LEEF System Events Logs
|
LEEF Key
|
Description
|
Value
|
|
Header (logVer)
|
LEEF format version
|
1.0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Analyzer
|
|
Header (pver)
|
Appliance version
|
Example: 6.0.0.1001
|
|
Header (eventName)
|
Event name
|
|
|
sev
|
Severity
|
3: Informational
|
|
dvc
|
Appliance IP address
|
Example: 192.168.10.1
|
|
deviceMacAddress
|
Appliance MAC address
|
Example:00:0D:60:AF:1B:61
|
|
dvchost
|
Appliance host name
|
Examples: DDAN
|
|
deviceGUID
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
devTime
|
Event logged
|
Example: Mar 03 2016 16:28:20 GMT+08:00
|
|
devTimeFormat
|
Time format
|
MMM dd yyyy HH:mm:ss z
|
|
eventType
|
Event type
|
|
|
duser
|
User Name
|
Example: admin
|
|
msg
|
Details
|
Example:Updates: Component update settings modified by 'admin' from
10.64.54.159.
|
|
src
|
IPV4 /IPv6 source address
|
Example: 192.168.100.100
|
|
shost
|
Source hostname
|
Example: shost1
|
|
outcome
|
Result status
|
|
Log sample:
LEEF: 1.0|Trend Micro|Deep Discovery Analyzer|6.0.0.1119|SYS TEM_EVENT|devTime=Nov 07 2017 10:08:30 GMT+00:00<009>devTime Format=MMM dd yyyy HH:mm:ss z<009>sev=3<009>dvc=10.204.1.1<0 09>dvchost=DDAN<009>deviceMacAddress=00:0C:29:2F:3B:6B<009>d eviceGUID=423E63AA-D466-406E-A15F-6AC6F3CEE50A<009>eventType =System Setting<009>duser=admin<009>src=10.204.1.2<009>msg=L og Settings: Settings modified by 'admin' from 10.204.1.2<00 9>outcome=Success