CEF System Event Logs
|
CEF Key
|
Description
|
Value
|
|
Header (logVer)
|
CEF format version
|
CEF: 0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Analyzer
|
|
Header (pver)
|
Appliance version
|
Example: 6.0.0.1001
|
|
Header (eventid)
|
Event ID
|
|
|
Header (eventName)
|
Description
|
Example:Updates: Component update settings modified by 'admin' from
192.168.10.2.
|
|
Header (severity)
|
Severity
|
3: Informational
|
|
dvc
|
Appliance IP address
|
Example: IPV4: 192.168.10.1
|
|
devmac
|
Appliance Mac address
|
Example: 00:0D:60:AF:1B:61
|
|
dvchost
|
Appliance host name
|
Example: DDAN
|
|
deviceExternalId
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
rt
|
Log generation time
|
Example: Mar 03 2016 16:28:20 GMT+08:00
|
|
cs1Label
|
Event type label
|
eventType
|
|
cs1
|
Event type
|
Example: Account Logon/Logoff
|
|
duser
|
User name
|
Example: admin
|
|
src
|
Source IPv4 address
|
Example: IPV4:192.168.10.1
|
|
c6a2Label
|
Source IPv6 address label
|
srcIPv6
|
|
c6a2
|
Source IPv6 address
|
Example: 2620:0101:4002:0401::131
|
|
shost
|
Source host name
|
Example: shost1
|
|
outcome
|
Result status
|
|
Log sample:
CEF: 0|Trend Micro|Deep Discovery Analyzer|6.0.0.1119|3009 99|Log Settings: Settings modified by 'admin' from 10.204. 1.2|3|rt=Nov 07 2017 10:05:58 GMT+00:00 dvc=10.204.1.1 dvc host=DDAN dvcmac=00:0C:29:2F:3B:6B deviceExternalId=423E63A A-D466-406E-A15F-6AC6F3CEE50A cs1Label=eventType cs1=System Setting duser=admin src=10.204.1.2 outcome=Success