears when Snort decides to inspect payload of TCP based upon the matching policy of connection, for example, SSL policy.",None required.,6,Informational,5,network,session
+%FTD-6-852002,852002,Received Full Proxy to Lightweight event from application Snort for TCP flow ip-address/port to ip-address/port,%FTD-6-852002: Received Full Proxy to Lightweight event from application Snort for TCP flow ip-address/port to ip-address/port,"This message appears when Snort is no longer interested to inspect payload of TCP based upon the matching policy of connection, for example, SSL policy DND.",None required.,6,Informational,5,network,session
+%FTD-4-870001,870001,"policy-route path-monitoring, remote peer interface_name:IP_Address reachable_status","%FTD-4-870001: policy-route path-monitoring, remote peer interface_name:IP_Address reachable_status",This message appears to display whether the interface on the policy based route identified through path monitoring is reacheable or not:,None required.,4,Warning,5,network,interfaces
+%FTD-6-880001,880001,"Ingress ifc Ingress_interface, For traffic [source_ipaddress->destination_ipaddress], PBR picked outside_interface_1 as its metric-type metrics became better than outside_interface_2","%FTD-6-880001: Ingress ifc Ingress_interface, For traffic [source_ipaddress->destination_ipaddress], PBR picked outside_interface_1 as its metric-type metrics became better than outside_interface_2","This message is generated whenever the interface chosen is different from previous while forwarding the traffic. Where, metric-types are jitter, cost, mos, packet loss, rtt.",None.,6,Informational,15,network,interfaces
+%FTD-4-880002,880002,Internal-Data no-buffer counter stats: <counter stats>,%FTD-4-880002: Internal-Data no-buffer counter stats: <counter stats>,"The firewall monitors the Internal-Data 'no buffer' counters every one minute. This message is generated whenever there is an increase in the 'no buffer' counters. Following are the counter stats details: both Internal-Data interfaces) both Internal-Data interfaces) Internal-Data interfaces) Internal-Data interfaces) Example %FTD-4-880002: Internal-Data no-buffer counter stats: 57423,51396,6027, 1126,0,1126",None.,4,Warning,45,system,general
+%FTD-6-8300001,8300001,VPN session redistribution <variable 1>,%FTD-6-8300001: VPN session redistribution <variable 1>,"These events notify the administrator that the operation related to ‘cluster redistribute vpn-sessiondb’ has started or completed. Where,",None.,6,Informational,15,system,cluster
+%FTD-6-8300002,8300002,Moved <variable 1> sessions to <variable 2>,%FTD-6-8300002: Moved <variable 1> sessions to <variable 2>,Provides details on how many active sessions were moved to another member of the cluster.,None.,6,Informational,15,system,cluster
+%FTD-3-8300003,8300003,Failed to send session redistribution message to <variable 1>,%FTD-3-8300003: Failed to send session redistribution message to <variable 1>,There was an error sending a request to another cluster member. This could be due to an internal error or the cluster member the message was destined for is not available.,If this message is persistent contact customer support.,3,Error,75,system,cluster
+%FTD-6-8300004,8300004,<variable 1> request to move <variable 2> sessions from <variable 3> to <variable 4>,%FTD-6-8300004: <variable 1> request to move <variable 2> sessions from <variable 3> to <variable 4>,This event is displayed when a member receives a request from the director to move a specific number of active sessions to another member in the group.,None.,6,Informational,15,system,cluster
+%FTD-3-8300005,8300005,Failed to receive session move response from <variable 1>,%FTD-3-8300005: Failed to receive session move response from <variable 1>,"The director has requested a member to move active sessions to another member. If the director has not received a response to this request within a defined period, it will display this event and terminate the redistribution process.","Re-issue the ‘’cluster redistribute vpn-sessiondb” and if the problem persists, contact support.",3,Error,75,system,cluster
+%FTD-5-8300006,8300006,Cluster topology change detected. VPN session redistribution aborted.,%FTD-5-8300006: Cluster topology change detected. VPN session redistribution aborted.,"The VPN session redistribution move calculations are based on the active members at the time the process is started. If a member joins or leaves during this process, the director will terminate the session redistribution.",Retry the operation when all of the members have joined or left the group.,5,Notification,25,system,cluster
diff --git a/cisco_ftd/resource/cisco_ftd_syslog_messages.meta b/cisco_ftd/resource/cisco_ftd_syslog_messages.meta
new file mode 100644
index 00000000..085bd5e7
--- /dev/null
+++ b/cisco_ftd/resource/cisco_ftd_syslog_messages.meta
@@ -0,0 +1,12 @@
+{
+	"VersionNumber": 1,
+	"ResourceName": "cisco_ftd_syslog_messages",
+	"Description": "This is intended to be used as a lookup file providing additional information regarding all Cisco Firewall Threat Defense (FTD) SysLog Messages. It is used within the Cisco FTD Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.\n\nfields:\ncisco_id,msg_id,description,error_msg,explanation,recommended_action,sev_id,severity,risk_score\n  - cisco_id: this is the full Cisco Syslog Message ID (e.g. %FTD-1-101001) which breaks out into %{Cisco Firewall Appliance}-{Cisco Assigned Severity}-{Cisco Message ID}\n  - msg_id: this is the Cisco Syslog Message ID which is part of the full Cisco Syslog Message ID\n  - description: this is the short description of the Cisco Syslog message often seen on the Cisco firewall appliance itself\n  - error_msg: this is the full Cisco Message compromised of {cisco_id}: {description}\n  - explanation: this is a more detailed explanation of the Cisco Syslog Message\n  - recommended_action: this is the Cisco Recommended Action provided within their documentation\n  - sev_id: this the Cisco assigned severity (id) provided within their documentation\n  - severity: this the Cisco assigned severity (name) provided within their documentation \n  - risk_score: this is a Gravwell assigned value for dashboards, queries, and alerting purposes\n\nReference(s):\n  - Cisco \n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html\n    - https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs-sev-level.html\n\nUsage: lookup -r cisco_ftd_syslog_messages \u003cmatch the EV containing the cisco_id\u003e cisco_id (cisco_id msg_id description error_msg explanation recommended_action sev_id severity risk_score)",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Size": 838905,
+	"Hash": "Jsg6GJUkL9TY35VuM2jLSg==",
+	"Data": ""
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.meta b/cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.meta
new file mode 100644
index 00000000..8cdba02e
--- /dev/null
+++ b/cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [chart]",
+	"Description": "Displays a chart of event types (error message) by Category, Subcategory \u0026 Severity.\n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "11d63825-1e4f-40ab-ac01-8d53adfdcda7",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.query b/cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.query
new file mode 100644
index 00000000..26cf08ed
--- /dev/null
+++ b/cisco_ftd/searchlibrary/11d63825-1e4f-40ab-ac01-8d53adfdcda7.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (category subcategory severity)
+| stats count by category subcategory severity
+| alias count " "
+| chart " " by category subcategory severity
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.meta b/cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.meta
new file mode 100644
index 00000000..7117c45b
--- /dev/null
+++ b/cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Category \u0026 Subcategory [chart]",
+	"Description": "Displays a chart of event types (error message) by Category \u0026 Subcategory. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "44b010d7-c224-4194-9644-8cdcde33c1b5",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.query b/cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.query
new file mode 100644
index 00000000..7f4d8b74
--- /dev/null
+++ b/cisco_ftd/searchlibrary/44b010d7-c224-4194-9644-8cdcde33c1b5.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (category subcategory)
+| stats count by category subcategory
+| alias count " "
+| chart " " by category subcategory
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.meta b/cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.meta
new file mode 100644
index 00000000..9f4a9c51
--- /dev/null
+++ b/cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Tag [chart]",
+	"Description": "Displays a chart of event types (error message) by Tag. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "49a2863c-e896-4c69-9f15-32bb57664809",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.query b/cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.query
new file mode 100644
index 00000000..2c7691ac
--- /dev/null
+++ b/cisco_ftd/searchlibrary/49a2863c-e896-4c69-9f15-32bb57664809.query
@@ -0,0 +1,4 @@
+tag=$CISCO_FTD 
+| stats count by TAG
+| alias count " "
+| chart " " by TAG
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.meta b/cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.meta
new file mode 100644
index 00000000..11485e63
--- /dev/null
+++ b/cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Tag [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Tag. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "75bbe0bc-a839-40b0-95df-f1955d0453d9",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.query b/cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.query
new file mode 100644
index 00000000..26bb3e08
--- /dev/null
+++ b/cisco_ftd/searchlibrary/75bbe0bc-a839-40b0-95df-f1955d0453d9.query
@@ -0,0 +1,4 @@
+tag=$CISCO_FTD 
+| stats count by TAG
+| alias count " "
+| numbercard " "    
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.meta b/cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.meta
new file mode 100644
index 00000000..e226fcbc
--- /dev/null
+++ b/cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Category, Subcategory \u0026 Severity [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Category, Subcategory \u0026 Severity.\n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "90d24c27-9b9c-4f94-9066-968088a981c7",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.query b/cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.query
new file mode 100644
index 00000000..fc78dacb
--- /dev/null
+++ b/cisco_ftd/searchlibrary/90d24c27-9b9c-4f94-9066-968088a981c7.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (category subcategory severity)
+| stats count by category subcategory severity
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.meta b/cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.meta
new file mode 100644
index 00000000..91470c89
--- /dev/null
+++ b/cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Subcategory. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "96e4c994-6e65-4a9b-99bf-5032380926a8",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.query b/cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.query
new file mode 100644
index 00000000..1183d54c
--- /dev/null
+++ b/cisco_ftd/searchlibrary/96e4c994-6e65-4a9b-99bf-5032380926a8.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (subcategory)
+| stats count by subcategory
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.meta b/cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.meta
new file mode 100644
index 00000000..bd4b74f6
--- /dev/null
+++ b/cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Security - Count by SSLActualAction [chart]",
+	"Description": "Displays a chart of event count by SSLActualAction. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.query b/cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.query
new file mode 100644
index 00000000..f30ce1ad
--- /dev/null
+++ b/cisco_ftd/searchlibrary/a707ee59-8b9f-4c75-b3e0-4ce63c1f45d8.query
@@ -0,0 +1,5 @@
+tag=$CISCO_SECURITY
+$CISCO_SECURITY_EVX
+| stats count by SSLActualAction
+| alias count " "
+| chart " " by SSLActualAction
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.meta b/cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.meta
new file mode 100644
index 00000000..3cf17344
--- /dev/null
+++ b/cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Security - Count by ApplicationProtocol [chart]",
+	"Description": "Displays a chart of event count by ApplicationProtocol. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "aa7015e6-e70f-43d2-960c-dc86cd8735d5",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.query b/cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.query
new file mode 100644
index 00000000..c22ad490
--- /dev/null
+++ b/cisco_ftd/searchlibrary/aa7015e6-e70f-43d2-960c-dc86cd8735d5.query
@@ -0,0 +1,5 @@
+tag=$CISCO_SECURITY
+$CISCO_SECURITY_EVX
+| stats count by ApplicationProtocol
+| alias count " "
+| chart " " by ApplicationProtocol
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.meta b/cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.meta
new file mode 100644
index 00000000..113bd413
--- /dev/null
+++ b/cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Category [chart]",
+	"Description": "Displays a chart of event types (error message) by Category. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "adb28bc0-6bd7-4564-b4d9-3cac9118c39d",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.query b/cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.query
new file mode 100644
index 00000000..ba9a95b6
--- /dev/null
+++ b/cisco_ftd/searchlibrary/adb28bc0-6bd7-4564-b4d9-3cac9118c39d.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (category)
+| stats count by category
+| alias count " "
+| chart " " by category
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.meta b/cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.meta
new file mode 100644
index 00000000..ec5ac6a4
--- /dev/null
+++ b/cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Subcategory [chart]",
+	"Description": "Displays a chart of event types (error message) by Subcategory. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "b223686f-337b-4708-a6d3-6e639cbaa21a",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.query b/cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.query
new file mode 100644
index 00000000..9f5ae22b
--- /dev/null
+++ b/cisco_ftd/searchlibrary/b223686f-337b-4708-a6d3-6e639cbaa21a.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (subcategory)
+| stats count by subcategory
+| alias count " "
+| chart " " by subcategory
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.meta b/cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.meta
new file mode 100644
index 00000000..c90f28b3
--- /dev/null
+++ b/cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Severity. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "c21e1a11-72e8-4661-8409-fea6b856fad5",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.query b/cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.query
new file mode 100644
index 00000000..011cd817
--- /dev/null
+++ b/cisco_ftd/searchlibrary/c21e1a11-72e8-4661-8409-fea6b856fad5.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (severity)
+| stats count by severity
+| alias count " "
+$CISCO_FTD_SEVERITY_ORDER
+| numbercard " " 
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.meta b/cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.meta
new file mode 100644
index 00000000..5b47077b
--- /dev/null
+++ b/cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Category \u0026 Subcategory [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Category \u0026 Subcategory. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "d8399ba2-280c-4a51-bc46-14e4995f320d",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.query b/cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.query
new file mode 100644
index 00000000..7422a776
--- /dev/null
+++ b/cisco_ftd/searchlibrary/d8399ba2-280c-4a51-bc46-14e4995f320d.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (category subcategory)
+| stats count by category subcategory
+| alias count " "
+| numbercard " " 
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.meta b/cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.meta
new file mode 100644
index 00000000..1875d967
--- /dev/null
+++ b/cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Security - Count by SrcIP [chart]",
+	"Description": "Displays a chart of event count by SrcIP. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "d87b5ce9-3c9b-4e77-a569-057872a8a500",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.query b/cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.query
new file mode 100644
index 00000000..0a987053
--- /dev/null
+++ b/cisco_ftd/searchlibrary/d87b5ce9-3c9b-4e77-a569-057872a8a500.query
@@ -0,0 +1,5 @@
+tag=$CISCO_SECURITY
+$CISCO_SECURITY_EVX
+| stats count by SrcIP
+| alias count " "
+| chart " " by SrcIP
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.meta b/cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.meta
new file mode 100644
index 00000000..3f4f88bc
--- /dev/null
+++ b/cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Category [numbercard]",
+	"Description": "Displays a numbercard of event types (error message) by Category. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "da83d755-35ff-455b-8e27-fa2fa36af4fe",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.query b/cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.query
new file mode 100644
index 00000000..a2ca65dd
--- /dev/null
+++ b/cisco_ftd/searchlibrary/da83d755-35ff-455b-8e27-fa2fa36af4fe.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (category)
+| stats count by category
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.meta b/cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.meta
new file mode 100644
index 00000000..a5ff0722
--- /dev/null
+++ b/cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Security - Count by DstIP [chart]",
+	"Description": "Displays a chart of event count by DstIP. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "e79f7735-b1c3-4bb0-94d5-4a66feeae168",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.query b/cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.query
new file mode 100644
index 00000000..dbca60fa
--- /dev/null
+++ b/cisco_ftd/searchlibrary/e79f7735-b1c3-4bb0-94d5-4a66feeae168.query
@@ -0,0 +1,5 @@
+tag=$CISCO_SECURITY
+$CISCO_SECURITY_EVX
+| stats count by DstIP
+| alias count " "
+| chart " " by DstIP
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.meta b/cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.meta
new file mode 100644
index 00000000..f24d1a30
--- /dev/null
+++ b/cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Security - Count by Tag [chart]",
+	"Description": "Displays a chart of event types (error message) by Tag. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.query b/cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.query
new file mode 100644
index 00000000..f678d493
--- /dev/null
+++ b/cisco_ftd/searchlibrary/f6e8836d-35d9-4c35-b8b3-3e0a993aa9e2.query
@@ -0,0 +1,4 @@
+tag=$CISCO_SECURITY 
+| stats count by TAG
+| alias count " "
+| chart " " by TAG
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.meta b/cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.meta
new file mode 100644
index 00000000..ab383d19
--- /dev/null
+++ b/cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.meta
@@ -0,0 +1,12 @@
+{
+	"Name": "Search - Cisco - FTD - Firewall - Event Types - Count by Severity [chart]",
+	"Description": "Displays a chart of event types (error message) by Severity. \n\nReference(s):\n- Cisco Firepower Threat Defense (FTD)\n\t- [Cisco Firepower Threat Defense (FTD) Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD About This Guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide.html)\n\t- [Cisco FTD Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html)\n\t- [Cisco FTD Security Event Message IDs](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_87698)\n\t- [Cisco FTD Intrusion Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91459)\n\t- [Cisco FTD Connection and Security Intelligence Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_91299)\n\t- [Cisco FTD File and Malware Event Field Descriptions](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_77539)\n\t- [Cisco FTD History for Security Event Syslog Messages](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/security-event-syslog-messages.html#id_105507)\n\t- [Cisco FTD Syslog Messages 101001 to 199021](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs1.html)\n\t- [Cisco FTD Syslog Messages 201002 to 219002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs2.html)\n\t- [Cisco FTD Syslog Messages 302003 to 341011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs3.html)\n\t- [Cisco FTD Syslog Messages 401001 to 450002](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs4.html)\n\t- [Cisco FTD Syslog Messages 500001 to 520025](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs5.html)\n\t- [Cisco FTD Syslog Messages 602101 to 622102](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs6.html)\n\t- [Cisco FTD Syslog Messages 701001 to 714011](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs7.html)\n\t- [Cisco FTD Syslog Messages 715001 to 721019](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs8.html)\n\t- [Cisco FTD Syslog Messages 722001 to 776254](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs9.html)\n\t- [Cisco FTD Syslog Messages 778001 to 8300006](https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/fptd_syslog_guide/syslogs10.html)",
+	"GUID": "fe8d2808-b1f6-40cc-b388-d2f08806a5a1",
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	],
+	"Metadata": {
+		"timeframe": null
+	}
+}
\ No newline at end of file
diff --git a/cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.query b/cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.query
new file mode 100644
index 00000000..d8f6b96c
--- /dev/null
+++ b/cisco_ftd/searchlibrary/fe8d2808-b1f6-40cc-b388-d2f08806a5a1.query
@@ -0,0 +1,5 @@
+tag=$CISCO_FTD ax 
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (severity)
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.meta b/cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.meta
new file mode 100644
index 00000000..30f013df
--- /dev/null
+++ b/cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "02453c60-0220-4ec1-a26c-fb26c72c508c",
+	"Name": "Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Authentication events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.query b/cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.query
new file mode 100644
index 00000000..c8f91cbe
--- /dev/null
+++ b/cisco_ftd/template/02453c60-0220-4ec1-a26c-fb26c72c508c.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_AUTH ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.meta b/cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.meta
new file mode 100644
index 00000000..a48ec254
--- /dev/null
+++ b/cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "039e3c93-204a-4f68-9e02-443cc39169e4",
+	"Name": "Template - Cisco - FTD - Firewall - System - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of System events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.query b/cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.query
new file mode 100644
index 00000000..02425e2c
--- /dev/null
+++ b/cisco_ftd/template/039e3c93-204a-4f68-9e02-443cc39169e4.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_SYSTEM ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.meta b/cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.meta
new file mode 100644
index 00000000..456a14e3
--- /dev/null
+++ b/cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "075e2192-37ae-41ce-9190-a13e2bcf3d1f",
+	"Name": "Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Threat events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.query b/cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.query
new file mode 100644
index 00000000..f206a30d
--- /dev/null
+++ b/cisco_ftd/template/075e2192-37ae-41ce-9190-a13e2bcf3d1f.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_THREAT ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.meta b/cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.meta
new file mode 100644
index 00000000..a1b11c03
--- /dev/null
+++ b/cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "085b0270-ed97-4948-b8b7-1362a29721b5",
+	"Name": "Template - Cisco - FTD - Firewall - Events - Event Count by Severity [chart]",
+	"Description": "Displays a chart of events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.query b/cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.query
new file mode 100644
index 00000000..1244d15f
--- /dev/null
+++ b/cisco_ftd/template/085b0270-ed97-4948-b8b7-1362a29721b5.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_EVENTS ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.meta b/cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.meta
new file mode 100644
index 00000000..bc2efd51
--- /dev/null
+++ b/cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "0fdb9df1-441a-461e-bbf5-5d434dbdae70",
+	"Name": "Template - Cisco - FTD - Firewall - Security - Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Security Events performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.query b/cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.query
new file mode 100644
index 00000000..8f29dc2c
--- /dev/null
+++ b/cisco_ftd/template/0fdb9df1-441a-461e-bbf5-5d434dbdae70.query
@@ -0,0 +1,10 @@
+tag=$CISCO_SECURITY
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_SECURITY_EVX
+| regex -p -e DATA "(?<user>%%user%%)"
+| regex -e DATA "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| sort by _severity_order
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.meta b/cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.meta
new file mode 100644
index 00000000..c2897e21
--- /dev/null
+++ b/cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "1f24de97-1e5c-43f4-8cd7-177524dcd8e8",
+	"Name": "Template - Cisco - FTD - Firewall - Authentication - Events by User and/or IP [table]",
+	"Description": "Displays a table of Authentication events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.query b/cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.query
new file mode 100644
index 00000000..7e67cfab
--- /dev/null
+++ b/cisco_ftd/template/1f24de97-1e5c-43f4-8cd7-177524dcd8e8.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_AUTH ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.meta b/cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.meta
new file mode 100644
index 00000000..df1712cc
--- /dev/null
+++ b/cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "29d2f863-d259-486d-90cc-e2fb1e79aa13",
+	"Name": "Template - Cisco - FTD - Firewall - Security - Event Count by TAG [chart]",
+	"Description": "Displays a chart of Security Events by TAG performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.query b/cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.query
new file mode 100644
index 00000000..dbabfb01
--- /dev/null
+++ b/cisco_ftd/template/29d2f863-d259-486d-90cc-e2fb1e79aa13.query
@@ -0,0 +1,5 @@
+tag=$CISCO_SECURITY
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+| stats count by TAG
+| alias count " "
+| chart " " by TAG
\ No newline at end of file
diff --git a/cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.meta b/cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.meta
new file mode 100644
index 00000000..30a2ee10
--- /dev/null
+++ b/cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "34b167be-27dd-4cf5-9e08-0eb320b3d446",
+	"Name": "Template - Cisco - FTD - Firewall - File - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Files Events by severity performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.query b/cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.query
new file mode 100644
index 00000000..acc146d4
--- /dev/null
+++ b/cisco_ftd/template/34b167be-27dd-4cf5-9e08-0eb320b3d446.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_FILE
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_FTD_FILE_EVX
+| regex -p -e DATA "(?<user>%%user%%)"
+| regex -e DATA "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.meta b/cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.meta
new file mode 100644
index 00000000..4f6d0aa5
--- /dev/null
+++ b/cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "55b3c1f4-02ae-4879-bbdb-a59c1d2e562a",
+	"Name": "Template - Cisco - FTD - Firewall - VPN - Events by User and/or IP [table]",
+	"Description": "Displays a table of VPN events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.query b/cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.query
new file mode 100644
index 00000000..4df8297a
--- /dev/null
+++ b/cisco_ftd/template/55b3c1f4-02ae-4879-bbdb-a59c1d2e562a.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_VPN ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.meta b/cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.meta
new file mode 100644
index 00000000..60073d23
--- /dev/null
+++ b/cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "55d3b87e-37cf-4afb-86a2-d3e74694ef22",
+	"Name": "Template - Cisco - FTD - Firewall - Intrusion - Events by User and/or IP [table]",
+	"Description": "Displays a table of Intrusion Events performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.query b/cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.query
new file mode 100644
index 00000000..94e416bb
--- /dev/null
+++ b/cisco_ftd/template/55d3b87e-37cf-4afb-86a2-d3e74694ef22.query
@@ -0,0 +1,14 @@
+tag=$CISCO_FTD_INTRUSION
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_FTD_INTRUSION_EVX
+| regex -p -e DATA "(?<user>%%user%%)"
+| regex -e DATA "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| alias 
+    IngressInterface SrcInterface 
+    IngressZone SrcZone
+    EgressInterface DstInterface 
+    EgressZone DstZone
+    severity Severity
+    SSLActualAction Action
+| table timestamp FirstPacketSecond User SrcIP SrcPort SrcInterface SrcZone DstIP DstPort DstInterface DstZone Action URI Message
\ No newline at end of file
diff --git a/cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.meta b/cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.meta
new file mode 100644
index 00000000..e4fb6f1e
--- /dev/null
+++ b/cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "573dc727-4a09-4614-bf5a-4da54d7bf33a",
+	"Name": "Template - Cisco - FTD - Firewall - Threat - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Threat events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.query b/cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.query
new file mode 100644
index 00000000..eb406836
--- /dev/null
+++ b/cisco_ftd/template/573dc727-4a09-4614-bf5a-4da54d7bf33a.query
@@ -0,0 +1,7 @@
+tag=$CISCO_FTD_THREAT ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| alias count " "
+| numbercard " "
\ No newline at end of file
diff --git a/cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.meta b/cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.meta
new file mode 100644
index 00000000..7d389ea5
--- /dev/null
+++ b/cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "73333f31-0a91-48ac-8d74-4c042a47d7bf",
+	"Name": "Template - Cisco - FTD - Firewall - Combined - Event Count by Severity [chart]",
+	"Description": "Displays a chart of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.query b/cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.query
new file mode 100644
index 00000000..d7a0c5d8
--- /dev/null
+++ b/cisco_ftd/template/73333f31-0a91-48ac-8d74-4c042a47d7bf.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.meta b/cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.meta
new file mode 100644
index 00000000..825109ff
--- /dev/null
+++ b/cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "7ce003ec-c88f-48e7-b252-35fbf7d39997",
+	"Name": "Template - Cisco - FTD - Firewall - Intrusion - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Intrusion Events by severity performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.query b/cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.query
new file mode 100644
index 00000000..80ec8fa6
--- /dev/null
+++ b/cisco_ftd/template/7ce003ec-c88f-48e7-b252-35fbf7d39997.query
@@ -0,0 +1,7 @@
+tag=$CISCO_FTD_INTRUSION
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_FTD_INTRUSION_EVX
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.meta b/cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.meta
new file mode 100644
index 00000000..8e611fc5
--- /dev/null
+++ b/cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "8cd23b13-862b-487d-b8d6-5dc0b11c4c0d",
+	"Name": "Template - Cisco - FTD - Firewall - Malware - Events by User and/or IP [table]",
+	"Description": "Displays a table of Malware Events performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.query b/cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.query
new file mode 100644
index 00000000..77817690
--- /dev/null
+++ b/cisco_ftd/template/8cd23b13-862b-487d-b8d6-5dc0b11c4c0d.query
@@ -0,0 +1,19 @@
+tag=$CISCO_FTD_MALWARE
+$CISCO_FTD_MALWARE_EVX
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -p -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| alias
+    SrcIP Src
+    DstIP Dst
+    FileName Name
+    FileType Type
+    FileAction Action
+    FileDirection Direction
+    FilePolicy Policy
+    FileSHA256 SHA256
+    FileSize Size
+    FileStorageStatus StorageState
+    SSLActualAction SSLAction
+| table timestamp FirstPacketSecond User Src SrcPort Dst DstPort Name Type Action SSLAction SHA256 Size StorageState Direction Policy URI ThreatName ThreatScore
\ No newline at end of file
diff --git a/cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.meta b/cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.meta
new file mode 100644
index 00000000..90511894
--- /dev/null
+++ b/cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "8f985b19-f67e-48e8-af69-e8a33756c988",
+	"Name": "Template - Cisco - FTD - Firewall - Combined - Events by User and/or IP [table]",
+	"Description": "Displays a table of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.query b/cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.query
new file mode 100644
index 00000000..dcb11947
--- /dev/null
+++ b/cisco_ftd/template/8f985b19-f67e-48e8-af69-e8a33756c988.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.meta b/cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.meta
new file mode 100644
index 00000000..cb4fc58e
--- /dev/null
+++ b/cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "95219292-01db-4917-be7b-aedac9e180dc",
+	"Name": "Template - Cisco - FTD - Firewall - File - Events by User and/or IP [table]",
+	"Description": "Displays a table of File Events performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.query b/cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.query
new file mode 100644
index 00000000..4e4a3a00
--- /dev/null
+++ b/cisco_ftd/template/95219292-01db-4917-be7b-aedac9e180dc.query
@@ -0,0 +1,17 @@
+tag=$CISCO_FTD_FILE
+$CISCO_FTD_FILE_EVX
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -p -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| alias
+    FileName Name
+    FileType Type
+    FileAction Action
+    FileDirection Direction
+    FilePolicy Policy
+    FileSHA256 SHA256
+    FileSize Size
+    FileStorageStatus StorageState
+    SSLActualAction SSLAction
+| table timestamp FirstPacketSecond User SrcIP SrcPort DstIP DstPort Name Type Action SSLAction SHA256 Size StorageState Direction Policy URI
\ No newline at end of file
diff --git a/cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.meta b/cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.meta
new file mode 100644
index 00000000..4560cae6
--- /dev/null
+++ b/cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "9a11072f-cbe0-4365-b228-def2e0847c01",
+	"Name": "Template - Cisco - FTD - Firewall - Connection - Events by User and/or IP [table]",
+	"Description": "Displays a table of Connection Events performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.query b/cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.query
new file mode 100644
index 00000000..27a9321f
--- /dev/null
+++ b/cisco_ftd/template/9a11072f-cbe0-4365-b228-def2e0847c01.query
@@ -0,0 +1,16 @@
+tag=$CISCO_FTD_CONN
+$CISCO_FTD_CONN_EVX
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -p -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| alias 
+    IngressZone SrcZone
+    EgressZone DstZone
+    severity Severity
+    ACPolicy Policy
+    "Prefilter Policy" Prefilter
+    AccessControlRuleAction Action
+    AccessControlRuleReason Reason
+$CISCO_NORMALIZE_DIRECTION
+| table timestamp FirstPacketSecond User SrcIP SrcPort SrcZone DstIP DstPort DstZone EventPriority Policy Prefilter Action Reason Direction
\ No newline at end of file
diff --git a/cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.meta b/cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.meta
new file mode 100644
index 00000000..50e57edd
--- /dev/null
+++ b/cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "a228d48f-333f-4a2f-bd5a-e8e27a569d61",
+	"Name": "Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [chart]",
+	"Description": "Displays a chart of VPN events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.query b/cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.query
new file mode 100644
index 00000000..c93d3e71
--- /dev/null
+++ b/cisco_ftd/template/a228d48f-333f-4a2f-bd5a-e8e27a569d61.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_VPN ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.meta b/cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.meta
new file mode 100644
index 00000000..eb46e5a6
--- /dev/null
+++ b/cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "a420dbb4-8bd3-4681-9fca-e9a30dbde982",
+	"Name": "Template - Cisco - FTD - Firewall - Security - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Security Events by severity performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.query b/cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.query
new file mode 100644
index 00000000..084e942a
--- /dev/null
+++ b/cisco_ftd/template/a420dbb4-8bd3-4681-9fca-e9a30dbde982.query
@@ -0,0 +1,9 @@
+tag=$CISCO_SECURITY
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_SECURITY_EVX
+| regex -p -e DATA "(?<user>%%user%%)"
+| regex -e DATA "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.meta b/cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.meta
new file mode 100644
index 00000000..4aaf194e
--- /dev/null
+++ b/cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "a6c91109-88b9-4a56-bdb2-563fdbdf3f06",
+	"Name": "Template - Cisco - FTD - Firewall - Config - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Config events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.query b/cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.query
new file mode 100644
index 00000000..1244d15f
--- /dev/null
+++ b/cisco_ftd/template/a6c91109-88b9-4a56-bdb2-563fdbdf3f06.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_EVENTS ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.meta b/cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.meta
new file mode 100644
index 00000000..a7b8c238
--- /dev/null
+++ b/cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "ad54a83b-4452-49bb-b7b4-60b3e278ab48",
+	"Name": "Template - Cisco - FTD - Firewall - Traffic - Events by User and/or IP [table]",
+	"Description": "Displays a table of Traffic events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.query b/cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.query
new file mode 100644
index 00000000..64082735
--- /dev/null
+++ b/cisco_ftd/template/ad54a83b-4452-49bb-b7b4-60b3e278ab48.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_TRAFFIC ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.meta b/cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.meta
new file mode 100644
index 00000000..5553ef71
--- /dev/null
+++ b/cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f",
+	"Name": "Template - Cisco - FTD - Firewall - Config - Events by User and/or IP [table]",
+	"Description": "Displays a table of Config events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.query b/cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.query
new file mode 100644
index 00000000..3fa69b06
--- /dev/null
+++ b/cisco_ftd/template/b4141bd3-e5d1-48b4-9a8e-4ae1d614e65f.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_CONFIG ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.meta b/cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.meta
new file mode 100644
index 00000000..2bfd24ff
--- /dev/null
+++ b/cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "b5006de7-61c4-4158-b8e2-4c0f6cbd11f8",
+	"Name": "Template - Cisco - FTD - Firewall - Events - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "\u0026\u0026"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.query b/cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.query
new file mode 100644
index 00000000..6cbea7e9
--- /dev/null
+++ b/cisco_ftd/template/b5006de7-61c4-4158-b8e2-4c0f6cbd11f8.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_EVENTS ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.meta b/cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.meta
new file mode 100644
index 00000000..4e959040
--- /dev/null
+++ b/cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "b7960811-47a5-4fba-b0d9-639052e426e0",
+	"Name": "Template - Cisco - FTD - Firewall - System - Event Count by Severity [chart]",
+	"Description": "Displays a chart of System events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.query b/cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.query
new file mode 100644
index 00000000..ed7b52a1
--- /dev/null
+++ b/cisco_ftd/template/b7960811-47a5-4fba-b0d9-639052e426e0.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_SYSTEM ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.meta b/cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.meta
new file mode 100644
index 00000000..3e3fc6c2
--- /dev/null
+++ b/cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09",
+	"Name": "Template - Cisco - FTD - Firewall - Config - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Config events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.query b/cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.query
new file mode 100644
index 00000000..9e7a0dad
--- /dev/null
+++ b/cisco_ftd/template/c35ffd0d-fad5-4c04-add8-f3e1bc1d0f09.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_CONFIG ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.meta b/cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.meta
new file mode 100644
index 00000000..f55d2227
--- /dev/null
+++ b/cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "c74ca09a-4833-4255-868f-79c41fa1db66",
+	"Name": "Template - Cisco - FTD - Firewall - Connection - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Connection Events by severity performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.query b/cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.query
new file mode 100644
index 00000000..f6be70b4
--- /dev/null
+++ b/cisco_ftd/template/c74ca09a-4833-4255-868f-79c41fa1db66.query
@@ -0,0 +1,7 @@
+tag=$CISCO_FTD_CONN
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_FTD_CONN_EVX
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.meta b/cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.meta
new file mode 100644
index 00000000..4c58712e
--- /dev/null
+++ b/cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "d0712c55-49b5-4aa4-8392-a23eef6f92a8",
+	"Name": "Template - Cisco - FTD - Firewall - Events - Events by User and/or IP [table]",
+	"Description": "Displays a table of events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.query b/cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.query
new file mode 100644
index 00000000..a7adcf52
--- /dev/null
+++ b/cisco_ftd/template/d0712c55-49b5-4aa4-8392-a23eef6f92a8.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_EVENTS ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.meta b/cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.meta
new file mode 100644
index 00000000..50cdb01d
--- /dev/null
+++ b/cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "d61a67de-3562-460e-9c3e-95b69b27c9b3",
+	"Name": "Template - Cisco - FTD - Firewall - VPN - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of VPN events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.query b/cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.query
new file mode 100644
index 00000000..d47ada70
--- /dev/null
+++ b/cisco_ftd/template/d61a67de-3562-460e-9c3e-95b69b27c9b3.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_VPN ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.meta b/cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.meta
new file mode 100644
index 00000000..5cc78827
--- /dev/null
+++ b/cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "d8e6ccdb-eca3-4e65-a8bb-feee724b78b4",
+	"Name": "Template - Cisco - FTD - Firewall - Security - Events by User and/or IP [table]",
+	"Description": "Displays a table of Security Events performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.query b/cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.query
new file mode 100644
index 00000000..6b0adfe1
--- /dev/null
+++ b/cisco_ftd/template/d8e6ccdb-eca3-4e65-a8bb-feee724b78b4.query
@@ -0,0 +1,14 @@
+tag=$CISCO_SECURITY
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_SECURITY_EVX
+$CISCO_NORMALIZE_DIRECTION
+| regex -p -e DATA "(?<user>%%user%%)"
+| regex -e DATA "(?<ip>%%ip%%)"
+
+| alias 
+    ACPolicy Policy
+    "Prefilter Policy" PrefilterPolicy
+    AccessControlRuleAction Action
+    AccessControlRuleReason Reason
+
+| table TAG timestamp User SrcIP SrcPort DstIP DstPort Direction Policy PrefilterPolicy Action Reason
\ No newline at end of file
diff --git a/cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.meta b/cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.meta
new file mode 100644
index 00000000..c4d75f76
--- /dev/null
+++ b/cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "da038943-250c-4907-a73b-ce6cf00246af",
+	"Name": "Template - Cisco - FTD - Firewall - System - Events by User and/or IP [table]",
+	"Description": "Displays a table of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.query b/cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.query
new file mode 100644
index 00000000..8d173235
--- /dev/null
+++ b/cisco_ftd/template/da038943-250c-4907-a73b-ce6cf00246af.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_SYSTEM ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.meta b/cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.meta
new file mode 100644
index 00000000..28d92967
--- /dev/null
+++ b/cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "dda4d8e9-e845-410e-b105-fe0928573033",
+	"Name": "Template - Cisco - FTD - Firewall - Authentication - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Authentication events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.query b/cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.query
new file mode 100644
index 00000000..5ab12a7d
--- /dev/null
+++ b/cisco_ftd/template/dda4d8e9-e845-410e-b105-fe0928573033.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_AUTH ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.meta b/cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.meta
new file mode 100644
index 00000000..35bb6282
--- /dev/null
+++ b/cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "e32ea44e-483b-48bb-a58e-5cc68eb3487c",
+	"Name": "Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Traffic events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.query b/cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.query
new file mode 100644
index 00000000..469d730d
--- /dev/null
+++ b/cisco_ftd/template/e32ea44e-483b-48bb-a58e-5cc68eb3487c.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_TRAFFIC ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.meta b/cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.meta
new file mode 100644
index 00000000..765d1e94
--- /dev/null
+++ b/cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "eeacd085-5bd8-4784-8f0c-0f63f74b5377",
+	"Name": "Template - Cisco - FTD - Firewall - Threat - Events by User and/or IP [table]",
+	"Description": "Displays a table of Threat events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.query b/cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.query
new file mode 100644
index 00000000..db9c1d2f
--- /dev/null
+++ b/cisco_ftd/template/eeacd085-5bd8-4784-8f0c-0f63f74b5377.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_THREAT ax
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+| regex -e msg "(?<user>%%user%%)"
+| regex -e msg "(?<ip>%%ip%%)"
+| eval ciscoId = appliance + "-" + severity + "-" + msgid;
+$CISCO_FTD_SEVERITY
+| lookup -r cisco_ftd_syslog_messages msgid msg_id (description)
+| stats count 
+| table timestamp user ip msg severity ciscoId description
\ No newline at end of file
diff --git a/cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.meta b/cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.meta
new file mode 100644
index 00000000..eb1b0217
--- /dev/null
+++ b/cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "f540cb33-74bc-4f30-ad22-4e430728ab67",
+	"Name": "Template - Cisco - FTD - Firewall - Traffic - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of Traffic events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.query b/cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.query
new file mode 100644
index 00000000..2e41437d
--- /dev/null
+++ b/cisco_ftd/template/f540cb33-74bc-4f30-ad22-4e430728ab67.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD_TRAFFIC ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file
diff --git a/cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.meta b/cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.meta
new file mode 100644
index 00000000..e853569c
--- /dev/null
+++ b/cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "f5864c31-63a7-4c44-8fdd-56fccb53a40a",
+	"Name": "Template - Cisco - FTD - Firewall - Malware - Event Count by Severity [chart]",
+	"Description": "Displays a chart of Malware Events by severity performed by the specified user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			},
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.query b/cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.query
new file mode 100644
index 00000000..43e65f0c
--- /dev/null
+++ b/cisco_ftd/template/f5864c31-63a7-4c44-8fdd-56fccb53a40a.query
@@ -0,0 +1,9 @@
+tag=$CISCO_FTD_MALWARE
+| eval (DATA ~ "%%user%%" %%boolean%% DATA ~ "%%ip%%")
+$CISCO_FTD_MALWARE_EVX
+| regex -p -e DATA "(?<user>%%user%%)"
+| regex -e DATA "(?<ip>%%ip%%)"
+$CISCO_FTD_SEVERITY
+| stats count by severity
+| alias count " "
+| chart " " by severity
\ No newline at end of file
diff --git a/cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.meta b/cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.meta
new file mode 100644
index 00000000..fb5bfa68
--- /dev/null
+++ b/cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.meta
@@ -0,0 +1,37 @@
+{
+	"UUID": "fc47d511-2fb8-4822-8a4b-85b84e6ca581",
+	"Name": "Template - Cisco - FTD - Firewall - Combined - Event Count by Severity [numbercard]",
+	"Description": "Displays a numbercard of all events performed by the user and/or ip.",
+	"Data": {
+		"variables": [
+			{
+				"name": "%%user%%",
+				"label": "User",
+				"description": "This is the user that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%ip%%",
+				"label": "IP Address",
+				"description": "This is the ip address that you're investigating.",
+				"required": true,
+				"defaultValue": ".",
+				"previewValue": "."
+			},
+			{
+				"name": "%%boolean%%",
+				"label": "boolean",
+				"description": "AND (\u0026\u0026), OR (||)",
+				"required": true,
+				"defaultValue": "||",
+				"previewValue": "||"
+			}
+		]
+	},
+	"Labels": [
+		"cisco",
+		"cisco ftd"
+	]
+}
\ No newline at end of file
diff --git a/cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.query b/cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.query
new file mode 100644
index 00000000..8d785b48
--- /dev/null
+++ b/cisco_ftd/template/fc47d511-2fb8-4822-8a4b-85b84e6ca581.query
@@ -0,0 +1,6 @@
+tag=$CISCO_FTD ax msg severity
+| eval (msg ~ "%%user%%" %%boolean%% msg ~ "%%ip%%")
+$CISCO_FTD_SEVERITY
+| sort by _severity_order
+| stats count by severity
+| numbercard (count "")
\ No newline at end of file