Anshu,
It is a standalone install. The files do not have a .txt extension.
Sample Event:
This is from the ASA itself. Unfortunately, I've already violated my license, so I cannot search anymore.
Jun 07 2016 16:27:30: %ASA-6-106100: access-list access-Inside-in permitted tcp Inside/X.X.X.X.(52455) -> Outside/X.X.X.X(443) hit-cnt 1 first hit [0x8741ea3f, 0x4eba6142]
Jun 07 2016 16:27:30: %ASA-6-106100: access-list access-Inside-in permitted tcp Inside/X.X.X.X(52456) -> Outside/X.X.X.X(443) hit-cnt 1 first hit [0x8741ea3f, 0x4eba6142]
Jun 07 2016 16:27:30: %ASA-6-106100: access-list access-Inside-in permitted tcp Inside/X.X.X.X(52457) -> Outside/ X.X.X.X (443) hit-cnt 1 first hit [0x8741ea3f, 0x4eba6142]
Jun 07 2016 16:27:30: %ASA-6-106100: access-list access-Inside-in permitted tcp Inside/ X.X.X.X (52458) -> Outside/ X.X.X.X (443) hit-cnt 1 first hit [0x8741ea3f, 0x4eba6142]
Jun 07 2016 16:27:30: %ASA-6-106100: access-list access-Inside-in permitted tcp Inside/ X.X.X.X (2443) -> Outside/ X.X.X.X (80) hit-cnt 1 first hit [0x8741ea3f, 0x44de932b]
Jun 07 2016 16:27:30: %ASA-6-106100: access-list access-Inside-in permitted tcp Inside/ X.X.X.X (4178) -> Outside/ X.X.X.X (80) hit-cnt 1 first hit [0x8741ea3f, 0x44de932b]
Jun 07 2016 16:27:30: %ASA-6-106100: access-list access-Inside-in denied udp Inside/ X.X.X.X (42030) -> Outside/ X.X.X.X (53) hit-cnt 1 first hit [0x36396194, 0x0]
So I'm trying to filter out anything with the event id matching 106100 and containing Built or Teardown or permitted.
Thanks,
Phil
... View more