Basically, I need to group my 2 events (built and teardown) in cisco ASA format by 2 fields (event,duration) the event field created will show no. of events combined which would be 2 (machine login and connection break). The duration field will show the total connection duration.
duration = Time for breakdown event - connection built event.
I tried stats and some other transactions but its not working. please advise.
1. built event: Aug 7 15:47:23 10.1.1.99 Aug 07 2007 15:47:23 10.1.1.99 : %ASA-6-302013: Built inbound TCP connection 3120967 for outside:126.96.36.199/46303 (188.8.131.52/46303) to inside:192.168.1.150/25 (184.108.40.206/25)
breakdown event: Aug 7 15:47:25 10.1.1.99 Aug 07 2007 15:47:25 10.1.1.99 : %ASA-6-302014: Teardown TCP connection 3120967 for outside:220.127.116.11/46303 to inside:192.168.1.150/25 duration 0:00:01 bytes 450 TCP FINs
What is the best way to do this?
... View more