|
Field type |
Field name |
Description |
Example value |
|---|---|---|---|
|
CEF header |
CEF:Version |
CEF version. |
CEF:0 |
|
Device Vendor |
Product vendor. |
UserGate |
|
|
Device Product |
Product type. |
NGFW |
|
|
Device Version |
Product version. |
7 |
|
|
Source |
Log name. |
syslog |
|
|
Name |
Source type. |
log |
|
|
Threat Level |
Threat level. |
Available values: from 1 to 10 (the set threat level multiplied by 2). |
|
|
CEF [extension] |
rt |
Time when the event was received (in milliseconds since January 1, 1970). |
1701085036026 |
|
deviceExternalId |
The unique name of the device that generated the event. |
||
|
msg |
The event description. |
[3603:3603:1128/175000.938565:ERROR:CONSOLE(6)] "console.assert", source: devtools://devtools/bundled/devtools-frontend/front_end/panels/console/console.js (6) |
|
|
cn1Label |
Indicates the source type of Syslog events. For more information about Syslog facility values, see RFC 5424. |
Facility |
|
|
cn1 |
Syslog event source type. Example: user-level messages. |
1 |
|
|
cs1Label |
Indicates the name of the device where the event occurred. |
Hostname |
|
|
cs1 |
The name of the computer where the event occurred. |
node1 |
|
|
cs2Label |
Indicates the application that caused the event. |
Tag |
|
|
cs2 |
The application that caused the event. |
org.gnome.Shell.desktop |
|
|
cs3Label |
Indicates the process ID of the event. |
ProcessID |
|
|
cs3 |
PID of the process triggering the event. |
3036 |
|
|
cs4Label |
Indicates that a rule was triggered. |
Rule |
|
|
cs4 |
Name of the rule triggered to cause the event. |
Example - Allow user-level messages |