TMEF Alert Event Logs

Views:

TMEF Key	Description	Value
Header (logVer)	TMEF format version	CEF: 0
Header (vendor)	Appliance vendor	Trend Micro
Header (pname)	Appliance product	Deep Discovery Analyzer
Header (pver)	Appliance version	Example: 6.0.0.1001
Header (eventid)	Event ID	300105
Header (eventName)	Description	ALERT_EVENT
Header (severity)	Severity	2: Informational 6: Important 8: Critical
dvc	Appliance IP address	Example: IPV4: 192.168.10.1 IPv6: 2620:0101:4009:0401::1
deviceMacAddress	Appliance MAC address	Example:00:0D:60:AF:1B:61
dvchost	Appliance host name	Example: DDAN
deviceGUID	Appliance GUID	Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
rt	Event logged	Example: Mar 03 2016 16:28:20 GMT+08:00
ruleName	Rule name	Example: High Memory Usage
cs1Label	Affected Appliance label	"affectedAppliance"
cs1	Affected Appliance	Example: DDAN.com ( 10.204.1.2 \| FE80:: 29FF:29FF: 29FF: 29FF )
cs2Label	Subject label	"subject"
cs2	Subject	Example: DDAN Important Alert - High Memory Usage
cs3Label	Message label	"ruleContent"
cs3	Message	Message content

Log sample:

CEF: 0|Trend Micro|Deep Discovery Analyzer|6.0.0.1119|300105
|ALERT_EVENT|6|rt=Nov 07 2017 08:39:54 GMT+00:00 dvc=10.204.
1.1 dvchost=DDAN deviceMacAddress=00:0C:29:2F:3B:6B deviceGU
ID=423E63AA-D466-406E-A15F-6AC6F3CEE50A ruleName=High CPU Us
age cs1Label=affectedAppliance cs1=DDAN ( 10.204.1.1 | FE80:
:20C:29FF:FE2F:1B6B ) cs2Label=subject cs2=DDAN Important Al
ert - High CPU Usage cs3Label=ruleContent cs3=The average CP
U usage in the last 5 minutes exceeded the threshold of 90%.
\n\nAverage CPU usage: 96%\nAffected appliance: DDAN (10.204
.1.1 | FE80::20C:29FF:FE2F:1B6B)\n\nReduce the number of Vir
tual Analyzer instances, or add a secondary appliance to imp
rove performance.\n\n\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\
=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\nAlert time: 2017-11-07 08:3
9:54\nManagement console: https://10.204.1.1/ | https://[FE8
0::20C:29FF:FE2F:1B6B]/