TMEF System Event Logs
|
TMEF Key
|
Description
|
Value
|
|
Header (logVer)
|
TMEF format version
|
CEF: 0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Analyzer
|
|
Header (pver)
|
Appliance version
|
Example: 6.0.0.1001
|
|
Header (eventid)
|
Event ID
|
|
|
Header (eventName)
|
Description
|
|
|
Header (severity)
|
Severity
|
3: Informational
|
|
dvc
|
Appliance IP address
|
Example: 192.168.10.1
|
|
deviceMacAddress
|
Appliance MAC address
|
Example: 00:0D:60:AF:1B:61
|
|
dvchost
|
Appliance host name
|
Example: DDAN
|
|
deviceGUID
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
rt
|
Event logged
|
Example: Mar 03 2016 16:28:20 GMT+08:00
|
|
cs1Label
|
Event type label
|
"eventType"
|
|
cs1
|
Event type
|
|
|
duser
|
User Name
|
Example: admin
|
|
msg
|
Details
|
Example:Updates: Component update settings modified by 'admin' from
192.168.10.2.
|
|
src
|
IPV4 source address
|
Example: 192.168.100.100
|
|
c6a2Label
|
IPV6 address label
|
"srcIPv6"
|
|
c6a2
|
IPV6 address
|
Example: 2001:db8::1
|
|
shost
|
Source hostname
|
Example: shost1
|
|
outcome
|
Result status
|
|
Log sample:
CEF: 0|Trend Micro|Deep Discovery Analyzer|6.0.0.1119|300999 |SYSTEM_EVENT|3|rt=Nov 07 2017 10:05:58 GMT+00:00 dvc=10.204 .1.1 dvchost=DDAN deviceMacAddress=00:0C:29:2F:3B:6B deviceG UID=423E63AA-D466-406E-A15F-6AC6F3CEE50A cs1Label=eventType cs1=System Setting duser=admin src=10.204.1.2 msg=Log Settin gs: Settings modified by 'admin' from 10.204.1.2 outcome=Suc cess