Syslog Messages

This section describes the syslog messages, including their format, the events that trigger them, and extension fields.

Messages in the Cybereason syslog files are formatted according to the ArcSight Common Event Format (CEF) . The messages consist of the following:

Message part	Details
Syslog prefix	The syslog prefix contains a timestamp, the IPv4 address or host name of the system that sends the event, and the name of the component that writes the message. Example: <134>Sep 30 09:26:20 server-detection01 syslogLogger CEF:0|Cybereason|Cybereason||Malop|Malop Created|10|cs1Label=malopId
CEF header	The CEF header is a pipe delimited (|) set of values identifying the following: CEF version Vendor Product Product version Event class Event name Severity Example: CEF:0|Cybereason|Cybereason||Malop|Malop Created|10|
Extension fields	The Extension fields contain predefined and custom fields, logged as key-value pairs.

For details on the events connected in the CEF header, see Syslog Messages - Events and Severity.

For details on the syslog extension fields, see Syslog Messages - Extension Fields.