Syslog Files
The Cybereason platform writes events to a syslog to share information with your ecosystem.
In this topic:
Available Syslog files
The Cybereason platform adds messages to the syslog using the CEF (Common Event Format) to the following syslog files when various events occur in your Cybereason platform:
Log |
Log file name |
Triggering event |
Location |
---|---|---|---|
Malop syslog |
syslog.log |
When a Malop is generated or updated |
Detection servers |
Malware syslog |
syslog.log |
When a malware alert is generated or updated Note Since Malware alerts also cause the creation of a Endpoint Protection MalOp, you will find them both in this same syslog.log file as AI Hunting MalOps. |
WebApp server |
User Audit syslog |
userAuditSyslog.log |
When a Cybereason user performs an action |
WebApp server |
See Syslog Messages for details on the syslog messages in the logs you download.
Retrieve syslog files
Users with the System Admin role can download the MalOp and User Audit syslog files.
MalOp syslog
To download the MalOp syslog, navigate to the System > Overview screen and click Fetch logs.
When you click this option, the platform downloads all logs for the selected Detection Server server. The MalOp syslog (syslog.log) is included among them. You can select which server to display from the drop down on the left of the Overview screen.
Note
In larger environments, the server logs may be very large (e.g. >10 GB) and may take a long time to download or timeout during download. Ask Technical Support for an alternative method of fetching the Malop syslog in this case.
User Audit logs
To download User Audit logs, navigate to the Users screen and click Download action logs.
The downloaded .zip file includes:
One or more log files of recent activity (latest 20MB of user action data)
Additionally zipped log files (to save space)