Views:

CEF Key

Description

Value

Header (logVer)

CEF format version

CEF:0

Header (vendor)

Product vendor

Trend Micro

Header (pname)

Product name

Apex Central

Header (pver)

Product version

2019

Header (eventid)

Event ID

800101

Header (eventName)

Log name

Pattern Update Status

Header (severity)

Severity

3

rt

Event trigger time in UTC

Example: "Mar 22 2018 08:23:23 GMT+00:00"

shost

Product Entity/Endpoint

Example: "shost1"

cs1Label

Corresponding label for the "cs1" field

"Operating System"

cs1

Operating system

Example: "Windows 7"

cs2Label

Corresponding label for the "cs2" field

"Product/Endpoint IP"

cs2

Product/Endpoint IP

Example: "10.0.7.20"

cs3Label

Corresponding label for the "cs3" field

"Update Agent"

cs3

Update Agent

Example: "0"

cs4Label

Corresponding label for the "cs4" field

"Domain"

cs4

Domain

Example: "Default"

cn1Label

Corresponding label for the "cn1" field

"Connection Status"

cn1

Connection status

Example: "100"

  • 0: Unable to connect

  • 1: Active

  • 2: Inactive

  • 100: Product active

  • 101: Product inactive but agent is active

  • 102: Roaming

cn2Label

Corresponding label for the "cn2" field

"Pattern/Rule"

cn2

Pattern/Rule

Example: "2048"

cs5Label

Corresponding label for the "cs5" field

"Pattern/Rule Version"

cs5

Pattern/Rule version

Example: "1548"

cn3Label

Corresponding label for the "cn3" field

"Pattern/Rule Status"

cn3

Pattern/Rule status

Example: "1"

  • 1: Up-to-date

  • 2: 1 version old

  • 3: 2 versions old

  • 4: 3 versions old

  • 5: 4 versions old

  • 6: 5 versions old

  • 7: 6 or more versions old

cs6Label

Corresponding label for the "cs6" field

"AUComponent_Type"

cs6

ActiveUpdate component type

Example: "2"

  • 2: Pattern

deviceFacility

Managed product name

Example: "Apex One"

msg

Pattern type display name

Example: "Virus Pattern"

deviceNtDomain

Active Directory domain

Example: APEXTMCM

dntdom

Apex One domain hierarchy

Example: OSCEDomain1

ApexCentralHost

Apex Central host name

Example: TW-CHRIS-W2019

devicePayloadId

Unique message GUID

Example: 1C00290C0360-9CDE11EB-D4B8-F51F-C697

Log sample:

CEF:0|Trend Micro|Apex Central|2019|800101|Pattern Update 
Status|3|rt=Nov 02 2017 12:46:44 GMT+00:00 shost=shost1 cs1L
abel=Operating_System cs1=Windows 7  cs2Label=Product/Endpoi
nt_IP cs2=10.0.7.20 cs3Label=Update_Agent cs3=0 cs4Label=Dom
ain cs4=Default cn1Label=Connection_Status cn1=100 cn2Label=
Pattern/Rule cn2=2048 cs5Label=Pattern/Rule_Version cs5=1548
 cn3Label=Pattern/Rule_Status cn3=1 cs6Label=AUComponent_Typ
e cs6=2 deviceFacility=Apex One deviceNtDomain=APEXTMCM dntd
om=OSCEDomain1