Specific log message formats CEF amd LEEF. (4282885)

サポートと今すぐチャット

戻る

フィードバックを送信しました

この記事は課題解決に役立ちましたか?

評価を選択

タイトル

Specific log message formats CEF amd LEEF.
説明

This document describes specific log message formats Common Event Format (CEF) and LEEF.
対策
Notes
- Log messages that use any syslog format with specific message part can be received and forwarded with the network() or syslog() driver.
- Specific log messages can be generated by using template() function at the destination configuration. The implementation is out of the scope of support.
CEF
- BSD syslog format
Jan 18 11:07:53 host message
- Specific message part
CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension
- Example log
SYSLOG HEADER CEF SPECIFIC MESSAGE PART
Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2 spt=1232
For more information see attached format guide for Common Event Format (CEF).
LEEF
- BSD syslog format
Jan 18 11:07:53 host message
- Specific message part
LEEF:Version|Vendor|Product|Version|EventID|Event attributes
- Example log
SYSLOG HEADER LEEF SPECIFIC MESSAGE PART
Sep 19 08:26:10 host LEEF:1.0|Microsoft|Exchange|2013|Login Event|cat=Failed
For more information see attached format guide QRadar Leef.
添付ファイル

Leef_format_guide
Cef_format_guide

フィードバックを送信しました

この記事は課題解決に役立ちましたか?

評価を選択

推奨コンテンツ

製品：: syslog-ng Premium Edition
7.0.23, 7.0.22, 7.0.21, 7.0.20, 7.0.19, 7.0.18, 7.0.17, 7.0.16, 7.0.14, 7.0.13, 7.0.12, 7.0.11, 7.0.10, 7.0.9, 6.0.19, 6.0.18, 6.0.17, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 5, 4, 3; syslog-ng Store Box
6.3.0, 6.2.0, 6.1.0, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 4.0.7, 4.9.1, 4.8.1, 4.7.0, 4.6.0, 4.5.0, 4.4.0, 4.3.3a, 4.2.1, 5, 4, 3

タイトル