LEEF Alert Event Logs
|
LEEF Key
|
Description
|
Value
|
|
Header (logVer)
|
LEEF format version
|
1.0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Analyzer
|
|
Header (pver)
|
Appliance version
|
Example: 6.0.0.1001
|
|
Header (eventName)
|
Event Name
|
ALERT_EVENT
|
|
sev
|
Severity
|
|
|
dvc
|
Appliance IP address
|
Example:
|
|
deviceMacAddress
|
Appliance MAC address
|
Example: 00:0D:60:AF:1B:61
|
|
dvchost
|
Appliance host name
|
Example: DDAN
|
|
deviceGUID
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
devTime
|
Event logged
|
Example: Mar 03 2016 16:28:20 GMT+08:00
|
|
devTimeFormat
|
Time format
|
MMM dd yyyy HH:mm:ss z
|
|
ruleName
|
Rule name
|
Example: High Memory Usage
|
|
affectedAppliance
|
Affected Appliance
|
Example: DDAN.com ( 10.204.1.1 | FE80:: 29FF:29FF: 29FF: 29FF )
|
|
subject
|
Subject
|
Example: DDAN Important Alert - High Memory Usage
|
|
ruleContent
|
Message
|
Message content
|
Log sample:
LEEF: 1.0|Trend Micro|Deep Discovery Analyzer|6.0.0.1119|ALE RT_EVENT|devTime=Nov 07 2017 08:39:54 GMT+00:00<009>devTimeF ormat=MMM dd yyyy HH:mm:ss z<009>sev=6<009>dvc=10.204.1.1<00 9>dvchost=DDAN<009>deviceMacAddress=00:0C:29:2F:3B:6B<009>de viceGUID=423E63AA-D466-406E-A15F-6AC6F3CEE50A<009>ruleName=H igh CPU Usage<009>affectedAppliance=DDAN ( 10.204.1.1 | FE80 ::20C:29FF:FE2F:1B6B )<009>subject=DDAN Important Alert - Hi gh CPU Usage<009>ruleContent=The average CPU usage in the la st 5 minutes exceeded the threshold of 90%.\n\nAverage CPU u sage: 96%\nAffected appliance: DDAN (10.204.1.1 | FE80::20C: 29FF:FE2F:1B6B)\n\nReduce the number of Virtual Analyzer ins tances, or add a secondary appliance to improve performance. \n\n\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\= \=\=\=\=\=\=\=\nAlert time: 2017-11-07 08:39:54\nManagement console: https://10.204.1.1/ | https://[FE80::20C:29FF:FE2F: 1B6B]/