|
CEF Key |
Description |
Value |
|---|---|---|
|
Header (logVer) |
CEF format version |
CEF:0 |
|
Header (vendor) |
Appliance vendor |
Trend Micro |
|
Header (pname) |
Appliance product |
Apex Central |
|
Header (pver) |
Appliance version |
2019 |
|
Header (eventid) |
Event ID |
700211 |
|
Header (eventName) |
Log name |
Managed Product Logon/Logoff Events |
|
Header (severity) |
Severity |
3 |
|
deviceExternalId |
ID |
Example: "38" |
|
deviceFacility |
Product name |
Example: "ScanMail for Microsoft Exchange" |
|
cs1Label |
Corresponding label for the "cs1" field |
Product_Version |
|
cs1 |
Product version |
Example: "14" |
|
cn1Label |
Corresponding label for the "cn1" field |
Command_Status |
|
cn1 |
Command status |
Example: "110" |
|
msg |
Detailed event information |
Example: "Sample Message" |
|
shost |
Product server name |
Example: "SMEX01" |
Log sample:
CEF:0|Trend Micro|Apex Central|2019|700211|Managed Product L ogon/Logoff Events|3|deviceExternalId=11 shost=SMEX01 device Facility=ScanMail for Microsoft Exchange cs1Label=Product_Ve rsion cs1=14 cn1Label=Command_Status cn1=110 msg=A user with the Administrator role(s) has logged on. Detail Information :UserName:TEST2013\\administrator,IP address:10.204.166.127, EventType:Log in/out,SourceType:SMEX UI. #015