CEF Pattern Update Status Logs | Trend Micro Service Central

Views:

CEF Key	Description	Value
Header (logVer)	CEF format version	CEF:0
Header (vendor)	Product vendor	Trend Micro
Header (pname)	Product name	Apex Central
Header (pver)	Product version	2019
Header (eventid)	Event ID	800101
Header (eventName)	Log name	Pattern Update Status
Header (severity)	Severity	3
rt	Event trigger time in UTC	Example: Mar 22 2018 08:23:23 GMT+00:00
shost	Product Entity/Endpoint	Example: shost1
cs1Label	Corresponding label for the cs1 field	Operating System
cs1	Operating system	Example: Windows 7
cs2Label	Corresponding label for the cs2 field	Product/Endpoint IP
cs2	Product/Endpoint IP	Example: 10.0.7.20
cs3Label	Corresponding label for the cs3 field	Update Agent
cs3	Update Agent	Example: 0
cs4Label	Corresponding label for the cs4 field	Domain
cs4	Domain	Example: Default
cn1Label	Corresponding label for the cn1 field	Connection Status
cn1	Connection status	Example: 100 0: Unable to connect 1: Active 2: Inactive 100: Product active 101: Product inactive but agent is active 102: Roaming
cn2Label	Corresponding label for the cn2 field	Pattern/Rule
cn2	Pattern/Rule	Example: 2048
cs5Label	Corresponding label for the cs5 field	Pattern/Rule Version
cs5	Pattern/Rule version	Example: 1548
cn3Label	Corresponding label for the cn3 field	Pattern/Rule Status
cn3	Pattern/Rule status	Example: 1 1: Up-to-date 2: 1 version old 3: 2 versions old 4: 3 versions old 5: 4 versions old 6: 5 versions old 7: 6 or more versions old
cs6Label	Corresponding label for the cs6 field	AUComponent_Type
cs6	ActiveUpdate component type	Example: 2 2: Pattern
deviceFacility	Managed product name	Example: Apex One
msg	Pattern type display name	Example: "Virus Pattern"
deviceNtDomain	Active Directory domain	Example: APEXTMCM
dntdom	Apex One domain hierarchy	Example: OSCEDomain1
ApexCentralHost	Apex Central host name	Example: TW-CHRIS-W2019
devicePayloadId	Unique message GUID	Example: 1C00290C0360-9CDE11EB-D4B8-F51F-C697

Log sample:

CEF:0|Trend Micro|Apex Central|2019|800101|Pattern Update 
Status|3|rt=Nov 02 2017 12:46:44 GMT+00:00 shost=shost1 cs1L
abel=Operating_System cs1=Windows 7  cs2Label=Product/Endpoi
nt_IP cs2=10.0.7.20 cs3Label=Update_Agent cs3=0 cs4Label=Dom
ain cs4=Default cn1Label=Connection_Status cn1=100 cn2Label=
Pattern/Rule cn2=2048 cs5Label=Pattern/Rule_Version cs5=1548
 cn3Label=Pattern/Rule_Status cn3=1 cs6Label=AUComponent_Typ
e cs6=2 deviceFacility=Apex One deviceNtDomain=APEXTMCM dntd
om=OSCEDomain1

Keywords: Pattern Update Status