Syslog Messages
This section describes the syslog messages, including their format, the events that trigger them, and extension fields.
Messages in the Cybereason syslog files are formatted according to the ArcSight Common Event Format (CEF) . The messages consist of the following:
Message part |
Details |
---|---|
Syslog prefix |
The syslog prefix contains a timestamp, the IPv4 address or host name of the system that sends the event, and the name of the component that writes the message. Example: <134>Sep 30 09:26:20 server-detection01 syslogLogger CEF:0|Cybereason|Cybereason||Malop|Malop Created|10|cs1Label=malopId
|
CEF header |
The CEF header is a pipe delimited (|) set of values identifying the following:
Example: CEF:0|Cybereason|Cybereason||Malop|Malop Created|10|
|
Extension fields |
The Extension fields contain predefined and custom fields, logged as key-value pairs. |
For details on the events connected in the CEF header, see Syslog Messages - Events and Severity.
For details on the syslog extension fields, see Syslog Messages - Extension Fields.