TMEF System Logs
|
TMEF Key
|
Description
|
Value
|
|
Header (logVer)
|
TMEF format version
|
CEF: 0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Inspector
|
|
Header (pver)
|
Appliance version
|
Example: 3.8.1181
|
|
Header (eventid)
|
Signature ID
|
|
|
Header (eventName)
|
Event Name
|
|
|
Header (severity)
|
Severity
|
Example: 2
|
|
deviceGUID
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
deviceMacAddress
|
Appliance MAC address
|
Example: 00:0C:29:6E:CB:F9
|
|
duser
|
Action by
|
Example: admin
|
|
dvc
|
Appliance IP address
|
Example: 10.1.144.199
|
|
dvchost
|
Appliance host name
|
Example: localhost
|
|
engType
|
Engine name
|
Example: Advanced Threat Scan Engine for Deep Discovery
(Linux, 64-bit)
|
|
engVer
|
Engine version
|
Example: 10.300.1040
|
|
msg
|
Description
|
Example: The web console timeout setting has been changed.
|
|
outcome
|
Outcome
|
Example: Success
|
|
patType
|
Pattern name
|
Example: Deep Discovery Malware Pattern
|
|
patVer
|
Pattern version
|
Example: 14.271.92
|
|
ptype
|
Application type
|
IDS
|
|
rt
|
Log generation time
|
Example: Mar 09 2015 17:05:21 GMT+08:00
|
|
src
|
User IP address
|
Example: 10.1.1.1
|
Log sample:
CEF:0|Trend Micro|Deep Discovery Inspector |3.85.1156|300999|SYSTEM_EVENT|2|ptype=IDS dvc=172.22.9.12 deviceMacAddress=00:50:56: AD:CC:EE dvchost=localhostdeviceGUID= DBD38FFC70B4-41C792BE-D671-0040-8B1D rt=Mar 10 2017 17:03:31 GMT+08:00 msg=The threat detection setting has been changed. duser=admin outcome=Success src=172.17.0.250